From 1b5b06c36f1714d9bb88fb17402fb117c5eba594 Mon Sep 17 00:00:00 2001 From: bendn Date: Fri, 22 Sep 2023 16:50:08 +0700 Subject: [PATCH] make drawing functions safe --- Cargo.toml | 2 +- src/drawing/box.rs | 54 +++++++++++++++++----------------------------- src/drawing/tri.rs | 17 ++++++--------- 3 files changed, 28 insertions(+), 45 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 245304f..c2a25cb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "fimg" -version = "0.4.2" +version = "0.4.3" authors = ["bend-n "] license = "MIT" edition = "2021" diff --git a/src/drawing/box.rs b/src/drawing/box.rs index 15f183f..dd46efc 100644 --- a/src/drawing/box.rs +++ b/src/drawing/box.rs @@ -1,65 +1,51 @@ //! `Box` +use std::ops::Range; + use crate::Image; impl Image<&mut [u8], CHANNELS> { /// Draw a bordered box - /// - /// # Safety - /// - /// UB if the box is out of bounds /// ``` /// # use fimg::Image; /// let mut b = Image::alloc(10, 9); - /// unsafe { b.as_mut().r#box((1, 1), 7, 6, [255]) }; + /// b.as_mut().r#box((1, 1), 7, 6, [255]); /// # assert_eq!(b.buffer(), b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\xff\x00\x00\x00\x00\x00\x00\xff\x00\x00\xff\x00\x00\x00\x00\x00\x00\xff\x00\x00\xff\x00\x00\x00\x00\x00\x00\xff\x00\x00\xff\x00\x00\x00\x00\x00\x00\xff\x00\x00\xff\x00\x00\x00\x00\x00\x00\xff\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") /// ``` - pub unsafe fn r#box( - &mut self, - (x1, y1): (u32, u32), - width: u32, - height: u32, - c: [u8; CHANNELS], - ) { + pub fn r#box(&mut self, (x1, y1): (u32, u32), width: u32, height: u32, c: [u8; CHANNELS]) { // skip sides, leave that to second loop - for x in x1 + 1..width + x1 { + for x in clamp(x1 + 1..width + x1, 0..self.width()) { // top line - // SAFETY: responsibility is on caller + // SAFETY: clamped to bounds unsafe { self.set_pixel(x, x1, c) }; - // bottom line - // SAFETY: shift responsibility + // SAFETY: clamped to bounds unsafe { self.set_pixel(x, x1 + height, c) }; } - for y in y1..=height + y1 { - // SAFETY: >> responsibility + for y in clamp(y1..height + y1 + 1, 0..self.height()) { + // SAFETY: clamped to bounds unsafe { self.set_pixel(y1, y, c) }; - // SAFETY: << responsibility + // SAFETY: clamped to bounds unsafe { self.set_pixel(y1 + width, y, c) }; } } /// Draw a *filled* box. - /// - /// # Safety - /// - /// UB if box is out of bounds /// ``` /// # use fimg::Image; /// let mut b = Image::alloc(10, 9); - /// unsafe { b.as_mut().filled_box((1, 1), 7, 6, [255]) }; + /// b.as_mut().filled_box((1, 1), 7, 6, [255]); /// # assert_eq!(b.buffer(), b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") /// ``` - pub unsafe fn filled_box( - &mut self, - (x1, y1): (u32, u32), - width: u32, - height: u32, - c: [u8; CHANNELS], - ) { - for x in x1..=width + x1 { - for y in y1..=height + y1 { - // SAFETY: fill it + pub fn filled_box(&mut self, (x1, y1): (u32, u32), width: u32, height: u32, c: [u8; CHANNELS]) { + for x in clamp(x1..1 + width + x1, 0..self.width()) { + for y in clamp(y1..1 + height + y1, 0..self.height()) { + // SAFETY: clamped to bounds unsafe { self.set_pixel(x, y, c) }; } } } } + +/// clamp a range with another range +fn clamp(r: Range, within: Range) -> Range { + r.start.clamp(within.start, within.end)..r.end.clamp(within.start, within.end) +} diff --git a/src/drawing/tri.rs b/src/drawing/tri.rs index 3cc390b..c7256c5 100644 --- a/src/drawing/tri.rs +++ b/src/drawing/tri.rs @@ -3,19 +3,15 @@ use crate::Image; impl Image<&mut [u8], CHANNELS> { /// Draw a (filled) triangle - /// - /// # Safety - /// - /// UB if any point is out of bounds /// ``` /// # use fimg::*; /// let mut a = Image::alloc(10, 10); /// // draw a triangle from point a v point b v point c v /// // with color white - /// unsafe { a.as_mut().tri((3.0, 2.0), (8.0, 7.0), (1.0, 8.0), [255]) }; + /// a.as_mut().tri((3.0, 2.0), (8.0, 7.0), (1.0, 8.0), [255]); /// # assert_eq!(a.buffer(), b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"); /// ``` - pub unsafe fn tri( + pub fn tri( &mut self, (x1, y1): (f32, f32), (x2, y2): (f32, f32), @@ -33,10 +29,11 @@ impl Image<&mut [u8], CHANNELS> { } let d = (x3 - x2) * (y as f32 - y2) - (y3 - y2) * (x as f32 - x2); - if d == 0.0 || (d < 0.0) == (s + t <= 0.0) { - // SAFETY: - // caller gurantees triangle is in bounds, this loops over the - // bounding box of the triangle, therefore this is fine. + if (d == 0.0 || (d < 0.0) == (s + t <= 0.0)) + && x < self.width() + && y < self.height() + { + // SAFETY: we just checked the bounds unsafe { self.set_pixel(x, y, c) }; } }