app_server: bitmap interpolation; fix out-of-bounds access

* Optimized code path for bitmap drawing with bilinear interpolation scaling was assuming that source bitmap is always at least 2 rows in size. * Fixes #12469: in webkit, scaled 1-pixel-high bitmaps often occur. If the bitmap allocation is by chance aligned to a page end, access to the non-existant second row crashes app_server.
haiku · Nov 18, 2015 · 718f352 · 718f352
1 parent 345d9bb
commit 718f352
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/src/servers/app/drawing/Painter/bitmap_painter/DrawBitmapBilinear.h b/src/servers/app/drawing/Painter/bitmap_painter/DrawBitmapBilinear.h
@@ -266,12 +266,17 @@ struct BilinearDefault :
 				const uint16 wRight = 255 - wLeft;
 
 				uint32 t[4];
-				ColorType::Interpolate(&t[0], s, this->fSourceBytesPerRow,
-					wLeft, wTop, wRight, wBottom);
+
+				if (fSource->height() > 1) {
+					ColorType::Interpolate(&t[0], s, this->fSourceBytesPerRow,
+						wLeft, wTop, wRight, wBottom);
+				} else {
+					ColorType::InterpolateLastRow(&t[0], s,  wLeft, wRight);
+				}
 				DrawMode::Blend(d, &t[0]);
 			}
 			// last column of pixels if necessary
-			if (xIndexMax < xIndexR) {
+			if (xIndexMax < xIndexR && fSource->height() > 1) {
 				const uint8* s = src + this->fWeightsX[xIndexR].index;
 				const uint8* sBottom = s + this->fSourceBytesPerRow;