#47 Fix out-of-bounds access in Filter

[Jeff Epler]

Run the following short program under valgrind. Valgrind will diagnose several out-of-bounds memory accesses. This same issue has led to observed intermittent crashes in a real application.

#include <IL/il.h>
#include <IL/ilu.h>

ILubyte data[32*32*4];

int main(void) {
ILuint imgId;
ilInit();
iluInit();
ilGenImages(1, &imgId);
ilBindImage(imgId);
ilTexImage(32, 32, 1, 4, IL_RGBA, IL_UNSIGNED_BYTE, data);
iluBlurGaussian(1);
return 0;
}

Valgrind gives the following information about the accesses:
==00:00:05:23.024 12350== Invalid read of size 1
==00:00:05:23.024 12350== at 0x42E98AC: Filter (ilu_filter.c:390)
==00:00:05:23.024 12350== by 0x42E9EBC: iluBlurGaussian (ilu_filter.c:594)
==00:00:05:23.025 12350== Address 0x6a4d020 is 0 bytes after a block of size 4,096 alloc'd
==00:00:05:23.025 12350== at 0x401C9FD: malloc (vg_replace_malloc.c:207)
==00:00:05:23.025 12350== by 0x42B75EC: DefaultAllocFunc (il_alloc.c:118)
==00:00:05:23.025 12350== by 0x42B7622: ialloc (il_alloc.c:89)
==00:00:05:23.025 12350== by 0x42D9A14: ilInitImage (il_devil.c:49)
==00:00:05:23.025 12350== by 0x42D9B37: ilTexImage_ (il_devil.c:166)
==00:00:05:23.025 12350== by 0x42D9BC3: ilTexImage (il_devil.c:129)

The problem seems to be the 'rightmost row of pixels' case in Filter, which appears to be the same as the 'leftmost row'. I have taken a stab at correcting the problem by using pixels to the left of the filtered pixel instead of to the right. See the attached patch.

(the patch is relative to devil 1.7.7 but the code seems unchanged in the current svn trunk)

[Jeff Epler]

fix out-of-bounds access within Filter()