zzag updated this revision to Diff 32789. zzag added a comment.
Fix invalid read of size 1 Valgrind output: ==8054== Invalid read of size 1 ==8054== at 0x1D8818C6: Breeze::BoxShadowHelper::blurAlphaNaivePass(QImage const&, QImage&, QVector<double> const&) (in /home/vlad/KDE/usr/lib64/libbreezecommon.so.5.12.80) ==8054== by 0x1D8819F3: Breeze::BoxShadowHelper::blurAlphaNaive(QImage&, int) (in /home/vlad/KDE/usr/lib64/libbreezecommon.so.5.12.80) ==8054== by 0x1D8822DA: Breeze::BoxShadowHelper::boxShadow(QPainter*, QRect const&, QPoint const&, int, QColor const&) (in /home/vlad/KDE/usr/lib64/libbreezecommon.so.5.12.80) ==8054== by 0x1D60C8CC: Breeze::ShadowHelper::shadowTiles() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so) ==8054== by 0x1D60C341: Breeze::ShadowHelper::loadConfig() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so) ==8054== by 0x1D618B51: Breeze::Style::loadConfiguration() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so) ==8054== by 0x1D613D3E: Breeze::Style::Style() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so) ==8054== by 0x1D63C52F: Breeze::StylePlugin::create(QString const&) (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so) ==8054== by 0x7B18B62: QStyleFactory::create(QString const&) (in /usr/lib/libQt5Widgets.so.5.10.1) ==8054== by 0x7AABA9B: QApplication::style() (in /usr/lib/libQt5Widgets.so.5.10.1) ==8054== by 0x7AABDF5: QApplicationPrivate::initialize() (in /usr/lib/libQt5Widgets.so.5.10.1) ==8054== by 0x7AABE5A: QApplicationPrivate::init() (in /usr/lib/libQt5Widgets.so.5.10.1) ==8054== Address 0x16b332f7 is 3 bytes after a block of size 19,044 alloc'd ==8054== at 0x4C2CEDF: malloc (vg_replace_malloc.c:299) ==8054== by 0x82FDEDA: QImageData::create(QSize const&, QImage::Format) (in /usr/lib/libQt5Gui.so.5.10.1) ==8054== by 0x82FE06C: QImage::QImage(QSize const&, QImage::Format) (in /usr/lib/libQt5Gui.so.5.10.1) ==8054== by 0x82FE0A5: QImage::QImage(int, int, QImage::Format) (in /usr/lib/libQt5Gui.so.5.10.1) ==8054== by 0x1D8819C5: Breeze::BoxShadowHelper::blurAlphaNaive(QImage&, int) (in /home/vlad/KDE/usr/lib64/libbreezecommon.so.5.12.80) ==8054== by 0x1D8822DA: Breeze::BoxShadowHelper::boxShadow(QPainter*, QRect const&, QPoint const&, int, QColor const&) (in /home/vlad/KDE/usr/lib64/libbreezecommon.so.5.12.80) ==8054== by 0x1D60C8CC: Breeze::ShadowHelper::shadowTiles() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so) ==8054== by 0x1D60C341: Breeze::ShadowHelper::loadConfig() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so) ==8054== by 0x1D618B51: Breeze::Style::loadConfiguration() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so) ==8054== by 0x1D613D3E: Breeze::Style::Style() (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so) ==8054== by 0x1D63C52F: Breeze::StylePlugin::create(QString const&) (in /home/vlad/KDE/usr/lib64/plugins/styles/breeze.so) ==8054== by 0x7B18B62: QStyleFactory::create(QString const&) (in /usr/lib/libQt5Widgets.so.5.10.1) The reason: I forgot that the kernel is of size `2 * radius + 1` so when blurAlphaNaivePass convolving near ends it doesn't take 1 into account. Overall, fix looks like this diff --git a/libbreezecommon/breezeboxshadowhelper.cpp b/libbreezecommon/breezeboxshadowhelper.cpp index 625cb26a..17d18ecd 100644 --- a/libbreezecommon/breezeboxshadowhelper.cpp +++ b/libbreezecommon/breezeboxshadowhelper.cpp @@ -118,7 +118,7 @@ void blurAlphaNaivePass(const QImage &src, QImage &dst, const QVector<qreal> &ke } for (int x = src.width() - radius; x < src.width(); x++) { - const uchar *window = in + (x - radius) * alphaStride; + const uchar *window = in + (x - radius - 1) * alphaStride; qreal alpha = 0; const int outside = x + radius - src.width(); for (int k = 0; k < kernel.size() - outside; k++) { REPOSITORY R31 Breeze CHANGES SINCE LAST UPDATE https://phabricator.kde.org/D11198?vs=31846&id=32789 BRANCH arcpatch-D11198 REVISION DETAIL https://phabricator.kde.org/D11198 AFFECTED FILES CMakeLists.txt cmake/Modules/FindFFTW.cmake kstyle/CMakeLists.txt libbreezecommon/CMakeLists.txt libbreezecommon/breezeboxshadowhelper.cpp libbreezecommon/breezeboxshadowhelper.h libbreezecommon/config-breezecommon.h.cmake To: zzag, #breeze, #vdg, hpereiradacosta Cc: broulik, abetts, plasma-devel, ragreen, Pitel, ZrenBot, lesliezhai, ali-mohamed, jensreuterberg, sebas, apol, mart