clutter/stage: Make paint_to_buffer use the correct texture/buffer size

The size of the buffer the texture will be written to by
paint_to_buffer() is determined based on
meta_screen_cast_area_stream_src_get_specs() which uses roundf() to
calculate the width and height after scaling. Because the size of the
texture to be written to that buffer is calculated using ceilf(), it
might exceed the allocated buffer when using fractional scaling.

In 3.36 paint_to_buffer() is used from capture_view() which also uses
roundf() to allocate its buffer. Here this leads to a memory corruption
resulting in a crash when taking screenshots of an area.

Fixes https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2842

https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1320


(cherry picked from commit e216d9c6ad)
This commit is contained in:
Sebastian Keller 2020-06-17 13:32:54 +00:00 committed by Georges Basile Stavracas Neto
parent f25417efcf
commit 81deb99435

View File

@ -4526,8 +4526,8 @@ clutter_stage_paint_to_buffer (ClutterStage *stage,
CoglFramebuffer *framebuffer; CoglFramebuffer *framebuffer;
CoglBitmap *bitmap; CoglBitmap *bitmap;
texture_width = (int) ceilf (rect->width * scale); texture_width = (int) roundf (rect->width * scale);
texture_height = (int) ceilf (rect->height * scale); texture_height = (int) roundf (rect->height * scale);
texture = cogl_texture_2d_new_with_size (cogl_context, texture = cogl_texture_2d_new_with_size (cogl_context,
texture_width, texture_width,
texture_height); texture_height);