fix possible array overflow bug when smoothing strokes; ready for 1.2.8

serge-rgb · Jan 28, 2017 · bb39572 · bb39572
1 parent 77ab909
commit bb39572
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 19 deletions.
diff --git a/Milton.iss b/Milton.iss
@@ -3,13 +3,13 @@
 
 [Setup]
 AppName=Milton
-AppVersion=1.2.7
+AppVersion=1.2.8
 DefaultDirName={pf}\Milton
 DefaultGroupName=Milton
 ;UninstallDisplayIcon={app}\Milton.exe
 Compression=lzma2
 SolidCompression=yes
-OutputBaseFilename=MiltonSetup_1.2.7_x64
+OutputBaseFilename=MiltonSetup_1.2.8_x64
 ;ArchitecturesAllowed=x64
 ;ArchitecturesInstallIn64BitMode=x64
 

diff --git a/deploy.bat b/deploy.bat
@@ -1,15 +1,18 @@
 if exist OUTPUT goto OUTPUT_EXISTS
 
+set builddir=build\win64-msvc-debug-default
+set sdlbindir=third_party\bin
+
 mkdir OUTPUT
-copy build\Milton.exe OUTPUT\Milton.exe
-copy build\Milton.pdb OUTPUT\Milton.pdb
+copy %builddir%\Milton.exe OUTPUT\Milton.exe
+copy %builddir%\Milton.pdb OUTPUT\Milton.pdb
 copy Milton.iss OUTPUT\Milton.iss
-copy build\SDL2.lib OUTPUT\SDL2.lib
-copy build\SDL2.pdb OUTPUT\SDL2.pdb
+copy %sdlbindir%\SDL2.lib OUTPUT\SDL2.lib
+copy %sdlbindir%\SDL2.pdb OUTPUT\SDL2.pdb
 copy milton_icon.ico OUTPUT\milton_icon.ico
 copy LICENSE.txt OUTPUT\LICENSE.txt
-copy build\Carlito.LICENSE OUTPUT\Carlito.LICENSE
-copy build\Carlito.ttf OUTPUT\Carlito.ttf
+copy %builddir%\Carlito.LICENSE OUTPUT\Carlito.LICENSE
+copy %builddir%\Carlito.ttf OUTPUT\Carlito.ttf
 
 mkdir OUTPUT\Standalone
 copy OUTPUT\Milton.exe OUTPUT\Standalone\

diff --git a/src/hardware_renderer.h b/src/hardware_renderer.h
@@ -76,8 +76,6 @@ void gpu_get_viewport_limits(RenderData* render_data, float* out_viewport_limits
 i32  gpu_get_num_clipped_strokes(Layer* root_layer);
 
 
-
-// TODO: Measure memory consumption of glBufferData and their ilk
 enum CookStrokeOpt
 {
     CookStroke_NEW                   = 0,

diff --git a/src/milton.cc b/src/milton.cc
@@ -202,10 +202,7 @@ milton_stroke_input(MiltonState* milton_state, MiltonInput* input)
         }
 
         // Cleared to be appended.
-        if ( passed_inspection && ws->num_points < STROKE_MAX_POINTS-1 ) {
-            // TODO: Add interpolation points here based on angle between consecutive points.
-            // Once that's added, enable mouse input smoothing.
-
+        if ( passed_inspection && ws->num_points < STROKE_MAX_POINTS ) {
             if ( milton_brush_smoothing_enabled(milton_state) ) {
                 // Stroke smoothing.
                 // Change canvas_point depending on the average of the last `N` points.
@@ -907,10 +904,11 @@ copy_with_smooth_interpolation(Arena* arena, CanvasView* view, Stroke* in_stroke
 
     // At most we are adding twice as many points. This is wasteful but at the moment it looks like
     // a reasonable tradeoff vs the complexity/perf hit of using something smaller.
-    out_stroke->points    = arena_alloc_array(arena, 2*num_points, v2i);
-    out_stroke->pressures = arena_alloc_array(arena, 2*num_points, f32);
 
-    if ( num_points >= 4 ) {
+    if ( num_points >= 4 && 2*num_points <= STROKE_MAX_POINTS ) {
+        out_stroke->points    = arena_alloc_array(arena, 2*num_points, v2i);
+        out_stroke->pressures = arena_alloc_array(arena, 2*num_points, f32);
+
         // Push the first points.
         memcpy(out_stroke->points, in_stroke->points, 4 * sizeof(v2i));
         memcpy(out_stroke->pressures, in_stroke->pressures, 4 * sizeof(f32));
@@ -936,6 +934,10 @@ copy_with_smooth_interpolation(Arena* arena, CanvasView* view, Stroke* in_stroke
                 d = v2i_to_v2f(sub2i(in_stroke->points[i], canvas_center));
             }
 
+            if ( out_i >= STROKE_MAX_POINTS-1 ) {
+                break;  // Keep the stroke from becoming larger than we support.
+            }
+
             float scale = 0.5f;
             v2f p0 = a;
             v2f p1 = sub2f(b, scale2f(sub2f(a, b), scale));
@@ -980,8 +982,11 @@ copy_with_smooth_interpolation(Arena* arena, CanvasView* view, Stroke* in_stroke
 
         out_stroke->num_points = out_i;
     }
-    // Four or less points in stroke.
+    // Four or less points in stroke, or stroke is too large.
     else {
+        out_stroke->points    = arena_alloc_array(arena, num_points, v2i);
+        out_stroke->pressures = arena_alloc_array(arena, num_points, f32);
+
         memcpy(out_stroke->points, in_stroke->points, in_stroke->num_points * sizeof(v2i));
         memcpy(out_stroke->pressures, in_stroke->pressures, in_stroke->num_points * sizeof(f32));
         out_stroke->num_points = in_stroke->num_points;
@@ -1362,6 +1367,8 @@ milton_update_and_render(MiltonState* milton_state, MiltonInput* input)
                     custom_rectangle = rect_union(custom_rectangle, bounds);
                 }
 
+                mlt_assert(new_stroke.num_points > 0);
+                mlt_assert(new_stroke.num_points <= STROKE_MAX_POINTS);
                 auto* stroke = layer_push_stroke(milton_state->canvas->working_layer, new_stroke);
 
                 // Invalidate working stroke render element

diff --git a/src/milton_configuration.h b/src/milton_configuration.h
@@ -35,7 +35,7 @@
 
 #define MILTON_MULTITHREADED 1
 
-#define MILTON_ENABLE_PROFILING 1
+#define MILTON_ENABLE_PROFILING 0
 
 #define REDRAW_EVERY_FRAME 0