Unix: Memory corruption using the 'show' command on 24-bit displays
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
HF-Lab |
Fix Released
|
High
|
Matt Giuca |
Bug Description
In the Unix/X version, the 'show' command exhibits the following symptoms on 24-bit displays:
- Crash if 'show' is used multiple times or 'show 4' is used.
- Top three quarters of the image corrupted after using 'show' (e.g., if 3D-viewing or saving the image).
x_iface allocates 3*w*h bytes for the image, while XCreateImage creates a 32-bit image, expecting 4*w*h bytes. Therefore, writing to the image corrupts a large chunk of memory.
This is complicated by the fact that Xlib gives no real way to calculate the amount of memory XCreateImage will take up, yet expects you to pass a pre-allocated buffer to XCreateImage. Fortunately, there is a hidden function _XGetBitsPerPixel which does this job (found by reading the source code to Xlib ... yay). Just call that. If they didn't want us calling their private functions, they shouldn't expect impossible calculations.
Fixed in trunk r69.