Commit 4905cd9c09176bb29d7a734b72a7248d375903a2
2016-11-30T22:06:05
Fixed bug 3340 - SDL_BlitScaled causes access violation in some cases. Simon Hug The SDL_BlitScaled function runs into an access violation for specific blit coordinates and surface sizes. The attached testcase blits a 800x600 surface to a 1280x720 surface at the coordinates -640,-345 scaled to 1280x720. The blit function that moves the data then runs over and reads after the pixel data from the src surface causing an access violation. I can't say where exactly it goes wrong, but I think it could have something to do with the rounding in SDL_UpperBlitScaled. final_src.y is 288 and final_src.h is 313. Together that's 601, which I believe is one too much, but I just don't know the code enough to make sure that's the problem. Sylvain I think this patch fix the issue, but maybe it's worth re-writing "SDL_UpperBlitScaled" using SDL_FRect.
diff --git a/src/video/SDL_surface.c b/src/video/SDL_surface.c
index 9d52e5c..a46576b 100644
--- a/src/video/SDL_surface.c
+++ b/src/video/SDL_surface.c
@@ -778,8 +778,8 @@ SDL_UpperBlitScaled(SDL_Surface * src, const SDL_Rect * srcrect,
final_src.x = (int)SDL_floor(src_x0 + 0.5);
final_src.y = (int)SDL_floor(src_y0 + 0.5);
- final_src.w = (int)SDL_floor(src_x1 - src_x0 + 1.5);
- final_src.h = (int)SDL_floor(src_y1 - src_y0 + 1.5);
+ final_src.w = (int)SDL_floor(src_x1 + 1 + 0.5) - (int)SDL_floor(src_x0 + 0.5);
+ final_src.h = (int)SDL_floor(src_y1 + 1 + 0.5) - (int)SDL_floor(src_y0 + 0.5);
final_dst.x = (int)SDL_floor(dst_x0 + 0.5);
final_dst.y = (int)SDL_floor(dst_y0 + 0.5);