From 4905cd9c09176bb29d7a734b72a7248d375903a2 Mon Sep 17 00:00:00 2001 From: Sam Lantinga Date: Wed, 30 Nov 2016 22:06:05 -0800 Subject: [PATCH] Fixed bug 3340 - SDL_BlitScaled causes access violation in some cases. Simon Hug The SDL_BlitScaled function runs into an access violation for specific blit coordinates and surface sizes. The attached testcase blits a 800x600 surface to a 1280x720 surface at the coordinates -640,-345 scaled to 1280x720. The blit function that moves the data then runs over and reads after the pixel data from the src surface causing an access violation. I can't say where exactly it goes wrong, but I think it could have something to do with the rounding in SDL_UpperBlitScaled. final_src.y is 288 and final_src.h is 313. Together that's 601, which I believe is one too much, but I just don't know the code enough to make sure that's the problem. Sylvain I think this patch fix the issue, but maybe it's worth re-writing "SDL_UpperBlitScaled" using SDL_FRect. --- src/video/SDL_surface.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/video/SDL_surface.c b/src/video/SDL_surface.c index 9d52e5ca4abd0..a46576bcc000a 100644 --- a/src/video/SDL_surface.c +++ b/src/video/SDL_surface.c @@ -778,8 +778,8 @@ SDL_UpperBlitScaled(SDL_Surface * src, const SDL_Rect * srcrect, final_src.x = (int)SDL_floor(src_x0 + 0.5); final_src.y = (int)SDL_floor(src_y0 + 0.5); - final_src.w = (int)SDL_floor(src_x1 - src_x0 + 1.5); - final_src.h = (int)SDL_floor(src_y1 - src_y0 + 1.5); + final_src.w = (int)SDL_floor(src_x1 + 1 + 0.5) - (int)SDL_floor(src_x0 + 0.5); + final_src.h = (int)SDL_floor(src_y1 + 1 + 0.5) - (int)SDL_floor(src_y0 + 0.5); final_dst.x = (int)SDL_floor(dst_x0 + 0.5); final_dst.y = (int)SDL_floor(dst_y0 + 0.5);