Fix undefined behavior when computing cursor end pointer

KuleRucket · Jun 6, 2024 · ec285b2 · ec285b2
1 parent be8fa26
commit ec285b2
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/src/platform/linux/kmsgrab.cpp b/src/platform/linux/kmsgrab.cpp
@@ -1240,8 +1240,13 @@ namespace platf {
         auto delta_width = std::min<uint32_t>(captured_cursor.src_w, std::max<int32_t>(0, screen_width - cursor_x)) - cursor_delta_x;
         for (auto y = 0; y < delta_height; ++y) {
           // Offset into the cursor image to skip drawing the parts of the cursor image that are off screen
-          auto cursor_begin = (uint32_t *) &captured_cursor.pixels[((y + cursor_delta_y) * captured_cursor.src_w + cursor_delta_x) * 4];
-          auto cursor_end = (uint32_t *) &captured_cursor.pixels[((y + cursor_delta_y) * captured_cursor.src_w + delta_width + cursor_delta_x) * 4];
+          //
+          // NB: We must access the elements via the data() function because cursor_end may point to the
+          // the first element beyond the valid range of the vector. Using vector's [] operator in that
+          // manner is undefined behavior (and triggers errors when using debug libc++), while doing the
+          // same with an array is fine.
+          auto cursor_begin = (uint32_t *) &captured_cursor.pixels.data()[((y + cursor_delta_y) * captured_cursor.src_w + cursor_delta_x) * 4];
+          auto cursor_end = (uint32_t *) &captured_cursor.pixels.data()[((y + cursor_delta_y) * captured_cursor.src_w + delta_width + cursor_delta_x) * 4];
 
           auto pixels_begin = &pixels[(y + cursor_y) * (img.row_pitch / img.pixel_pitch) + cursor_x];