From e8075179e0fe2a620c9b478590b33c65c979fa61 Mon Sep 17 00:00:00 2001
From: Simon McVittie <[EMAIL REDACTED]>
Date: Thu, 18 Jan 2024 19:40:40 +0000
Subject: [PATCH] testautomation_surface: Really make width * bpp overflow
A surface of width (0x7fff'ffff) / 2 = 0x3fff'ffff is not quite large
enough to make the pitch overflow in the way we wanted to test here:
with a 32-bit format, that makes each row 0xffff'fffc bytes, which
(just) fits in a 32-bit unsigned size_t. Increasing it to 0x4000'0000
pixels per row is enough to trigger the overflow we intended to test.
In SDL 2, this test bug was hidden by the fact that allocating
0xffff'fffc bytes on a 32-bit platform is very likely to fail, and SDL 2
reported both "malloc() failed" and "this amount of memory is too large
for a size_t" with the same error code.
Signed-off-by: Simon McVittie <smcv@collabora.com>
---
test/testautomation_surface.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/test/testautomation_surface.c b/test/testautomation_surface.c
index 8289e9ccf5e3..ef6f332feb54 100644
--- a/test/testautomation_surface.c
+++ b/test/testautomation_surface.c
@@ -772,7 +772,8 @@ int surface_testOverflow(void *arg)
SDLTest_AssertCheck(surface == NULL, "Should detect overflow in width + alignment");
SDLTest_AssertCheck(SDL_strcmp(SDL_GetError(), expectedError) == 0,
"Expected \"%s\", got \"%s\"", expectedError, SDL_GetError());
- surface = SDL_CreateRGBSurfaceWithFormat(0, SDL_MAX_SINT32 / 2, 1, 32, SDL_PIXELFORMAT_ARGB8888);
+ /* 0x4000'0000 * 4bpp = 0x1'0000'0000 which (just) overflows */
+ surface = SDL_CreateRGBSurfaceWithFormat(0, 0x40000000, 1, 32, SDL_PIXELFORMAT_ARGB8888);
SDLTest_AssertCheck(surface == NULL, "Should detect overflow in width * bytes per pixel");
SDLTest_AssertCheck(SDL_strcmp(SDL_GetError(), expectedError) == 0,
"Expected \"%s\", got \"%s\"", expectedError, SDL_GetError());