From c95cd613f1cfab52babd2adee833c0a07474250a Mon Sep 17 00:00:00 2001 From: CodesInChaos Date: Sun, 19 Mar 2023 13:05:31 +0100 Subject: [PATCH] Safety critical bounds checking is off-by-one in sgrproj_box_ab_internal --- src/lrf.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lrf.rs b/src/lrf.rs index 746e411c5f..2d526bb969 100644 --- a/src/lrf.rs +++ b/src/lrf.rs @@ -182,10 +182,10 @@ pub(crate) mod rust { let n: usize = d * d; let one_over_n = if r == 1 { 455 } else { 164 }; - assert!(iimg.len() > (y + d) * iimg_stride + stripe_w + d); - assert!(iimg_sq.len() > (y + d) * iimg_stride + stripe_w + d); - assert!(af.len() > stripe_w); - assert!(bf.len() > stripe_w); + assert!(iimg.len() > (y + d) * iimg_stride + stripe_w + 1 + d); + assert!(iimg_sq.len() > (y + d) * iimg_stride + stripe_w + 1 + d); + assert!(af.len() > stripe_w + 1); + assert!(bf.len() > stripe_w + 1); for x in start_x..stripe_w + 2 { // SAFETY: We perform the bounds checks above, once for the whole loop