|
![](/i/fill.gif) |
While working on a partial image reading patch, I came accross the
following bug in POVRay:
In jpeg_pov.cpp, around line 405, the code reads:
-------------------<jpeg_pov.cpp:405>---------------------------------
bufptr->row_stride = w * 3;
bufptr->row_pointer[0] = (JSAMPROW)POV_MALLOC(
bufptr->row_stride * w, "JPEG line buffer");
----------------------------------------------------------------------
And some lines below:
-------------------<jpeg_pov.cpp:636>---------------------------------
/* JSAMPLEs per row in output buffer */
bufptr.row_stride =
bufptr.cinfo.output_width * bufptr.cinfo.output_components;
/* Make a one-row-high sample array */
bufptr.row_pointer[0] = (JSAMPROW)POV_MALLOC(
bufptr.row_stride * width, "JPEG line buffer");
----------------------------------------------------------------------
Both chunks of code contain the same stupid bug which causes excessive
memory consumption:
row_stride is the amount of memory in bytes needed for one ROW in the
image. What is being done here is allocating this amount of memory for
EVERY ROW in the image.
This means that for bpp bytes per pixel, we end up allocating
width*width*bpp bytes
where only
width*bpp bytes
are needed! [In my case that meant 768Mb instead of 50kb.]
Please apply the following patch:
-------------------<jpeg_pov.cpp:405>---------------------------------
bufptr->row_stride = w * 3;
bufptr->row_pointer[0] = (JSAMPROW)POV_MALLOC(
bufptr->row_stride, "JPEG line buffer");
----------------------------------------------------------------------
-------------------<jpeg_pov.cpp:636>---------------------------------
/* JSAMPLEs per row in output buffer */
bufptr.row_stride =
bufptr.cinfo.output_width * bufptr.cinfo.output_components;
/* Make a one-row-high sample array */
bufptr.row_pointer[0] = (JSAMPROW)POV_MALLOC(
bufptr.row_stride, "JPEG line buffer");
----------------------------------------------------------------------
This modification (effectively removing the with multiplication in the
memory allocation size calculation) has been verified to work correctly
by me. Note that row_pointer[0] is always only meant to contain one
single image row, never more.
Regards,
Wolfgang
I hope I can have a look at POVRay's next beta version (linux source
code) real soon.
Post a reply to this message
|
![](/i/fill.gif) |