Comment 16 for bug 1043513

Some more diags;

(gdb) p *pbox
$2 = {x1 = -958, y1 = -716, x2 = -236, y2 = -282}

I'm not sure what the space these values are working is supposed to be; if they're supposed to be -ve then they're in a sensible
range as far as I can tell - but are they supposed to be -ve?

(gdb) p pPriv->pScrn->virtualX
$7 = 1024
(gdb) p pPriv->pScrn->virtualY
$8 = 768

OK - seems right

(gdb) p src
$33 = (unsigned char *) 0x7f0a78505cd6 ""

7f0a784e0000-7f0a78506000 r-xp 00000000 fd:01 660179 /lib/x86_64-linux-gnu/libexpat.so.1.6.0
7f0a78506000-7f0a78706000 ---p 00026000 fd:01 660179 /lib/x86_64-linux-gnu/libexpat.so.1.6.0

(gdb) p/x width
$37 = 0x876
(gdb) p/x src+width
$38 = 0x7f0a7850654c

Well that's why it's crashed - the src pointer is in the middle of expat and ends up running into the unreadable bit

(gdb) p dst
$34 = (unsigned char *) 0x7f0a770c8cc6 ""
Map entry: 7f0a76feb000-7f0a772cc000 rw-p 00000000 00:00 0

(gdb) p/x pCir->ShadowPtr
$30 = 0x7f0a78709010
(gdb) p/x pCir->FbBase
$31 = 0x7f0a772cc000
(gdb) p pCir->ShadowPtr-src
$24 = 2110266
(gdb) p pCir->FbBase-dst
$25 = 2110266
(gdb) p FBPitch
$26 = 3072

2110266/3072
686.9355468750

(P.S. as per previous instructions, try working through the 4 workspaces both clockwise and anti-clockwise)