From cab8cea0f0b241c9221e220bf53c30c8b212274a Mon Sep 17 00:00:00 2001 From: William Wilgus Date: Wed, 25 Aug 2021 22:18:14 -0400 Subject: [PATCH] lcd_putsxyofs 16 bit lcd_mono_bitmap_part [AS] part duex 'Bugfix' mono_bitmap_part reads ahead in the buffer, if the height is <= char bit pixels other memory gets read found with [Address Sanitizer] also g#3332 since this is clearly a problem across the code instead place the check for height < 8 in the lcd_mono_bitmap_part function second try places the check above the negative y offset this was causing glitches on the Q1 and likely other TS targets since a negative y was added to height it made it < CHAR_BIT setting stride = 0 even though the bitmap was >= CHAR_BIT high Change-Id: I13bb8ab472c2ae61302a6de5d9e2c78243354460 --- firmware/drivers/lcd-16bit-common.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/firmware/drivers/lcd-16bit-common.c b/firmware/drivers/lcd-16bit-common.c index 5ec142c855..25e3b89dc3 100644 --- a/firmware/drivers/lcd-16bit-common.c +++ b/firmware/drivers/lcd-16bit-common.c @@ -330,6 +330,15 @@ void ICODE_ATTR lcd_mono_bitmap_part(const unsigned char *src, int src_x, src_x -= x; x = 0; } + + /* 'Bugfix' mono_bitmap_part reads ahead in the buffer, + * if the height is <= char bit pixels other memory gets read + * the other option is to check in the hot code path but this appears + * sufficient + */ + if (height <= CHAR_BIT) + stride = 0; + if (y < 0) { height += y; @@ -341,13 +350,11 @@ void ICODE_ATTR lcd_mono_bitmap_part(const unsigned char *src, int src_x, if (y + height > LCD_HEIGHT) height = LCD_HEIGHT - y; #endif - src += stride * (src_y >> 3) + src_x; /* move starting point */ src_y &= 7; src_end = src + width; dst_col = FBADDR(x, y); - if (drmode & DRMODE_INVERSEVID) { dmask = 0x1ff; /* bit 8 == sentinel */ @@ -462,14 +469,7 @@ void ICODE_ATTR lcd_mono_bitmap_part(const unsigned char *src, int src_x, /* Draw a full monochrome bitmap */ void lcd_mono_bitmap(const unsigned char *src, int x, int y, int width, int height) { - int stride = width; - - /* 'Bugfix' mono_bitmap_part reads ahead in the buffer, - * if the height is <= char bit pixels other memory gets read - */ - if (height <= CHAR_BIT) - stride = 0; - lcd_mono_bitmap_part(src, 0, 0, stride, x, y, width, height); + lcd_mono_bitmap_part(src, 0, 0, width, x, y, width, height); }