[repo.or.cz] gfxprim.git branch master updated: 1.0.0-rc1-163-g01cb569 - Gfxprim

8 Dec 2015

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project gfxprim.git.
The branch, master has been updated
       via  01cb569b20ec2962ccb1f4b845d2f396ad8b08df (commit)
       via  a8f40a07ec88adfc05232ea8b0a1174eeb03384d (commit)
       via  9132111c70875afe910de2c5fa90327c0947d0f4 (commit)
       via  e7663526f7a8ee2ba10dbe1e85758c4ea4b3b12e (commit)
       via  266c9d02b03917a0bfd6bf7c5a2c94cdbaf43ea3 (commit)
       via  ac4d7195b3f0ab79365c831f8c0bf26657d737f4 (commit)
       via  c7f781854b28871c22794e5f43a7625583869edc (commit)
       via  e450ba0813517e753c32371a58aac2c9c3134130 (commit)
       via  e7186b166a3c5847490637818694e61a515341e4 (commit)
       via  b392ec017ad30463f1761a2a66c565417acc153d (commit)
       via  71461948b59b8c7e839bd3b3541678449b8c4451 (commit)
       via  f83e3fc6980bd4cdc1b0151bea961ccfe35aa006 (commit)
       via  39c170a76a85408c85175b434dd0250e7b01d314 (commit)
       via  a5731b6a1f6532ad0b6348f3b198e930ee50f3ea (commit)
      from  f7ec65e213cd4f5b98add6853202db0d6da72578 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://repo.or.cz/gfxprim.git/commit/01cb569b20ec2962ccb1f4b845d2f396ad8b08d...
commit 01cb569b20ec2962ccb1f4b845d2f396ad8b08df
Author: Cyril Hrubis metan@ucw.cz
Date:   Tue Dec 8 15:25:08 2015 +0100
tests: Add 'make afl'
Now all that we need to run the fuzzer is to type 'make afl'.
Signed-off-by: Cyril Hrubis metan@ucw.cz

diff --git a/Makefile b/Makefile
index 2747b51..4d8de96 100644
--- a/Makefile
+++ b/Makefile
@@ -40,4 +40,14 @@ tar:
    $(MAKE) clean
    cd .. && tar cf gfxprim-`date +%Y-%b-%d-%HH%MM`.tar gfxprim
+afl:
+	@if [ -z `which afl-gcc 2>/dev/null` ]; then \
+		echo "ERROR: afl-gcc not installed!"; \
+		exit 127; \
+	fi
+	CC=afl-gcc ./configure
+	$(MAKE) -C include
+	$(MAKE) -C libs
+	$(MAKE) afl -C tests/afl
+
 include $(TOPDIR)/post.mk
diff --git a/tests/afl/.gitignore b/tests/afl/.gitignore
new file mode 100644
index 0000000..2f32a21
--- /dev/null
+++ b/tests/afl/.gitignore
@@ -0,0 +1 @@
+loaders
diff --git a/tests/afl/Makefile b/tests/afl/Makefile
new file mode 100644
index 0000000..4b12b13
--- /dev/null
+++ b/tests/afl/Makefile
@@ -0,0 +1,17 @@
+TOPDIR=../..
+include $(TOPDIR)/pre.mk
+
+APPS=loaders
+
+CSOURCES=$(shell echo *.c)
+
+# Link the binary statically
+LIBS=$(shell $(TOPDIR)/gfxprim-config --libs-loaders --libs)
+RLIBS=$(subst -lgfxprim-loaders,$(TOPDIR)/build/libgfxprim-loaders.a,$(LIBS))
+LDLIBS=$(subst -lgfxprim,$(TOPDIR)/build/libgfxprim.a,$(RLIBS))
+
+afl: loaders
+	./run_afl.sh
+
+include $(TOPDIR)/app.mk
+include $(TOPDIR)/post.mk
diff --git a/tests/afl/data/1bpp-1x1.bmp b/tests/afl/data/1bpp-1x1.bmp
new file mode 100644
index 0000000..508b73c
Binary files /dev/null and b/tests/afl/data/1bpp-1x1.bmp differ
diff --git a/tests/afl/data/1bpp-320x1-overlappingcolor.bmp b/tests/afl/data/1bpp-320x1-overlappingcolor.bmp
new file mode 100644
index 0000000..324b66e
Binary files /dev/null and b/tests/afl/data/1bpp-320x1-overlappingcolor.bmp differ
diff --git a/tests/afl/data/1bpp-335x.bmp b/tests/afl/data/1bpp-335x.bmp
new file mode 100644
index 0000000..bbf67b7
Binary files /dev/null and b/tests/afl/data/1bpp-335x.bmp differ
diff --git a/tests/afl/data/1bpp-topdown-320x2.bmp b/tests/afl/data/1bpp-topdown-320x2.bmp
new file mode 100644
index 0000000..cc1020d
Binary files /dev/null and b/tests/afl/data/1bpp-topdown-320x2.bmp differ
diff --git a/tests/afl/data/24bpp-1x1.bmp b/tests/afl/data/24bpp-1x1.bmp
new file mode 100644
index 0000000..fa6c104
Binary files /dev/null and b/tests/afl/data/24bpp-1x1.bmp differ
diff --git a/tests/afl/data/24bpp-323x2.bmp b/tests/afl/data/24bpp-323x2.bmp
new file mode 100644
index 0000000..9db72c9
Binary files /dev/null and b/tests/afl/data/24bpp-323x2.bmp differ
diff --git a/tests/afl/data/24bpp-topdown-32x24.bmp b/tests/afl/data/24bpp-topdown-32x24.bmp
new file mode 100644
index 0000000..c1f072a
Binary files /dev/null and b/tests/afl/data/24bpp-topdown-32x24.bmp differ
diff --git a/tests/afl/data/32bpp-0x240.bmp b/tests/afl/data/32bpp-0x240.bmp
new file mode 100644
index 0000000..ee541ee
Binary files /dev/null and b/tests/afl/data/32bpp-0x240.bmp differ
diff --git a/tests/afl/data/32bpp-101110-32x24.bmp b/tests/afl/data/32bpp-101110-32x24.bmp
new file mode 100644
index 0000000..196b747
Binary files /dev/null and b/tests/afl/data/32bpp-101110-32x24.bmp differ
diff --git a/tests/afl/data/32bpp-1x1.bmp b/tests/afl/data/32bpp-1x1.bmp
new file mode 100644
index 0000000..d1b33e4
Binary files /dev/null and b/tests/afl/data/32bpp-1x1.bmp differ
diff --git a/tests/afl/data/32bpp-320x0.bmp b/tests/afl/data/32bpp-320x0.bmp
new file mode 100644
index 0000000..522dfc3
Binary files /dev/null and b/tests/afl/data/32bpp-320x0.bmp differ
diff --git a/tests/afl/data/32bpp-888-optimalpalette-32x24.bmp b/tests/afl/data/32bpp-888-optimalpalette-32x24.bmp
new file mode 100644
index 0000000..d11032d
Binary files /dev/null and b/tests/afl/data/32bpp-888-optimalpalette-32x24.bmp differ
diff --git a/tests/afl/data/4bpp-1x1.bmp b/tests/afl/data/4bpp-1x1.bmp
new file mode 100644
index 0000000..edc72d8
Binary files /dev/null and b/tests/afl/data/4bpp-1x1.bmp differ
diff --git a/tests/afl/data/4bpp-326x2.bmp b/tests/afl/data/4bpp-326x2.bmp
new file mode 100644
index 0000000..913d4e8
Binary files /dev/null and b/tests/afl/data/4bpp-326x2.bmp differ
diff --git a/tests/afl/data/4bpp-pixeldata-cropped.bmp b/tests/afl/data/4bpp-pixeldata-cropped.bmp
new file mode 100644
index 0000000..76a7c41
Binary files /dev/null and b/tests/afl/data/4bpp-pixeldata-cropped.bmp differ
diff --git a/tests/afl/data/555-1x1.bmp b/tests/afl/data/555-1x1.bmp
new file mode 100644
index 0000000..b85d03c
Binary files /dev/null and b/tests/afl/data/555-1x1.bmp differ
diff --git a/tests/afl/data/555-pixeldata-cropped.bmp b/tests/afl/data/555-pixeldata-cropped.bmp
new file mode 100644
index 0000000..161b2e8
Binary files /dev/null and b/tests/afl/data/555-pixeldata-cropped.bmp differ
diff --git a/tests/afl/data/565-320x2-topdown.bmp b/tests/afl/data/565-320x2-topdown.bmp
new file mode 100644
index 0000000..5d86c78
Binary files /dev/null and b/tests/afl/data/565-320x2-topdown.bmp differ
diff --git a/tests/afl/data/8bpp-1x1.bmp b/tests/afl/data/8bpp-1x1.bmp
new file mode 100644
index 0000000..27ec19a
Binary files /dev/null and b/tests/afl/data/8bpp-1x1.bmp differ
diff --git a/tests/afl/data/8bpp-320x2.bmp b/tests/afl/data/8bpp-320x2.bmp
new file mode 100644
index 0000000..54c8221
Binary files /dev/null and b/tests/afl/data/8bpp-320x2.bmp differ
diff --git a/tests/afl/data/8bpp-colorsused-negative.bmp b/tests/afl/data/8bpp-colorsused-negative.bmp
new file mode 100644
index 0000000..d635597
Binary files /dev/null and b/tests/afl/data/8bpp-colorsused-negative.bmp differ
diff --git a/tests/afl/data/8bpp-pixels-not-in-palette.bmp b/tests/afl/data/8bpp-pixels-not-in-palette.bmp
new file mode 100644
index 0000000..faf1ac0
Binary files /dev/null and b/tests/afl/data/8bpp-pixels-not-in-palette.bmp differ
diff --git a/tests/afl/data/bitdepth-odd.bmp b/tests/afl/data/bitdepth-odd.bmp
new file mode 100644
index 0000000..2a0a207
Binary files /dev/null and b/tests/afl/data/bitdepth-odd.bmp differ
diff --git a/tests/afl/data/bitdepth-zero.bmp b/tests/afl/data/bitdepth-zero.bmp
new file mode 100644
index 0000000..935e49a
Binary files /dev/null and b/tests/afl/data/bitdepth-zero.bmp differ
diff --git a/tests/afl/data/colormasks-missing.bmp b/tests/afl/data/colormasks-missing.bmp
new file mode 100644
index 0000000..5fb8fab
Binary files /dev/null and b/tests/afl/data/colormasks-missing.bmp differ
diff --git a/tests/afl/data/compression-unknown.bmp b/tests/afl/data/compression-unknown.bmp
new file mode 100644
index 0000000..4841f05
Binary files /dev/null and b/tests/afl/data/compression-unknown.bmp differ
diff --git a/tests/afl/data/emptyfile.bmp b/tests/afl/data/emptyfile.bmp
new file mode 100644
index 0000000..e69de29
diff --git a/tests/afl/data/infoheader-cropped.bmp b/tests/afl/data/infoheader-cropped.bmp
new file mode 100644
index 0000000..81ab1c3
Binary files /dev/null and b/tests/afl/data/infoheader-cropped.bmp differ
diff --git a/tests/afl/data/infoheadersize-large.bmp b/tests/afl/data/infoheadersize-large.bmp
new file mode 100644
index 0000000..2d797c0
Binary files /dev/null and b/tests/afl/data/infoheadersize-large.bmp differ
diff --git a/tests/afl/data/infoheadersize-small.bmp b/tests/afl/data/infoheadersize-small.bmp
new file mode 100644
index 0000000..73fcf97
Binary files /dev/null and b/tests/afl/data/infoheadersize-small.bmp differ
diff --git a/tests/afl/data/magicnumber-bad.bmp b/tests/afl/data/magicnumber-bad.bmp
new file mode 100644
index 0000000..be94c5a
Binary files /dev/null and b/tests/afl/data/magicnumber-bad.bmp differ
diff --git a/tests/afl/data/offbits-negative.bmp b/tests/afl/data/offbits-negative.bmp
new file mode 100644
index 0000000..baba6d3
Binary files /dev/null and b/tests/afl/data/offbits-negative.bmp differ
diff --git a/tests/afl/data/planes-zero.bmp b/tests/afl/data/planes-zero.bmp
new file mode 100644
index 0000000..b07e590
Binary files /dev/null and b/tests/afl/data/planes-zero.bmp differ
diff --git a/tests/afl/data/rle4-encoded-320x2.bmp b/tests/afl/data/rle4-encoded-320x2.bmp
new file mode 100644
index 0000000..08ee760
Binary files /dev/null and b/tests/afl/data/rle4-encoded-320x2.bmp differ
diff --git a/tests/afl/data/rle8-64000x1.bmp b/tests/afl/data/rle8-64000x1.bmp
new file mode 100644
index 0000000..6ded0a3
Binary files /dev/null and b/tests/afl/data/rle8-64000x1.bmp differ
diff --git a/tests/afl/data/rle8-absolute-320x2.bmp b/tests/afl/data/rle8-absolute-320x2.bmp
new file mode 100644
index 0000000..d294f41
Binary files /dev/null and b/tests/afl/data/rle8-absolute-320x2.bmp differ
diff --git a/tests/afl/data/rle8-absolute-cropped.bmp b/tests/afl/data/rle8-absolute-cropped.bmp
new file mode 100644
index 0000000..c8d8619
Binary files /dev/null and b/tests/afl/data/rle8-absolute-cropped.bmp differ
diff --git a/tests/afl/data/rle8-blank-160x1.bmp b/tests/afl/data/rle8-blank-160x1.bmp
new file mode 100644
index 0000000..25976fe
Binary files /dev/null and b/tests/afl/data/rle8-blank-160x1.bmp differ
diff --git a/tests/afl/data/rle8-delta-320x2.bmp b/tests/afl/data/rle8-delta-320x2.bmp
new file mode 100644
index 0000000..8a56903
Binary files /dev/null and b/tests/afl/data/rle8-delta-320x2.bmp differ
diff --git a/tests/afl/data/rle8-delta-cropped.bmp b/tests/afl/data/rle8-delta-cropped.bmp
new file mode 100644
index 0000000..44ebc8e
Binary files /dev/null and b/tests/afl/data/rle8-delta-cropped.bmp differ
diff --git a/tests/afl/data/rle8-deltaleavesimage.bmp b/tests/afl/data/rle8-deltaleavesimage.bmp
new file mode 100644
index 0000000..bb31c8a
Binary files /dev/null and b/tests/afl/data/rle8-deltaleavesimage.bmp differ
diff --git a/tests/afl/data/rle8-encoded-320x2.bmp b/tests/afl/data/rle8-encoded-320x2.bmp
new file mode 100644
index 0000000..885ac9a
Binary files /dev/null and b/tests/afl/data/rle8-encoded-320x2.bmp differ
diff --git a/tests/afl/data/rle8-no-end-of-bitmap-marker.bmp b/tests/afl/data/rle8-no-end-of-bitmap-marker.bmp
new file mode 100644
index 0000000..72134b7
Binary files /dev/null and b/tests/afl/data/rle8-no-end-of-bitmap-marker.bmp differ
diff --git a/tests/afl/data/rle8-no-end-of-line-marker.bmp b/tests/afl/data/rle8-no-end-of-line-marker.bmp
new file mode 100644
index 0000000..64d5cdc
Binary files /dev/null and b/tests/afl/data/rle8-no-end-of-line-marker.bmp differ
diff --git a/tests/afl/data/rle8-runlength-cropped.bmp b/tests/afl/data/rle8-runlength-cropped.bmp
new file mode 100644
index 0000000..c2733f7
Binary files /dev/null and b/tests/afl/data/rle8-runlength-cropped.bmp differ
diff --git a/tests/afl/data/ver3_0_palette_1bpp_10x10_white.pcx b/tests/afl/data/ver3_0_palette_1bpp_10x10_white.pcx
new file mode 100644
index 0000000..9fe5a00
Binary files /dev/null and b/tests/afl/data/ver3_0_palette_1bpp_10x10_white.pcx differ
diff --git a/tests/afl/data/ver3_0_palette_24bpp_10x10_white.pcx b/tests/afl/data/ver3_0_palette_24bpp_10x10_white.pcx
new file mode 100644
index 0000000..9bc48fb
Binary files /dev/null and b/tests/afl/data/ver3_0_palette_24bpp_10x10_white.pcx differ
diff --git a/tests/afl/data/ver3_0_palette_2bpp_10x10_white.pcx b/tests/afl/data/ver3_0_palette_2bpp_10x10_white.pcx
new file mode 100644
index 0000000..080a9af
Binary files /dev/null and b/tests/afl/data/ver3_0_palette_2bpp_10x10_white.pcx differ
diff --git a/tests/afl/data/ver3_0_palette_4bpp_10x10_white.pcx b/tests/afl/data/ver3_0_palette_4bpp_10x10_white.pcx
new file mode 100644
index 0000000..da88d77
Binary files /dev/null and b/tests/afl/data/ver3_0_palette_4bpp_10x10_white.pcx differ
diff --git a/tests/afl/data/ver3_0_palette_8bpp_10x10_white.pcx b/tests/afl/data/ver3_0_palette_8bpp_10x10_white.pcx
new file mode 100644
index 0000000..2f7e71e
Binary files /dev/null and b/tests/afl/data/ver3_0_palette_8bpp_10x10_white.pcx differ
diff --git a/tests/afl/data/width-times-height-overflow.bmp b/tests/afl/data/width-times-height-overflow.bmp
new file mode 100644
index 0000000..1dd3a5b
Binary files /dev/null and b/tests/afl/data/width-times-height-overflow.bmp differ
diff --git a/tests/afl/loaders.c b/tests/afl/loaders.c
new file mode 100644
index 0000000..7f3b482
--- /dev/null
+++ b/tests/afl/loaders.c
@@ -0,0 +1,49 @@
+/*****************************************************************************
+ * This file is part of gfxprim library.                                     *
+ *                                                                           *
+ * Gfxprim is free software; you can redistribute it and/or                  *
+ * modify it under the terms of the GNU Lesser General Public                *
+ * License as published by the Free Software Foundation; either              *
+ * version 2.1 of the License, or (at your option) any later version.        *
+ *                                                                           *
+ * Gfxprim is distributed in the hope that it will be useful,                *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of            *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU         *
+ * Lesser General Public License for more details.                           *
+ *                                                                           *
+ * You should have received a copy of the GNU Lesser General Public          *
+ * License along with gfxprim; if not, write to the Free Software            *
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,                        *
+ * Boston, MA  02110-1301  USA                                               *
+ *                                                                           *
+ * Copyright (C) 2009-2015 Cyril Hrubis metan@ucw.cz                       *
+ *                                                                           *
+ *****************************************************************************/
+
+ /*
+
+   Minimal loaders call to be used by american fuzzy lop (afl).
+
+  */
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#include <GP.h>
+
+int main(int argc, char *argv[])
+{
+	GP_Context *img;
+
+	if (argc != 2) {
+		fprintf(stderr, "Takes an image as an parameter\n");
+		return 1;
+	}
+
+	img = GP_LoadImage(argv[1], NULL);
+
+	GP_ContextFree(img);
+
+	return 0;
+}
diff --git a/tests/afl/run_afl.sh b/tests/afl/run_afl.sh
new file mode 100755
index 0000000..4785387
--- /dev/null
+++ b/tests/afl/run_afl.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+#
+# Start afl in NCPU + 1 threads to saturate CPU
+#
+
+NCPU=$(getconf _NPROCESSORS_ONLN)
+
+DATADIR=data/
+OUTDIR=result/
+EXEC="./loaders @@"
+
+for i in $(seq -w 1 $NCPU); do
+	afl-fuzz -i "$DATADIR" -o "$OUTDIR" -S fuzzer$i $EXEC > /dev/null&
+done
+
+afl-fuzz -i "$DATADIR" -o "$OUTDIR" -M fuzzer00 $EXEC
http://repo.or.cz/gfxprim.git/commit/a8f40a07ec88adfc05232ea8b0a1174eeb03384...
commit a8f40a07ec88adfc05232ea8b0a1174eeb03384d
Author: Cyril Hrubis metan@ucw.cz
Date:   Tue Dec 8 12:19:48 2015 +0100
build: app.mk: Do not append -lgfxprim
Since we may want to build binaries statically linked with gfxprim.
Signed-off-by: Cyril Hrubis metan@ucw.cz
diff --git a/app.mk b/app.mk
index 2e10fff..20015ab 100644
--- a/app.mk
+++ b/app.mk
@@ -3,8 +3,8 @@ CLEAN+=$(APPS)
%: %.o
 ifdef VERBOSE
-	$(CC) $(CFLAGS) $(LDFLAGS) -Wl,--start-group $^ $(LDLIBS) -lgfxprim -Wl,--end-group -o $@
+	$(CC) $(CFLAGS) $(LDFLAGS) -Wl,--start-group $^ $(LDLIBS) -Wl,--end-group -o $@
 else
    @echo "LD   $@"
-	@$(CC) $(CFLAGS) $(LDFLAGS) -Wl,--start-group $^ $(LDLIBS) -lgfxprim -Wl,--end-group -o $@
+	@$(CC) $(CFLAGS) $(LDFLAGS) -Wl,--start-group $^ $(LDLIBS) -Wl,--end-group -o $@
 endif
diff --git a/demos/bogoman/Makefile b/demos/bogoman/Makefile
index c998522..005d784 100644
--- a/demos/bogoman/Makefile
+++ b/demos/bogoman/Makefile
@@ -4,7 +4,7 @@ include $(TOPDIR)/pre.mk
 CSOURCES=$(shell echo *.c)
INCLUDE=
-LDLIBS+=-lgfxprim-backends -lgfxprim-loaders
+LDLIBS+=-lgfxprim-backends -lgfxprim-loaders -lgfxprim
APPS=bogoman
diff --git a/demos/c_simple/Makefile b/demos/c_simple/Makefile
index 1346423..0525e72 100644
--- a/demos/c_simple/Makefile
+++ b/demos/c_simple/Makefile
@@ -10,7 +10,7 @@ CSOURCES=$(SOURCES)
 endif
INCLUDE=
-LDLIBS+=-lrt
+LDLIBS+=-lrt -lgfxprim
APPS=backend_example loaders_example loaders filters_symmetry gfx_koch\
      virtual_backend_example meta_data showimage\
diff --git a/demos/grinder/Makefile b/demos/grinder/Makefile
index 6e53dc3..5abbc1e 100644
--- a/demos/grinder/Makefile
+++ b/demos/grinder/Makefile
@@ -5,7 +5,7 @@ CSOURCES=$(shell echo *.c)
 INCLUDE=core gfx
LDLIBS+=-lrt -lm
-LDLIBS+=-lgfxprim-loaders
+LDLIBS+=-lgfxprim-loaders -lgfxprim
APPS=grinder
diff --git a/demos/particle/Makefile b/demos/particle/Makefile
index 7b553e5..f4670ec 100644
--- a/demos/particle/Makefile
+++ b/demos/particle/Makefile
@@ -4,7 +4,7 @@ CSOURCES=$(shell echo *.c)
INCLUDE=
 LDFLAGS+=-L$(TOPDIR)/build/
-LDLIBS+=-lrt -lm -lgfxprim-backends
+LDLIBS+=-lrt -lm -lgfxprim-backends -lgfxprim
APPS=particle_demo
diff --git a/demos/spiv/Makefile b/demos/spiv/Makefile
index 9376ee4..e3bc8fe 100644
--- a/demos/spiv/Makefile
+++ b/demos/spiv/Makefile
@@ -7,7 +7,7 @@ INCLUDE=
 LDFLAGS+=-L$(TOPDIR)/build/
 LDLIBS+=-lrt
-LDLIBS+=-lgfxprim-loaders -lgfxprim-backends
+LDLIBS+=-lgfxprim-loaders -lgfxprim-backends -lgfxprim
APPS=spiv
diff --git a/demos/ttf2img/Makefile b/demos/ttf2img/Makefile
index 636b04b..bdd0992 100644
--- a/demos/ttf2img/Makefile
+++ b/demos/ttf2img/Makefile
@@ -4,7 +4,7 @@ include $(TOPDIR)/pre.mk
 CSOURCES=$(shell echo *.c)
INCLUDE=
-LDLIBS+=-lgfxprim-loaders
+LDLIBS+=-lgfxprim-loaders -lgfxprim
APPS=ttf2img
http://repo.or.cz/gfxprim.git/commit/9132111c70875afe910de2c5fa90327c0947d0f...
commit 9132111c70875afe910de2c5fa90327c0947d0f4
Author: Cyril Hrubis metan@ucw.cz
Date:   Tue Dec 8 11:33:23 2015 +0100
loaders: BMP: RLE8: Fix stop at end.
The RLE8_move() must be called after we decode repeat or undecoded byte
    since otherwise we may reset the decoder state to RLE_START after
    RLE8_move() set it to RLE_STOP because all image data has been read.
This fixes crash with corrupted RLE8 BMP images.
Special thanks to the american fuzzy lop (afl).
Signed-off-by: Cyril Hrubis metan@ucw.cz
diff --git a/libs/loaders/GP_BMP_RLE.h b/libs/loaders/GP_BMP_RLE.h
index 2b1a3ba..6d5625b 100644
--- a/libs/loaders/GP_BMP_RLE.h
+++ b/libs/loaders/GP_BMP_RLE.h
@@ -174,8 +174,6 @@ static int RLE8_next_undecoded(struct RLE *rle)
 {
    GETC(rle);
-	RLE8_move(rle);
-
    //GP_DEBUG(4, "RLE unencoded %u %u -> %02x", rle->x, rle->y, rle->c);
if (--rle->rep == 0) {
@@ -185,6 +183,8 @@ static int RLE8_next_undecoded(struct RLE *rle)
    		GETC(rle);
    }
+	RLE8_move(rle);
+
    rle->move = 1;
return 0;
@@ -192,13 +192,13 @@ static int RLE8_next_undecoded(struct RLE *rle)
static int RLE8_next_repeat(struct RLE *rle)
 {
-	RLE8_move(rle);
-
    //GP_DEBUG(4, "RLE repeat %u %u -> %02x", rle->x, rle->y, rle->c);
if (--rle->rep == 0)
    	rle->state = RLE_START;
+	RLE8_move(rle);
+
    rle->move = 1;
return 0;
http://repo.or.cz/gfxprim.git/commit/e7663526f7a8ee2ba10dbe1e85758c4ea4b3b12...
commit e7663526f7a8ee2ba10dbe1e85758c4ea4b3b12e
Author: Cyril Hrubis metan@ucw.cz
Date:   Tue Dec 8 10:37:48 2015 +0100
loaders: BMP: Add sanity check for palette size
The palette size is 32bit integer in BMP header which when set to
    absurdly large number makes the process go out of memory when palette
    is initialized.
Now we check that palette size is <= 1<<bpp and truncate it otherwise.
Special thanks to the american fuzzy lop (afl).
Signed-off-by: Cyril Hrubis metan@ucw.cz
diff --git a/libs/loaders/GP_BMP.c b/libs/loaders/GP_BMP.c
index 385fa3d..2112f04 100644
--- a/libs/loaders/GP_BMP.c
+++ b/libs/loaders/GP_BMP.c
@@ -339,9 +339,8 @@ static int read_bitmap_header(GP_IO *io, struct bitmap_info_header *header)
  * Reads palette, the format is R G B X, each one byte.
  */
 static int read_bitmap_palette(GP_IO *io, struct bitmap_info_header *header,
-                               GP_Pixel *palette)
+                               GP_Pixel *palette, uint32_t palette_colors)
 {
-	uint32_t palette_colors = get_palette_size(header);
    uint32_t palette_offset = header->header_size + 14;
    uint8_t pixel_size;
    uint32_t i;
@@ -367,7 +366,7 @@ static int read_bitmap_palette(GP_IO *io, struct bitmap_info_header *header,
    	return err;
    }
-	uint32_t palette_size = pixel_size * palette_colors;
+	size_t palette_size = pixel_size * palette_colors;
    uint8_t *buf = GP_TempAlloc(palette_size);
if (GP_IOFill(io, buf, palette_size)) {
@@ -517,7 +516,7 @@ static int read_palette(GP_IO *io, struct bitmap_info_header *header,
GP_Pixel *palette = GP_TempAllocArr(tmp, GP_Pixel, palette_size);
-	if ((err = read_bitmap_palette(io, header, palette)))
+	if ((err = read_bitmap_palette(io, header, palette, palette_size)))
    	goto err;
if ((err = seek_pixels_offset(io, header)))
@@ -631,11 +630,23 @@ static int read_bitfields_or_rgb(GP_IO *io, struct bitmap_info_header *header,
    return 0;
 }
+static void check_palette_size(struct bitmap_info_header *header)
+{
+	if (header->palette_colors > 1u << header->bpp) {
+		GP_WARN("Corrupted header bpp=%"PRIu16" palette_size=%"PRIu32
+		        ", truncating palette_size to %u",
+		        header->bpp, header->palette_colors, 1u << header->bpp);
+		header->palette_colors = 0;
+	}
+}
+
 static int read_bitmap_pixels(GP_IO *io, struct bitmap_info_header *header,
                               GP_Context *context, GP_ProgressCallback *callback)
 {
-	if (header->compress_type == COMPRESS_RLE8)
+	if (header->compress_type == COMPRESS_RLE8) {
+		check_palette_size(header);
    	return read_RLE8(io, header, context, callback);
+	}
switch (header->bpp) {
    case 1:
@@ -643,6 +654,7 @@ static int read_bitmap_pixels(GP_IO *io, struct bitmap_info_header *header,
    case 2:
    case 4:
    case 8:
+		check_palette_size(header);
    	return read_palette(io, header, context, callback);
    case 16:
    case 24:
diff --git a/libs/loaders/GP_BMP_RLE.h b/libs/loaders/GP_BMP_RLE.h
index a3592ed..2b1a3ba 100644
--- a/libs/loaders/GP_BMP_RLE.h
+++ b/libs/loaders/GP_BMP_RLE.h
@@ -279,7 +279,7 @@ static int read_RLE8(GP_IO *io, struct bitmap_info_header *header,
GP_Pixel *palette = GP_TempAlloc(palette_size * sizeof(GP_Pixel));
-	if ((err = read_bitmap_palette(io, header, palette)))
+	if ((err = read_bitmap_palette(io, header, palette, palette_size)))
    	goto err;
if ((err = seek_pixels_offset(io, header)))
http://repo.or.cz/gfxprim.git/commit/266c9d02b03917a0bfd6bf7c5a2c94cdbaf43ea...
commit 266c9d02b03917a0bfd6bf7c5a2c94cdbaf43ea3
Author: Cyril Hrubis metan@ucw.cz
Date:   Mon Dec 7 18:49:44 2015 +0100
loaders: BMP: RLE8: Add header consistency check.
Make sure that the allocated context is RGB888 since corrupted header
    may say something different and the end result is that the RLE8 decoder
    writes after the allocated pixmap buffer.
Special thanks to the american fuzzy lop (afl).
Signed-off-by: Cyril Hrubis metan@ucw.cz
diff --git a/libs/loaders/GP_BMP_RLE.h b/libs/loaders/GP_BMP_RLE.h
index e282f0d..a3592ed 100644
--- a/libs/loaders/GP_BMP_RLE.h
+++ b/libs/loaders/GP_BMP_RLE.h
@@ -270,6 +270,13 @@ static int read_RLE8(GP_IO *io, struct bitmap_info_header *header,
    DECLARE_RLE(rle, header->w, GP_ABS(header->h), io);
    int err;
+	if (context->pixel_type != GP_PIXEL_RGB888) {
+		GP_WARN("Corrupted BMP header! "
+			"RLE8 is 24bit (RGB888) palette but header says %s",
+		        GP_PixelTypeName(context->pixel_type));
+		return EINVAL;
+	}
+
    GP_Pixel *palette = GP_TempAlloc(palette_size * sizeof(GP_Pixel));
if ((err = read_bitmap_palette(io, header, palette)))
http://repo.or.cz/gfxprim.git/commit/ac4d7195b3f0ab79365c831f8c0bf26657d737f...
commit ac4d7195b3f0ab79365c831f8c0bf26657d737f4
Author: Cyril Hrubis metan@ucw.cz
Date:   Mon Dec 7 16:31:01 2015 +0100
core: GP_ContextAlloc() Fix overflow in get_bpr()
Special thanks to the american fuzzy lop (afl).
Signed-off-by: Cyril Hrubis metan@ucw.cz
diff --git a/libs/core/GP_Context.c b/libs/core/GP_Context.c
index 8a6ab30..050c4dd 100644
--- a/libs/core/GP_Context.c
+++ b/libs/core/GP_Context.c
@@ -36,7 +36,15 @@
static uint32_t get_bpr(uint32_t bpp, uint32_t w)
 {
-	return (bpp * w) / 8 + !!((bpp * w) % 8);
+	uint64_t bits_per_row = (uint64_t)bpp * w;
+	uint8_t padd = !!(bits_per_row % 8);
+
+	if (bits_per_row / 8 + padd > UINT32_MAX) {
+		GP_WARN("Context too wide %u (overflow detected)", w);
+		return 0;
+	}
+
+	return bits_per_row / 8 + padd;
 }
GP_Context *GP_ContextAlloc(GP_Size w, GP_Size h, GP_PixelType type)
@@ -62,7 +70,9 @@ GP_Context *GP_ContextAlloc(GP_Size w, GP_Size h, GP_PixelType type)
             w, h, GP_PixelTypeName(type));
bpp = GP_PixelSize(type);
-	bpr = get_bpr(bpp, w);
+
+	if (!(bpr = get_bpr(bpp, w)))
+		return NULL;
size_t size = bpr * h;
http://repo.or.cz/gfxprim.git/commit/c7f781854b28871c22794e5f43a7625583869ed...
commit c7f781854b28871c22794e5f43a7625583869edc
Author: Cyril Hrubis metan@ucw.cz
Date:   Mon Dec 7 15:32:04 2015 +0100
Loaders: BMP_RLE: Fix unbounded stack allocation.
Special thanks to the american fuzzy lop (afl).
Signed-off-by: Cyril Hrubis metan@ucw.cz
diff --git a/libs/loaders/GP_BMP_RLE.h b/libs/loaders/GP_BMP_RLE.h
index 4c228fb..e282f0d 100644
--- a/libs/loaders/GP_BMP_RLE.h
+++ b/libs/loaders/GP_BMP_RLE.h
@@ -267,15 +267,16 @@ static int read_RLE8(GP_IO *io, struct bitmap_info_header *header,
                      GP_Context *context, GP_ProgressCallback *callback)
 {
    uint32_t palette_size = get_palette_size(header);
-	GP_Pixel palette[get_palette_size(header)];
    DECLARE_RLE(rle, header->w, GP_ABS(header->h), io);
    int err;
+	GP_Pixel *palette = GP_TempAlloc(palette_size * sizeof(GP_Pixel));
+
    if ((err = read_bitmap_palette(io, header, palette)))
-		return err;
+		goto err;
if ((err = seek_pixels_offset(io, header)))
-		return err;
+		goto err;
int cnt = 0;
@@ -289,7 +290,7 @@ static int read_RLE8(GP_IO *io, struct bitmap_info_header *header,
for (;;) {
    	if ((err = RLE8_next(&rle)))
-			return err;
+			goto err;
if (rle.state == RLE_STOP)
    		break;
@@ -319,11 +320,14 @@ static int read_RLE8(GP_IO *io, struct bitmap_info_header *header,
    		if (GP_ProgressCallbackReport(callback, rle.y,
    		                              context->h, context->w)) {
    			GP_DEBUG(1, "Operation aborted");
-				return ECANCELED;
+				err = ECANCELED;
+				goto err;
    		}
    	}
    }
GP_ProgressCallbackDone(callback);
-	return 0;
+err:
+	GP_TempFree(palette_size * sizeof(GP_Pixel), palette);
+	return err;
 }
http://repo.or.cz/gfxprim.git/commit/e450ba0813517e753c32371a58aac2c9c313413...
commit e450ba0813517e753c32371a58aac2c9c3134130
Author: Cyril Hrubis metan@ucw.cz
Date:   Mon Dec 7 15:22:21 2015 +0100
core: GP_ContextAlloc() add overflow detection.
Check that bpp * w * h does not overflow before we pass it to the
    malloc() to allcate context bitmap buffer. Otherwise we end up with
    context with w and h pointing outside the allocate pixel buffer.
Special thanks to the american fuzzy lop (afl).
Signed-off-by: Cyril Hrubis metan@ucw.cz
diff --git a/libs/core/GP_Context.c b/libs/core/GP_Context.c
index 8e61ce0..8a6ab30 100644
--- a/libs/core/GP_Context.c
+++ b/libs/core/GP_Context.c
@@ -43,7 +43,7 @@ GP_Context *GP_ContextAlloc(GP_Size w, GP_Size h, GP_PixelType type)
 {
    GP_Context *context;
    uint32_t bpp;
-	uint32_t bpr;
+	size_t bpr;
    void *pixels;
if (!GP_VALID_PIXELTYPE(type)) {
@@ -64,7 +64,14 @@ GP_Context *GP_ContextAlloc(GP_Size w, GP_Size h, GP_PixelType type)
    bpp = GP_PixelSize(type);
    bpr = get_bpr(bpp, w);
-	pixels = malloc(bpr * h);
+	size_t size = bpr * h;
+
+	if (size / h != bpr) {
+		GP_WARN("Context too big %u x %u (owerflow detected)", w, h);
+		return NULL;
+	}
+
+	pixels = malloc(size);
    context = malloc(sizeof(GP_Context));
if (pixels == NULL || context == NULL) {
http://repo.or.cz/gfxprim.git/commit/e7186b166a3c5847490637818694e61a515341e...
commit e7186b166a3c5847490637818694e61a515341e4
Author: Cyril Hrubis metan@ucw.cz
Date:   Mon Dec 7 14:49:51 2015 +0100
Loaders: BMP: Fix two unbounded stack allocations.
Special thanks to the american fuzzy lop (afl).
Signed-off-by: Cyril Hrubis metan@ucw.cz
diff --git a/libs/loaders/GP_BMP.c b/libs/loaders/GP_BMP.c
index 8b890f9..385fa3d 100644
--- a/libs/loaders/GP_BMP.c
+++ b/libs/loaders/GP_BMP.c
@@ -39,6 +39,7 @@
 #include "core/GP_Debug.h"
 #include "core/GP_Pixel.h"
 #include "core/GP_GetPutPixel.h"
+#include "core/GP_TempAlloc.h"
#include "loaders/GP_LineConvert.h"
 #include "loaders/GP_BMP.h"
@@ -366,10 +367,12 @@ static int read_bitmap_palette(GP_IO *io, struct bitmap_info_header *header,
    	return err;
    }
-	uint8_t buf[pixel_size * palette_colors];
+	uint32_t palette_size = pixel_size * palette_colors;
+	uint8_t *buf = GP_TempAlloc(palette_size);
-	if (GP_IOFill(io, buf, sizeof(buf))) {
+	if (GP_IOFill(io, buf, palette_size)) {
    	GP_DEBUG(1, "Failed to read palette: %s", strerror(errno));
+		GP_TempFree(palette_size, buf);
    	return EIO;
    }
@@ -384,6 +387,7 @@ static int read_bitmap_palette(GP_IO *io, struct bitmap_info_header *header,
    	         GP_Pixel_GET_B_RGB888(palette[i]));
    }
+	GP_TempFree(palette_size, buf);
    return 0;
 }
@@ -505,27 +509,30 @@ static int read_palette(GP_IO *io, struct bitmap_info_header *header,
                         GP_Context *context, GP_ProgressCallback *callback)
 {
    uint32_t palette_size = get_palette_size(header);
-	GP_Pixel palette[get_palette_size(header)];
+	uint32_t row_size = bitmap_row_size(header);
+	int32_t y;
    int err;
+	GP_TempAllocCreate(tmp, sizeof(GP_Pixel) * palette_size + row_size);
+
+	GP_Pixel *palette = GP_TempAllocArr(tmp, GP_Pixel, palette_size);
+
    if ((err = read_bitmap_palette(io, header, palette)))
-		return err;
+		goto err;
if ((err = seek_pixels_offset(io, header)))
-		return err;
+		goto err;
-	uint32_t row_size = bitmap_row_size(header);
-	int32_t y;
+	uint8_t *row = GP_TempAllocArr(tmp, uint8_t, row_size);
for (y = 0; y < GP_ABS(header->h); y++) {
    	int32_t x;
-		uint8_t row[row_size];
if (GP_IOFill(io, row, row_size)) {
    		err = errno;
    		GP_DEBUG(1, "Failed to read row %"PRId32": %s",
    		         y, strerror(errno));
-			return err;
+			goto err;
    	}
for (x = 0; x < header->w; x++) {
@@ -552,12 +559,15 @@ static int read_palette(GP_IO *io, struct bitmap_info_header *header,
    	if (GP_ProgressCallbackReport(callback, y,
    	                              context->h, context->w)) {
    		GP_DEBUG(1, "Operation aborted");
-			return ECANCELED;
+			err = ECANCELED;
+			goto err;
    	}
    }
GP_ProgressCallbackDone(callback);
-	return 0;
+err:
+	GP_TempAllocFree(tmp);
+	return err;
 }
static int read_bitfields_or_rgb(GP_IO *io, struct bitmap_info_header *header,
http://repo.or.cz/gfxprim.git/commit/b392ec017ad30463f1761a2a66c565417acc153...
commit b392ec017ad30463f1761a2a66c565417acc153d
Author: Cyril Hrubis metan@ucw.cz
Date:   Mon Dec 7 14:30:46 2015 +0100
core: GP_TempAlloc.c: Add simpler interface.
Add GP_TempAlloc() and GP_TempFree() to be used for single temporary
    allocations.
Also adds GP_TempAllocArr(self, type, len) to allocate len size array of
    type members.
Signed-off-by: Cyril Hrubis metan@ucw.cz
diff --git a/include/core/GP_TempAlloc.h b/include/core/GP_TempAlloc.h
index e17adff..78cfeb0 100644
--- a/include/core/GP_TempAlloc.h
+++ b/include/core/GP_TempAlloc.h
@@ -79,9 +79,20 @@ struct GP_TempAlloc {
    (void*)(((char*)(self.buffer)) + _pos);   \
 })
+#define GP_TempAllocArr(self, type, len) \
+	GP_TempAllocGet(self, sizeof(type) * len)
+
 #define GP_TempAllocFree(self) do {          \
    if (self.size > GP_ALLOCA_THRESHOLD) \
    	free(self.buffer);           \
 } while (0)
+#define GP_TempAlloc(size) GP_TEMP_ALLOC(size)
+
+static inline void GP_TempFree(size_t size, void *ptr)
+{
+	if (size > GP_ALLOCA_THRESHOLD)
+		free(ptr);
+}
+
 #endif /* CORE_GP_TEMP_ALLOC_H */
http://repo.or.cz/gfxprim.git/commit/71461948b59b8c7e839bd3b3541678449b8c445...
commit 71461948b59b8c7e839bd3b3541678449b8c4451
Author: Cyril Hrubis metan@ucw.cz
Date:   Mon Dec 7 12:07:49 2015 +0100
lib,build: Correct static library filename.
The static library filename should apparently be without the version
    string.
Signed-off-by: Cyril Hrubis metan@ucw.cz
diff --git a/build/Makefile b/build/Makefile
index 5f88872..13b901a 100644
--- a/build/Makefile
+++ b/build/Makefile
@@ -8,7 +8,7 @@ include $(TOPDIR)/libver.mk
LIB_NAME=libgfxprim
-STATIC_LIB=$(LIB_NAME).$(LIB_VERSION).a
+STATIC_LIB=$(LIB_NAME).a
 DYNAMIC_LIB=$(LIB_NAME).so.$(LIB_VERSION).$(LIB_RELEASE)
 SONAME=$(LIB_NAME).so.$(LIB_MAJOR)
 SYMLINKS=$(LIB_NAME).so.$(LIB_MAJOR) $(LIB_NAME).so
diff --git a/lib.mk b/lib.mk
index 6afa462..23b7fcb 100644
--- a/lib.mk
+++ b/lib.mk
@@ -17,7 +17,7 @@ include $(TOPDIR)/config.mk
 LIB_NAME=libgfxprim-$(LIBNAME)
 BUILD_DIR=$(TOPDIR)/build/
-STATIC_LIB=$(LIB_NAME).$(LIB_VERSION).a
+STATIC_LIB=$(LIB_NAME).a
 DYNAMIC_LIB=$(LIB_NAME).so.$(LIB_VERSION).$(LIB_RELEASE)
 SONAME=$(LIB_NAME).so.$(LIB_MAJOR)
 SYMLINKS=$(LIB_NAME).so.$(LIB_MAJOR) $(LIB_NAME).so
http://repo.or.cz/gfxprim.git/commit/f83e3fc6980bd4cdc1b0151bea961ccfe35aa00...
commit f83e3fc6980bd4cdc1b0151bea961ccfe35aa006
Author: Cyril Hrubis metan@ucw.cz
Date:   Tue Sep 15 19:43:55 2015 +0200
shapetest: Fix segfault on rotation (R key)
Make use of the GP_ContextW() and GP_ContextH() accessors as changing
    the backend->context->w and backend->context->h leads to undefined
    behavior and crashes.
Signed-off-by: Cyril Hrubis metan@ucw.cz
diff --git a/demos/c_simple/shapetest.c b/demos/c_simple/shapetest.c
index b114fd8..14e832c 100644
--- a/demos/c_simple/shapetest.c
+++ b/demos/c_simple/shapetest.c
@@ -251,12 +251,17 @@ void redraw_screen(void)
/* axes */
    if (show_axes) {
-		GP_HLine(win, 0, win->w, center_y, gray);
-		GP_HLine(win, 0, win->w, center_y-yradius, darkgray);
-		GP_HLine(win, 0, win->w, center_y+yradius, darkgray);
-		GP_VLine(win, center_x, 0, win->h, gray);
-		GP_VLine(win, center_x-xradius, 0, win->h, darkgray);
-		GP_VLine(win, center_x+xradius, 0, win->h, darkgray);
+		int w, h;
+
+		w = GP_ContextW(win);
+		h = GP_ContextH(win);
+
+		GP_HLine(win, 0, w, center_y, gray);
+		GP_HLine(win, 0, w, center_y-yradius, darkgray);
+		GP_HLine(win, 0, w, center_y+yradius, darkgray);
+		GP_VLine(win, center_x, 0, h, gray);
+		GP_VLine(win, center_x-xradius, 0, h, darkgray);
+		GP_VLine(win, center_x+xradius, 0, h, darkgray);
    }
/* the shape */
@@ -305,7 +310,7 @@ void redraw_screen(void)
 static void xradius_add(int xradius_add)
 {
    if (xradius + xradius_add > 1 &&
-	    xradius + xradius_add < (int)win->w)
+	    xradius + xradius_add < (int)GP_ContextW(win))
    	xradius += xradius_add;
 }
@@ -313,21 +318,21 @@ static void xradius_add(int xradius_add)
 static void yradius_add(int yradius_add)
 {
    if (yradius + yradius_add > 1 &&
-	    yradius + yradius_add < (int)win->h)
+	    yradius + yradius_add < (int)GP_ContextH(win))
    	yradius += yradius_add;
 }
static void xcenter_add(int xcenter_add)
 {
    if (center_x + xcenter_add > 1 &&
-	    center_x + xcenter_add < (int)win->w/2)
+	    center_x + xcenter_add < (int)GP_ContextW(win)/2)
    	center_x += xcenter_add;
 }
static void ycenter_add(int ycenter_add)
 {
    if (center_y + ycenter_add > 1 &&
-	    center_y + ycenter_add < (int)win->h/2)
+	    center_y + ycenter_add < (int)GP_ContextH(win)/2)
    	center_y += ycenter_add;
 }
@@ -359,7 +364,8 @@ void event_loop(void)
    		break;
    		case GP_KEY_R:
    			win->axes_swap = !win->axes_swap;
-				GP_SWAP(win->w, win->h);
+				center_x = GP_ContextW(win) / 2;
+				center_y = GP_ContextH(win) / 2;
    		break;
    		case GP_KEY_F:
    			fill = !fill;
@@ -445,8 +451,9 @@ void event_loop(void)
    		break;
    		case GP_EV_SYS_RESIZE:
    			GP_BackendResizeAck(backend);
-				center_x = backend->context->w / 2;
-				center_y = backend->context->h / 2;
+				win = backend->context;
+				center_x = GP_ContextW(win) / 2;
+				center_y = GP_ContextH(win) / 2;
    		break;
    		}
    	break;
http://repo.or.cz/gfxprim.git/commit/39c170a76a85408c85175b434dd0250e7b01d31...
commit 39c170a76a85408c85175b434dd0250e7b01d314
Author: Cyril Hrubis metan@ucw.cz
Date:   Thu Apr 16 12:09:25 2015 +0200
tests: framework: Call mktime() on init as well.
mktime() allocates memory that is not freed, calling it at start
    avoids most of the false possitives. Unfortunatelly it reallocates
    one buffer on each iteration which turns out in the final result :(
Signed-off-by: Cyril Hrubis metan@ucw.cz
diff --git a/tests/framework/tst_preload.c b/tests/framework/tst_preload.c
index fa0a5cf..871abdf 100644
--- a/tests/framework/tst_preload.c
+++ b/tests/framework/tst_preload.c
@@ -16,7 +16,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor,                        *
  * Boston, MA  02110-1301  USA                                               *
  *                                                                           *
- * Copyright (C) 2009-2013 Cyril Hrubis metan@ucw.cz                       *
+ * Copyright (C) 2009-2015 Cyril Hrubis metan@ucw.cz                       *
  *                                                                           *
  *****************************************************************************/
@@ -27,6 +27,7 @@
 #include <string.h>
 #include <dlfcn.h>
 #include <execinfo.h>
+#include <time.h>
#include "tst_test.h"
 #include "tst_preload.h"
@@ -48,12 +49,23 @@ void tst_malloc_check_start(void)
 {
    void  *buf[1];
    char *str_verbose;
+
    /*
     * Call backtrace() before we start tracking memory, because it calls
     * dlopen() on first invocation, which allocates memory that is never
     * freed...
     */
    backtrace(buf, 1);
+
+	/*
+	 * And so does mktime(), it allocates memory which is not freed in tzset()
+	 *
+	 * Unfortunatelly this still leaves one chunk of size 15 that is reallocated
+	 * on each call to mktime() :(
+	 */
+	struct tm tm;
+	mktime(&tm);
+
    check_malloc = 1;
str_verbose = getenv("TST_MALLOC_VERBOSE");
http://repo.or.cz/gfxprim.git/commit/a5731b6a1f6532ad0b6348f3b198e930ee50f3e...
commit a5731b6a1f6532ad0b6348f3b198e930ee50f3ea
Author: Cyril Hrubis metan@ucw.cz
Date:   Thu Apr 16 11:04:50 2015 +0200
tests: framework: Add calloc() tracking && verbose mode
* Add calloc tracking
* Simplify realloc()
      (fixes bugs with chunks added twice because realloc()
       may call malloc() internally)
* Add verbose mode
The verbose mode is controlled by TST_MALLOC_VEBOSE variable.
If TST_MALLOC_VERBOSE=1 is exported all allocations with addresses are
    printed.
If TST_MALLOC_VERBOSE=2 is exported the log includes also stack trace
    for each allocation.
Signed-off-by: Cyril Hrubis metan@ucw.cz
diff --git a/tests/framework/tst_preload.c b/tests/framework/tst_preload.c
index 42457aa..fa0a5cf 100644
--- a/tests/framework/tst_preload.c
+++ b/tests/framework/tst_preload.c
@@ -23,14 +23,17 @@
 #define _GNU_SOURCE
 #include <stdio.h>
 #include <stdint.h>
+#include <stdlib.h>
 #include <string.h>
 #include <dlfcn.h>
+#include <execinfo.h>
#include "tst_test.h"
 #include "tst_preload.h"
 #include "tst_malloc_canaries.h"
static int check_malloc = 0;
+static int verbose = 0;
 static int malloc_canary = MALLOC_CANARY_OFF;
static size_t cur_size = 0;
@@ -43,23 +46,30 @@ static unsigned int max_chunks = 0;
void tst_malloc_check_start(void)
 {
+	void  *buf[1];
+	char *str_verbose;
+	/*
+	 * Call backtrace() before we start tracking memory, because it calls
+	 * dlopen() on first invocation, which allocates memory that is never
+	 * freed...
+	 */
+	backtrace(buf, 1);
    check_malloc = 1;
+
+	str_verbose = getenv("TST_MALLOC_VERBOSE");
+	if (str_verbose)
+		verbose = atoi(str_verbose);
 }
-void tst_malloc_check_stop(void)
+static void print_c_trace(void)
 {
-	/*
-	 * We cannot stop the tracing when canaries are on
-	 * because we need the chunk table to keep track
-	 * which allocations are with canary and their
-	 * sizes for free and realloc.
-	 */
-	if (malloc_canary != MALLOC_CANARY_OFF) {
-		tst_warn("Cannot turn malloc checks off when canaries are on");
-		return;
-	}
+	void *buffer[128];
+	int size = backtrace(buffer, 128);
-	check_malloc = 0;
+	fprintf(stderr, "C stack trace (most recent call first):\n");
+	fflush(stderr);
+	backtrace_symbols_fd(buffer, size, fileno(stderr));
+	fprintf(stderr, "\n");
 }
void tst_malloc_canaries_set(enum tst_malloc_canary canary)
@@ -102,6 +112,18 @@ struct chunk {
 static struct chunk chunks[MAX_CHUNKS];
 static unsigned int chunks_top = 0;
+static struct chunk *get_chunk(void *ptr)
+{
+	unsigned int i;
+
+	for (i = 0; i < chunks_top; i++) {
+		if (chunks[i].ptr == ptr)
+			return &chunks[i];
+	}
+
+	return NULL;
+}
+
 static void add_chunk(size_t size, void *ptr)
 {
    if (chunks_top >= MAX_CHUNKS) {
@@ -110,6 +132,12 @@ static void add_chunk(size_t size, void *ptr)
    	return;
    }
+	if (get_chunk(ptr))
+		tst_warn("Duplicate chunk addres added %p\n", ptr);
+
+	if (verbose > 1)
+		fprintf(stderr, " (adding chunk %p %6zu %i)\n", ptr, size, chunks_top);
+
    /* Store chunk */
    chunks[chunks_top].size = size;
    chunks[chunks_top].ptr = ptr;
@@ -133,6 +161,9 @@ static void rem_chunk(void *ptr)
 {
    unsigned int i;
+	if (verbose > 1)
+		fprintf(stderr, " (removing chunk %p)\n", ptr);
+
    for (i = 0; i < chunks_top; i++) {
    	if (chunks[i].ptr == ptr) {
    		/* Update global stats */
@@ -149,21 +180,35 @@ static void rem_chunk(void *ptr)
    tst_warn("Chunk passed to free not found (%p)", ptr);
 }
-static struct chunk *get_chunk(void *ptr)
+void tst_malloc_check_stop(void)
 {
+	/*
+	 * We cannot stop the tracing when canaries are on
+	 * because we need the chunk table to keep track
+	 * which allocations are with canary and their
+	 * sizes for free and realloc.
+	 */
+	if (malloc_canary != MALLOC_CANARY_OFF) {
+		tst_warn("Cannot turn malloc checks off when canaries are on");
+		return;
+	}
+
+	check_malloc = 0;
+
    unsigned int i;
-	for (i = 0; i < chunks_top; i++) {
-		if (chunks[i].ptr == ptr)
-			return &chunks[i];
+	if (verbose) {
+		for (i = 0; i < chunks_top; i++) {
+			fprintf(stderr, "LOST CHUNK: %p %6zu\n",
+			        chunks[i].ptr, chunks[i].size);
+		}
    }
-
-	return NULL;
 }
+static void *(*real_malloc)(size_t) = NULL;
+
 void *malloc(size_t size)
 {
-	static void *(*real_malloc)(size_t) = NULL;
    void *ptr;
if (!real_malloc)
@@ -179,13 +224,40 @@ void *malloc(size_t size)
    case MALLOC_CANARY_END:
    	ptr = tst_malloc_canary_right(size);
    break;
-	/* Shut up gcc */
    default:
    	return NULL;
    }
-	if (check_malloc && ptr)
+	if (check_malloc && ptr) {
+		if (verbose)
+			fprintf(stderr, "MALLOC %p\n", ptr);
+		if (verbose > 1)
+			print_c_trace();
    	add_chunk(size, ptr);
+	}
+
+	return ptr;
+}
+
+void *calloc(size_t nmemb, size_t size)
+{
+	static int been_here = 0;
+	void *ptr;
+
+	/*
+	 * Fail calloc() before dlsym(RTLD_NEXT, "calloc") returns.
+	 *
+	 * The glibc seems to work with this failure just fine.
+	 */
+	if (!real_malloc && been_here)
+		return NULL;
+
+	been_here = 1;
+
+	ptr = malloc(nmemb * size);
+
+	if (ptr)
+		memset(ptr, 0, nmemb * size);
return ptr;
 }
@@ -221,6 +293,9 @@ void free(void *ptr)
    break;
    }
+	if (verbose)
+		fprintf(stderr, "FREE %p\n", ptr);
+
    rem_chunk(ptr);
 }
@@ -229,8 +304,8 @@ void free(void *ptr)
 void *realloc(void *optr, size_t size)
 {
    static void *(*real_realloc)(void*, size_t) = NULL;
-	struct chunk *chunk;
    void *ptr;
+	struct chunk *chunk;
if (!real_realloc)
    	real_realloc = dlsym(RTLD_NEXT, "realloc");
@@ -238,44 +313,31 @@ void *realloc(void *optr, size_t size)
    if (!optr)
    	return malloc(size);
-	switch (malloc_canary) {
-	case MALLOC_CANARY_OFF:
-		ptr = real_realloc(optr, size);
-	break;
-	case MALLOC_CANARY_BEGIN:
-	case MALLOC_CANARY_END:
-		chunk = get_chunk(optr);
-
-		if (!chunk) {
-			tst_warn("%p allocated before checking was turned on, "
-			         "using using real_realloc()", optr);
-
-			ptr = real_realloc(optr, size);
+	chunk = get_chunk(optr);
-			goto out;
-		}
+	if (!chunk) {
+		/*
+		 * We don't know old size -> have to use real_realloc()
+		 */
+		ptr = real_realloc(optr, size);
-		ptr = malloc(size);
+		/*
+		 * realloc() may call malloc(), add the chunk only if it
+		 * haven't been added previously.
+		 */
+		if (ptr && !get_chunk(ptr))
+			add_chunk(size, ptr);
-		if (ptr) {
-			memcpy(ptr, optr, min(chunk->size, size));
-			free(optr);
-		}
-	break;
-	/* Shut up gcc */
-	default:
-		return NULL;
+		return ptr;
    }
-out:
+	ptr = malloc(size);
+
    if (!ptr)
    	return NULL;
-	if (check_malloc) {
-		if (optr)
-			rem_chunk(optr);
-		add_chunk(size, ptr);
-	}
+	memcpy(ptr, optr, min(chunk->size, size));
+	free(optr);
return ptr;
 }
-----------------------------------------------------------------------
Summary of changes:
 Makefile                                           |  10 ++
 app.mk                                             |   4 +-
 build/Makefile                                     |   2 +-
 demos/bogoman/Makefile                             |   2 +-
 demos/c_simple/Makefile                            |   2 +-
 demos/c_simple/shapetest.c                         |  33 ++--
 demos/grinder/Makefile                             |   2 +-
 demos/particle/Makefile                            |   2 +-
 demos/spiv/Makefile                                |   2 +-
 demos/ttf2img/Makefile                             |   2 +-
 include/core/GP_TempAlloc.h                        |  11 ++
 lib.mk                                             |   2 +-
 libs/core/GP_Context.c                             |  25 ++-
 libs/loaders/GP_BMP.c                              |  52 ++++--
 libs/loaders/GP_BMP_RLE.h                          |  33 ++--
 tests/afl/.gitignore                               |   1 +
 tests/afl/Makefile                                 |  17 ++
 .../bmp/bitmaps/valid => afl/data}/1bpp-1x1.bmp    | Bin
 tests/afl/data/1bpp-320x1-overlappingcolor.bmp     | Bin 0 -> 102 bytes
 tests/afl/data/1bpp-335x.bmp                       | Bin 0 -> 150 bytes
 tests/afl/data/1bpp-topdown-320x2.bmp              | Bin 0 -> 142 bytes
 .../bmp/bitmaps/valid => afl/data}/24bpp-1x1.bmp   | Bin
 tests/afl/data/24bpp-323x2.bmp                     | Bin 0 -> 1998 bytes
 tests/afl/data/24bpp-topdown-32x24.bmp             | Bin 0 -> 2358 bytes
 .../questionable => afl/data}/32bpp-0x240.bmp      | Bin
 tests/afl/data/32bpp-101110-32x24.bmp              | Bin 0 -> 3138 bytes
 .../bmp/bitmaps/valid => afl/data}/32bpp-1x1.bmp   | Bin
 .../questionable => afl/data}/32bpp-320x0.bmp      | Bin
 tests/afl/data/32bpp-888-optimalpalette-32x24.bmp  | Bin 0 -> 3162 bytes
 .../bmp/bitmaps/valid => afl/data}/4bpp-1x1.bmp    | Bin
 tests/afl/data/4bpp-326x2.bmp                      | Bin 0 -> 406 bytes
 tests/afl/data/4bpp-pixeldata-cropped.bmp          | Bin 0 -> 261 bytes
 .../bmp/bitmaps/valid => afl/data}/555-1x1.bmp     | Bin
 tests/afl/data/555-pixeldata-cropped.bmp           | Bin 0 -> 789 bytes
 tests/afl/data/565-320x2-topdown.bmp               | Bin 0 -> 1346 bytes
 .../bmp/bitmaps/valid => afl/data}/8bpp-1x1.bmp    | Bin
 tests/afl/data/8bpp-320x2.bmp                      | Bin 0 -> 718 bytes
 tests/afl/data/8bpp-colorsused-negative.bmp        | Bin 0 -> 846 bytes
 tests/afl/data/8bpp-pixels-not-in-palette.bmp      | Bin 0 -> 398 bytes
 tests/afl/data/bitdepth-odd.bmp                    | Bin 0 -> 846 bytes
 tests/afl/data/bitdepth-zero.bmp                   | Bin 0 -> 158 bytes
 tests/afl/data/colormasks-missing.bmp              | Bin 0 -> 54 bytes
 tests/afl/data/compression-unknown.bmp             | Bin 0 -> 158 bytes
 .../bmp/bitmaps/corrupt => afl/data}/emptyfile.bmp |   0
 tests/afl/data/infoheader-cropped.bmp              | Bin 0 -> 53 bytes
 tests/afl/data/infoheadersize-large.bmp            | Bin 0 -> 158 bytes
 tests/afl/data/infoheadersize-small.bmp            | Bin 0 -> 142 bytes
 tests/afl/data/magicnumber-bad.bmp                 | Bin 0 -> 158 bytes
 tests/afl/data/offbits-negative.bmp                | Bin 0 -> 158 bytes
 tests/afl/data/planes-zero.bmp                     | Bin 0 -> 158 bytes
 tests/afl/data/rle4-encoded-320x2.bmp              | Bin 0 -> 96 bytes
 .../bitmaps/valid => afl/data}/rle8-64000x1.bmp    | Bin
 tests/afl/data/rle8-absolute-320x2.bmp             | Bin 0 -> 736 bytes
 tests/afl/data/rle8-absolute-cropped.bmp           | Bin 0 -> 543 bytes
 .../data/rle8-blank-160x1.bmp}                     | Bin 1080 -> 1080 bytes
 .../data/rle8-delta-320x2.bmp}                     | Bin 1080 -> 1100 bytes
 .../data/rle8-delta-cropped.bmp}                   | Bin 1080 -> 1229 bytes
 tests/afl/data/rle8-deltaleavesimage.bmp           | Bin 0 -> 428 bytes
 tests/afl/data/rle8-encoded-320x2.bmp              | Bin 0 -> 96 bytes
 tests/afl/data/rle8-no-end-of-bitmap-marker.bmp    | Bin 0 -> 422 bytes
 tests/afl/data/rle8-no-end-of-line-marker.bmp      | Bin 0 -> 376 bytes
 tests/afl/data/rle8-runlength-cropped.bmp          | Bin 0 -> 251 bytes
 .../data}/ver3_0_palette_1bpp_10x10_white.pcx      | Bin
 .../data}/ver3_0_palette_24bpp_10x10_white.pcx     | Bin
 .../data}/ver3_0_palette_2bpp_10x10_white.pcx      | Bin
 .../data}/ver3_0_palette_4bpp_10x10_white.pcx      | Bin
 .../data}/ver3_0_palette_8bpp_10x10_white.pcx      | Bin
 tests/afl/data/width-times-height-overflow.bmp     | Bin 0 -> 1602 bytes
 .../loaders_example.c => tests/afl/loaders.c       |  18 +--
 tests/afl/run_afl.sh                               |  16 ++
 tests/framework/tst_preload.c                      | 180 +++++++++++++++------
 71 files changed, 295 insertions(+), 121 deletions(-)
 create mode 100644 tests/afl/.gitignore
 create mode 100644 tests/afl/Makefile
 copy tests/{loaders/data/bmp/bitmaps/valid => afl/data}/1bpp-1x1.bmp (100%)
 create mode 100644 tests/afl/data/1bpp-320x1-overlappingcolor.bmp
 create mode 100644 tests/afl/data/1bpp-335x.bmp
 create mode 100644 tests/afl/data/1bpp-topdown-320x2.bmp
 copy tests/{loaders/data/bmp/bitmaps/valid => afl/data}/24bpp-1x1.bmp (100%)
 create mode 100644 tests/afl/data/24bpp-323x2.bmp
 create mode 100644 tests/afl/data/24bpp-topdown-32x24.bmp
 copy tests/{loaders/data/bmp/bitmaps/questionable => afl/data}/32bpp-0x240.bmp (100%)
 create mode 100644 tests/afl/data/32bpp-101110-32x24.bmp
 copy tests/{loaders/data/bmp/bitmaps/valid => afl/data}/32bpp-1x1.bmp (100%)
 copy tests/{loaders/data/bmp/bitmaps/questionable => afl/data}/32bpp-320x0.bmp (100%)
 create mode 100644 tests/afl/data/32bpp-888-optimalpalette-32x24.bmp
 copy tests/{loaders/data/bmp/bitmaps/valid => afl/data}/4bpp-1x1.bmp (100%)
 create mode 100644 tests/afl/data/4bpp-326x2.bmp
 create mode 100644 tests/afl/data/4bpp-pixeldata-cropped.bmp
 copy tests/{loaders/data/bmp/bitmaps/valid => afl/data}/555-1x1.bmp (100%)
 create mode 100644 tests/afl/data/555-pixeldata-cropped.bmp
 create mode 100644 tests/afl/data/565-320x2-topdown.bmp
 copy tests/{loaders/data/bmp/bitmaps/valid => afl/data}/8bpp-1x1.bmp (100%)
 create mode 100644 tests/afl/data/8bpp-320x2.bmp
 create mode 100644 tests/afl/data/8bpp-colorsused-negative.bmp
 create mode 100644 tests/afl/data/8bpp-pixels-not-in-palette.bmp
 create mode 100644 tests/afl/data/bitdepth-odd.bmp
 create mode 100644 tests/afl/data/bitdepth-zero.bmp
 create mode 100644 tests/afl/data/colormasks-missing.bmp
 create mode 100644 tests/afl/data/compression-unknown.bmp
 copy tests/{loaders/data/bmp/bitmaps/corrupt => afl/data}/emptyfile.bmp (100%)
 create mode 100644 tests/afl/data/infoheader-cropped.bmp
 create mode 100644 tests/afl/data/infoheadersize-large.bmp
 create mode 100644 tests/afl/data/infoheadersize-small.bmp
 create mode 100644 tests/afl/data/magicnumber-bad.bmp
 create mode 100644 tests/afl/data/offbits-negative.bmp
 create mode 100644 tests/afl/data/planes-zero.bmp
 create mode 100644 tests/afl/data/rle4-encoded-320x2.bmp
 copy tests/{loaders/data/bmp/bitmaps/valid => afl/data}/rle8-64000x1.bmp (100%)
 create mode 100644 tests/afl/data/rle8-absolute-320x2.bmp
 create mode 100644 tests/afl/data/rle8-absolute-cropped.bmp
 copy tests/{loaders/data/bmp/bitmaps/valid/rle8-blank-160x120.bmp => afl/data/rle8-blank-160x1.bmp} (88%)
 copy tests/{loaders/data/bmp/bitmaps/valid/rle8-blank-160x120.bmp => afl/data/rle8-delta-320x2.bmp} (87%)
 copy tests/{loaders/data/bmp/bitmaps/valid/rle8-blank-160x120.bmp => afl/data/rle8-delta-cropped.bmp} (78%)
 create mode 100644 tests/afl/data/rle8-deltaleavesimage.bmp
 create mode 100644 tests/afl/data/rle8-encoded-320x2.bmp
 create mode 100644 tests/afl/data/rle8-no-end-of-bitmap-marker.bmp
 create mode 100644 tests/afl/data/rle8-no-end-of-line-marker.bmp
 create mode 100644 tests/afl/data/rle8-runlength-cropped.bmp
 copy tests/{loaders/data/pcx/valid => afl/data}/ver3_0_palette_1bpp_10x10_white.pcx (100%)
 copy tests/{loaders/data/pcx/valid => afl/data}/ver3_0_palette_24bpp_10x10_white.pcx (100%)
 copy tests/{loaders/data/pcx/valid => afl/data}/ver3_0_palette_2bpp_10x10_white.pcx (100%)
 copy tests/{loaders/data/pcx/valid => afl/data}/ver3_0_palette_4bpp_10x10_white.pcx (100%)
 copy tests/{loaders/data/pcx/valid => afl/data}/ver3_0_palette_8bpp_10x10_white.pcx (100%)
 create mode 100644 tests/afl/data/width-times-height-overflow.bmp
 copy demos/c_simple/loaders_example.c => tests/afl/loaders.c (82%)
 create mode 100755 tests/afl/run_afl.sh
repo.or.cz automatic notification. Contact project admin jiri.bluebear.dluhos@gmail.com
if you want to unsubscribe, or site admin admin@repo.or.cz if you receive
no reply.
-- 
gfxprim.git ("A simple 2D graphics library with emphasis on correctness and well-defined operation.")

    