Add random transform stress test to reproduce tvgSwRasterTexmap::_apply() dst overflow #3878
Conversation
Introduces a new example that applies randomized affine transforms (translate, scale, rotate, shear) to an image each frame to stress test rendering edge cases and expose potential issues in texture mapping. Includes a known crash-inducing matrix for targeted reproduction and debugging. Signed-off-by: wangsimiao1 <wangsimiao1@xiaomi.com>
There was a problem hiding this comment.
Pull Request Overview
This PR adds a stress test to reproduce a buffer overflow issue in the ThorVG software rasterizer's texture mapping functionality. The test demonstrates how specific affine transformation matrices can cause the dst pointer to overflow in the _apply() method.
- Adds a new CrashDemo.cpp example that applies random transformations to expose edge cases
- Includes a hardcoded crash case matrix that reliably triggers the buffer overflow
- Integrates the new example into the meson build system
Reviewed Changes
Copilot reviewed 2 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| examples/meson.build | Adds CrashDemo.cpp to the build configuration |
| examples/CrashDemo.cpp | New stress test that applies random transformations and includes a specific crash case |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| m00 = 0.572866f; | ||
| m01 = -4.431353f; | ||
| m02 = 336.605835f; | ||
| m10 = 5.198910f; | ||
| m11 = -0.386219f; | ||
| m12 = 30.710693f; |
There was a problem hiding this comment.
The hardcoded crash case matrix overrides the randomly generated matrix values, making the random generation code (lines 31-45) effectively dead code. Consider adding a flag or parameter to toggle between random and crash case matrices, or separate these into different test modes.
Copilot uses AI. Check for mistakes.
| // translate/rotate/scale/shear | ||
| float tx = frand(-(float)cw * 1.5f, (float)cw * 1.5f); | ||
| float ty = frand(-(float)ch * 1.5f, (float)ch * 1.5f); | ||
| float angle = frand(0.0f, 360.0f) * 3.1415926535f / 180.0f; |
There was a problem hiding this comment.
The magic number 3.1415926535f should be replaced with a named constant like M_PI or std::numbers::pi for better maintainability.
Copilot uses AI. Check for mistakes.
|
@WangSimiao2000 Thanks for your contribution, It would be nicer if you send a patch to |
This PR adds a minimal reproducible example that triggers a
dstbuffer overflow insidesrc/renderer/sw_engine/tvgSwRasterTexmap.h::_apply()under certain transformation matrices.The test continuously applies random transformations (translate, scale, rotate, shear)
to a picture each frame, which helps to expose corner cases in texture mapping and matrix-based rasterization.
When using specific affine transform matrices with large shear and rotation factors,
the
dstpointer will overflow in_apply().Example crash matrix: