Skip to content
Permalink
Browse files

Fixed bug 3340 - SDL_BlitScaled causes access violation in some cases.

Simon Hug

The SDL_BlitScaled function runs into an access violation for specific blit coordinates and surface sizes. The attached testcase blits a 800x600 surface to a 1280x720 surface at the coordinates -640,-345 scaled to 1280x720. The blit function that moves the data then runs over and reads after the pixel data from the src surface causing an access violation.

I can't say where exactly it goes wrong, but I think it could have something to do with the rounding in SDL_UpperBlitScaled. final_src.y is 288 and final_src.h is 313. Together that's 601, which I believe is one too much, but I just don't know the code enough to make sure that's the problem.

Sylvain

I think this patch fix the issue, but maybe it's worth re-writing "SDL_UpperBlitScaled" using SDL_FRect.
  • Loading branch information
slouken committed Dec 1, 2016
1 parent cb8748b commit 4905cd9c09176bb29d7a734b72a7248d375903a2
Showing with 2 additions and 2 deletions.
  1. +2 −2 src/video/SDL_surface.c
@@ -778,8 +778,8 @@ SDL_UpperBlitScaled(SDL_Surface * src, const SDL_Rect * srcrect,

final_src.x = (int)SDL_floor(src_x0 + 0.5);
final_src.y = (int)SDL_floor(src_y0 + 0.5);
final_src.w = (int)SDL_floor(src_x1 - src_x0 + 1.5);
final_src.h = (int)SDL_floor(src_y1 - src_y0 + 1.5);
final_src.w = (int)SDL_floor(src_x1 + 1 + 0.5) - (int)SDL_floor(src_x0 + 0.5);
final_src.h = (int)SDL_floor(src_y1 + 1 + 0.5) - (int)SDL_floor(src_y0 + 0.5);

final_dst.x = (int)SDL_floor(dst_x0 + 0.5);
final_dst.y = (int)SDL_floor(dst_y0 + 0.5);

0 comments on commit 4905cd9

Please sign in to comment.