From e8075179e0fe2a620c9b478590b33c65c979fa61 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 18 Jan 2024 19:40:40 +0000 Subject: [PATCH] testautomation_surface: Really make width * bpp overflow A surface of width (0x7fff'ffff) / 2 = 0x3fff'ffff is not quite large enough to make the pitch overflow in the way we wanted to test here: with a 32-bit format, that makes each row 0xffff'fffc bytes, which (just) fits in a 32-bit unsigned size_t. Increasing it to 0x4000'0000 pixels per row is enough to trigger the overflow we intended to test. In SDL 2, this test bug was hidden by the fact that allocating 0xffff'fffc bytes on a 32-bit platform is very likely to fail, and SDL 2 reported both "malloc() failed" and "this amount of memory is too large for a size_t" with the same error code. Signed-off-by: Simon McVittie --- test/testautomation_surface.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/testautomation_surface.c b/test/testautomation_surface.c index 8289e9ccf..ef6f332fe 100644 --- a/test/testautomation_surface.c +++ b/test/testautomation_surface.c @@ -772,7 +772,8 @@ int surface_testOverflow(void *arg) SDLTest_AssertCheck(surface == NULL, "Should detect overflow in width + alignment"); SDLTest_AssertCheck(SDL_strcmp(SDL_GetError(), expectedError) == 0, "Expected \"%s\", got \"%s\"", expectedError, SDL_GetError()); - surface = SDL_CreateRGBSurfaceWithFormat(0, SDL_MAX_SINT32 / 2, 1, 32, SDL_PIXELFORMAT_ARGB8888); + /* 0x4000'0000 * 4bpp = 0x1'0000'0000 which (just) overflows */ + surface = SDL_CreateRGBSurfaceWithFormat(0, 0x40000000, 1, 32, SDL_PIXELFORMAT_ARGB8888); SDLTest_AssertCheck(surface == NULL, "Should detect overflow in width * bytes per pixel"); SDLTest_AssertCheck(SDL_strcmp(SDL_GetError(), expectedError) == 0, "Expected \"%s\", got \"%s\"", expectedError, SDL_GetError());