Bug 6185

Summary: Strange pointer operations in fbCompositeTrans_0888xnx0888 (pixman/src/fbpict.c)
Product: cairo Reporter: Ken Herron <kherron+cairo>
Component: generalAssignee: Carl Worth <cworth>
Status: RESOLVED FIXED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: normal    
Priority: high    
Version: 1.1.1   
Hardware: All   
OS: All   
URL: http://gitweb.freedesktop.org/?p=cairo;a=blob;hb=HEAD;f=pixman/src/fbpict.c#l1154
Whiteboard:
i915 platform: i915 features:

Description Ken Herron 2006-03-09 05:09:57 UTC 
This was flagged by a coverity scan of the mozilla source code. In
pixman/src/fbpict.c around line 1154, there's a switch statement:

    switch(!(long)dst&3)
    {
         case 1: ...
         case 2: ...
         case 3: ...
    }

|dst| here is a pointer. The switch expression makes no sense; !anything will
always evaluate to 0 or 1 so the "2" and "3" cases are unreachable.  The
programmer probably meant |~(long)dst&3| or |(long)dst&3|.

A similar construct appears around line 1230 involving the variable |src|.
Comment 1 Carl Worth 2006-03-14 08:23:26 UTC 
This is now fixed in 1.1.1 and 1.0.3.

-Carl

diff-tree 5d89faf6b37bb0367c8ba8f8637fc80bd745c888 (from
6f0d8eedc504e8af2224c502be25dc82b5df70f4)
Author: Carl Worth <cworth@cworth.org>
Date:   Mon Mar 13 13:20:29 2006 -0800

    fbCompositeTrans_0888xnx0888: Fix suspicious logical negation of pointer value.

    Surely, the ! instead of ~ here was just a typo. I'd feel better if I
    had a failing test case for this though, (time to break out gcov
    again).

    Fixes bug #6185:

        Strange pointer operations in fbCompositeTrans_0888xnx0888
(pixman/src/fbpict.c)
        https://bugs.freedesktop.org/show_bug.cgi?id=6185

diff --git a/pixman/src/fbpict.c b/pixman/src/fbpict.c
index e074174..ef7f4e2 100644
--- a/pixman/src/fbpict.c
+++ b/pixman/src/fbpict.c
@@ -1151,7 +1151,7 @@ fbCompositeTrans_0888xnx0888(pixman_oper
                                setupPackedReader(ws,wt,isrc,wsrc,workingSource);

                                /* get to word aligned */
-                               switch(!(long)dst&3)
+                               switch(~(long)dst&3)
                                {
                                        case 1:
                                                readPackedSource(rs);
@@ -1227,7 +1227,7 @@ fbCompositeTrans_0888xnx0888(pixman_oper
                                srcLine += srcStride;
                                w = width*3;
                                /* get to word aligned */
-                               switch(!(long)src&3)
+                               switch(~(long)src&3)
                                {
                                        case 1:
                                                rd=alphamaskCombine24(*src++,
*dst)>>8;

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.