From 49edfc237ba9ae27eee5e915e86989d9ee01b1da Mon Sep 17 00:00:00 2001 From: William Wilgus Date: Fri, 30 Apr 2021 15:10:15 -0400 Subject: [PATCH] lcd_putsxyofs 16 bit lcd_mono_bitmap_part [AS] 'Bugfix' mono_bitmap_part reads ahead in the buffer, if the height is <= char bit pixels other memory gets read found with [Address Sanitizer] also g#3332 since this is clearly a problem across the code instead place the check for height < 8 in the lcd_mono_bitmap_part function Change-Id: I917cbbd568fd5474b76a98c8919467e2538e0f0c --- firmware/drivers/lcd-16bit-common.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/firmware/drivers/lcd-16bit-common.c b/firmware/drivers/lcd-16bit-common.c index 5ec142c855..dbfea50dd7 100644 --- a/firmware/drivers/lcd-16bit-common.c +++ b/firmware/drivers/lcd-16bit-common.c @@ -341,12 +341,18 @@ void ICODE_ATTR lcd_mono_bitmap_part(const unsigned char *src, int src_x, if (y + height > LCD_HEIGHT) height = LCD_HEIGHT - y; #endif - src += stride * (src_y >> 3) + src_x; /* move starting point */ src_y &= 7; src_end = src + width; dst_col = FBADDR(x, y); + /* 'Bugfix' mono_bitmap_part reads ahead in the buffer, + * if the height is <= char bit pixels other memory gets read + * the other option is to check in the hot code path but this appears + * sufficient + */ + if (height <= CHAR_BIT) + stride = 0; if (drmode & DRMODE_INVERSEVID) { @@ -462,14 +468,7 @@ void ICODE_ATTR lcd_mono_bitmap_part(const unsigned char *src, int src_x, /* Draw a full monochrome bitmap */ void lcd_mono_bitmap(const unsigned char *src, int x, int y, int width, int height) { - int stride = width; - - /* 'Bugfix' mono_bitmap_part reads ahead in the buffer, - * if the height is <= char bit pixels other memory gets read - */ - if (height <= CHAR_BIT) - stride = 0; - lcd_mono_bitmap_part(src, 0, 0, stride, x, y, width, height); + lcd_mono_bitmap_part(src, 0, 0, width, x, y, width, height); }