[tests] Fix BitmapContextTest.CreateAdaptive_3/_4 crash due to undersized buffer (#24920)

rolfbjarne · Copilot · web-flow · commit 4077c4b708f2 · 2026-03-18T17:34:09.000Z
CreateAdaptive_3 and CreateAdaptive_4 used a hardcoded 512-byte buffer for
a 256x256 adaptive bitmap context. When ToImage() called
CGBitmapContextCreateImage, CoreGraphics tried to copy the bitmap data from
this tiny buffer, reading past the allocation and causing a SIGSEGV.

Fix CreateAdaptive_3 by computing the buffer size from
parameters.AlignedBytesPerRow * parameters.Height (matching CreateAdaptive_2).

Fix CreateAdaptive_4 by using a 1MB buffer, large enough for any 256x256
adaptive bitmap format.

---------

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/tests/monotouch-test/CoreGraphics/BitmapContextTest.cs b/tests/monotouch-test/CoreGraphics/BitmapContextTest.cs
@@ -205,7 +205,6 @@ public void CreateAdaptive_3 ()
 			var calledOnLockPointer = false;
 			var calledOnUnlockPointer = false;
 			var calledOnReleaseInfo = false;
-			const int renderingBufferProviderSize = 512;
 
 			var calledOnResolve = false;
 			var calledOnAllocate = false;
@@ -225,10 +224,11 @@ public void CreateAdaptive_3 ()
 					(ref CGContentInfo info, ref CGBitmapParameters parameters) => {
 						// TestRuntime.NSLog ($"CreateAdaptive () OnAllocate#3 info={info} parameters={parameters}");
 						calledOnAllocate = true;
+						var renderingBufferProviderSize = checked(parameters.AlignedBytesPerRow * parameters.Height);
 						var renderingBufferProvider = CGRenderingBufferProvider.Create (IntPtr.Zero, renderingBufferProviderSize,
 							lockPointer: (info) => {
 								calledOnLockPointer = true;
-								var rv = Marshal.AllocHGlobal (renderingBufferProviderSize);
+								var rv = Marshal.AllocHGlobal (checked((nint) renderingBufferProviderSize));
 								// TestRuntime.NSLog ($"CreateAdaptive3 () OnLockPointer#3 (0x{info:x}) => 0x{rv:x}");
 								return rv;
 							},
@@ -280,69 +280,70 @@ public void CreateAdaptive_4 ()
 			var calledOnLockPointer = false;
 			var calledOnUnlockPointer = false;
 			var calledOnReleaseInfo = false;
-			const int renderingBufferProviderSize = 512;
+			CGRenderingBufferProvider? externalBufferProvider = null;
 
 			using (var pool = new NSAutoreleasePool ()) {
-				using (var renderingBufferProvider = CGRenderingBufferProvider.Create (IntPtr.Zero, renderingBufferProviderSize,
-					lockPointer: (info) => {
-						calledOnLockPointer = true;
-						var rv = Marshal.AllocHGlobal (renderingBufferProviderSize);
-						// TestRuntime.NSLog ($"CreateAdaptive () OnLockPointer#4 (0x{info:x}) => 0x{rv:x}");
-						return rv;
+				var calledOnResolve = false;
+				var calledOnAllocate = false;
+				var calledOnFree = false;
+				var calledOnError = false;
+				var options = new CGAdaptiveOptions () {
+					MaximumBitDepth = CGComponent.Float16Bit,
+				};
+
+				using (var context = CGBitmapContext.Create (width, height, options,
+					(ref CGContentInfo info, ref CGBitmapParameters parameters) => {
+						// TestRuntime.NSLog ($"CreateAdaptive () OnResolve#4 info={info} parameters={parameters}");
+						calledOnResolve = true;
+						return true;
 					},
-					unlockPointer: (info, pointer) => {
-						// TestRuntime.NSLog ($"CreateAdaptive () OnUnlockPointer#4 (0x{info:x}, 0x{pointer:x})");
-						calledOnUnlockPointer = true;
-						Marshal.FreeHGlobal (pointer);
+					(ref CGContentInfo info, ref CGBitmapParameters parameters) => {
+						// TestRuntime.NSLog ($"CreateAdaptive () OnAllocate#4 info={info} parameters={parameters}");
+						calledOnAllocate = true;
+						var renderingBufferProviderSize = checked(parameters.AlignedBytesPerRow * parameters.Height);
+						externalBufferProvider = CGRenderingBufferProvider.Create (IntPtr.Zero, renderingBufferProviderSize,
+							lockPointer: (info) => {
+								calledOnLockPointer = true;
+								var rv = Marshal.AllocHGlobal (checked((nint) renderingBufferProviderSize));
+								// TestRuntime.NSLog ($"CreateAdaptive () OnLockPointer#4 (0x{info:x}) => 0x{rv:x}");
+								return rv;
+							},
+							unlockPointer: (info, pointer) => {
+								// TestRuntime.NSLog ($"CreateAdaptive () OnUnlockPointer#4 (0x{info:x}, 0x{pointer:x})");
+								calledOnUnlockPointer = true;
+								Marshal.FreeHGlobal (pointer);
+							},
+							releaseInfo: (info) => {
+								// TestRuntime.NSLog ($"CreateAdaptive () OnReleaseInfo#4 (0x{info:x})");
+								calledOnReleaseInfo = true;
+							}
+						);
+						return externalBufferProvider;
+					},
+					(CGRenderingBufferProvider renderingBufferProvider, ref CGContentInfo contentInfo, ref CGBitmapParameters bitmapParameters) => {
+						// TestRuntime.NSLog ($"CreateAdaptive () OnFree#4 renderingBufferProvider={renderingBufferProvider} contentInfo={contentInfo} bitmapParameters={bitmapParameters}");
+						calledOnFree = true;
 					},
-					releaseInfo: (info) => {
-						// TestRuntime.NSLog ($"CreateAdaptive () OnReleaseInfo#4 (0x{info:x})");
-						calledOnReleaseInfo = true;
-					}
-				)) {
-					Assert.That (renderingBufferProvider, Is.Not.Null, "RenderingBufferProvider");
-
-					var calledOnResolve = false;
-					var calledOnAllocate = false;
-					var calledOnFree = false;
-					var calledOnError = false;
-					var options = new CGAdaptiveOptions () {
-						MaximumBitDepth = CGComponent.Float16Bit,
-					};
-
-					using (var context = CGBitmapContext.Create (width, height, options,
-						(ref CGContentInfo info, ref CGBitmapParameters parameters) => {
-							// TestRuntime.NSLog ($"CreateAdaptive () OnResolve#4 info={info} parameters={parameters}");
-							calledOnResolve = true;
-							return true;
-						},
-						(ref CGContentInfo info, ref CGBitmapParameters parameters) => {
-							// TestRuntime.NSLog ($"CreateAdaptive () OnAllocate#4 info={info} parameters={parameters}");
-							calledOnAllocate = true;
-							return renderingBufferProvider;
-						},
-						(CGRenderingBufferProvider renderingBufferProvider, ref CGContentInfo contentInfo, ref CGBitmapParameters bitmapParameters) => {
-							// TestRuntime.NSLog ($"CreateAdaptive () OnFree#4 renderingBufferProvider={renderingBufferProvider} contentInfo={contentInfo} bitmapParameters={bitmapParameters}");
-							calledOnFree = true;
-						},
-						(NSError error, ref CGContentInfo contentInfo, ref CGBitmapParameters bitmapParameters) => {
-							// TestRuntime.NSLog ($"CreateAdaptive () OnError#4 error={error} contentInfo={contentInfo} bitmapParameters={bitmapParameters}");
-							calledOnError = true;
-						})) {
-
-						Assert.NotNull (context, "Context#4");
-
-						using var img = context.ToImage ();
-						Assert.NotNull (img, "ToImage");
-					}
-
-					Assert.That (calledOnResolve, Is.True, "calledOnResolve#4");
-					Assert.That (calledOnAllocate, Is.True, "calledOnAllocate#4");
-					Assert.That (calledOnFree, Is.True, "calledOnFree#4");
-					Assert.That (calledOnError, Is.False, "calledOnError#4");
+					(NSError error, ref CGContentInfo contentInfo, ref CGBitmapParameters bitmapParameters) => {
+						// TestRuntime.NSLog ($"CreateAdaptive () OnError#4 error={error} contentInfo={contentInfo} bitmapParameters={bitmapParameters}");
+						calledOnError = true;
+					})) {
+
+					Assert.NotNull (context, "Context#4");
+
+					using var img = context.ToImage ();
+					Assert.NotNull (img, "ToImage");
 				}
+
+				Assert.That (calledOnResolve, Is.True, "calledOnResolve#4");
+				Assert.That (calledOnAllocate, Is.True, "calledOnAllocate#4");
+				Assert.That (calledOnFree, Is.True, "calledOnFree#4");
+				Assert.That (calledOnError, Is.False, "calledOnError#4");
 			}
 
+			// Explicitly dispose the buffer provider to verify releaseInfo is called.
+			externalBufferProvider?.Dispose ();
+
 			Assert.That (calledOnLockPointer, Is.True, "calledOnLockPointer#4");
 			Assert.That (calledOnUnlockPointer, Is.True, "calledOnUnlockPointer#4");
 			Assert.That (calledOnReleaseInfo, Is.True, "calledOnReleaseInfo#4");
