From 3a9ef7ac5cfc8cb086efee3aa01df781ba54aa30 Mon Sep 17 00:00:00 2001 From: John Hodge Date: Mon, 22 Jul 2013 20:12:10 +0800 Subject: [PATCH] Kernel - Fixed crash on setting GUI cursor - Added heaps of assertions to catch bad cursor data --- KernelLand/Kernel/drv/vterm_2d.c | 2 ++ KernelLand/Kernel/drvutil_video.c | 23 +++++++++++++++++++++-- KernelLand/Kernel/include/api_drv_video.h | 6 +++--- 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/KernelLand/Kernel/drv/vterm_2d.c b/KernelLand/Kernel/drv/vterm_2d.c index aadf7a20..3994525f 100644 --- a/KernelLand/Kernel/drv/vterm_2d.c +++ b/KernelLand/Kernel/drv/vterm_2d.c @@ -53,6 +53,8 @@ void VT_int_SetCursorBitmap(tVTerm *Term, int W, int H) } Term->VideoCursor->W = W; Term->VideoCursor->H = H; + Term->VideoCursor->XOfs = 0; + Term->VideoCursor->YOfs = 0; } size_t VT_int_FillCursorBitmap(tVTerm *Term, size_t DataOfs, size_t Length, const void *Data) diff --git a/KernelLand/Kernel/drvutil_video.c b/KernelLand/Kernel/drvutil_video.c index 2bee791f..c8b044e0 100644 --- a/KernelLand/Kernel/drvutil_video.c +++ b/KernelLand/Kernel/drvutil_video.c @@ -350,6 +350,12 @@ int DrvUtil_Video_SetCursor(tDrvUtil_Video_BufInfo *Buf, tVideo_IOCtl_Bitmap *Bi LEAVE('i', -1); return -1; } + ASSERTCR(Bitmap->W, >, 0, -1); + ASSERTCR(Bitmap->H, >, 0, -1); + ASSERTCR(Bitmap->XOfs, <, Bitmap->W, -1); + ASSERTCR(Bitmap->XOfs, >, -Bitmap->W, -1); + ASSERTCR(Bitmap->YOfs, <, Bitmap->H, -1); + ASSERTCR(Bitmap->YOfs, >, -Bitmap->H, -1); // Don't take a copy of the DrvUtil provided cursor if( Bitmap == &gDrvUtil_TextModeCursor ) @@ -407,8 +413,18 @@ void DrvUtil_Video_DrawCursor(tDrvUtil_Video_BufInfo *Buf, int X, int Y) Y -= Buf->CursorBitmap->YOfs; // Get the width of the cursor on screen (clipping to right/bottom edges) - render_w = X > Buf->Width - Buf->CursorBitmap->W ? Buf->Width - X : Buf->CursorBitmap->W; - render_h = Y > Buf->Height - Buf->CursorBitmap->H ? Buf->Height - Y : Buf->CursorBitmap->H; + ASSERTC(Buf->Width, >, 0); + ASSERTC(Buf->Height, >, 0); + ASSERTC(Buf->CursorBitmap->W, >, 0); + ASSERTC(Buf->CursorBitmap->H, >, 0); + + render_w = MIN(Buf->Width - X, Buf->CursorBitmap->W); + render_h = MIN(Buf->Height - Y, Buf->CursorBitmap->H); + //render_w = X > Buf->Width - Buf->CursorBitmap->W ? Buf->Width - X : Buf->CursorBitmap->W; + //render_h = Y > Buf->Height - Buf->CursorBitmap->H ? Buf->Height - Y : Buf->CursorBitmap->H; + + ASSERTC(render_w, >=, 0); + ASSERTC(render_h, >=, 0); // Clipp to left/top edges if(X < 0) { render_ox = -X; X = 0; } @@ -447,6 +463,9 @@ void DrvUtil_Video_RenderCursor(tDrvUtil_Video_BufInfo *Buf) if( !Buf->CursorSaveBuf ) Buf->CursorSaveBuf = malloc( Buf->CursorBitmap->W*Buf->CursorBitmap->H*bytes_per_px ); + ASSERTC(render_w, >=, 0); + ASSERTC(render_h, >=, 0); + LOG("Saving back"); // Save behind the cursor for( y = 0; y < render_h; y ++ ) diff --git a/KernelLand/Kernel/include/api_drv_video.h b/KernelLand/Kernel/include/api_drv_video.h index 43d91d79..0d681fee 100644 --- a/KernelLand/Kernel/include/api_drv_video.h +++ b/KernelLand/Kernel/include/api_drv_video.h @@ -217,12 +217,12 @@ typedef struct sVideo_IOCtl_Pos */ typedef struct sVideo_IOCtl_Bitmap { - Sint16 W; //!< Width of image - Sint16 H; //!< Height of image + Uint16 W; //!< Width of image + Uint16 H; //!< Height of image Sint16 XOfs; //!< X Offset of center Sint16 YOfs; //!< Y Offset of center Uint32 Data[]; //!< Image data (ARGB array) -} tVideo_IOCtl_Bitmap; +} PACKED tVideo_IOCtl_Bitmap; /** * \brief Virtual Terminal Representation of a character -- 2.20.1