[Dri-devel] Uninitialized variable 'size' used in r200TryReadPixels()

[Mike A. Harris]

In XFree86 4.3.0, and also in current X.org X11, in the file:

        xc/lib/GL/mesa/src/drv/r200/r200_pixel.c

inside the function r200TryReadPixels(), the variable "size" is 
declared as:

static GLboolean
r200TryReadPixels( GLcontext *ctx,
                  GLint x, GLint y, GLsizei width, GLsizei height,
                  GLenum format, GLenum type,
                  const struct gl_pixelstore_attrib *pack,
                  GLvoid *pixels )
{
   r200ContextPtr rmesa = R200_CONTEXT(ctx);
   GLint size;
   GLint pitch = pack->RowLength ? pack->RowLength : width;
   GLint blit_format;


Later in the same function, the variable is passed uninitialized 
to the function check_color():

   if (!check_color(ctx, type, format, pack, pixels, size, pitch))
      return GL_FALSE;


I'm not aware of any actual bug being triggered by this, but the 
code is obviously incorrect.  Later in the file, the function
r200TryDrawPixels() calls check_color also, passing it's own 
local variable "size", however size is declared in that function 
as:

static GLboolean
r200TryDrawPixels( GLcontext *ctx,
                  GLint x, GLint y, GLsizei width, GLsizei height,
                  GLenum format, GLenum type,
                  const struct gl_pixelstore_attrib *unpack,
                  const GLvoid *pixels )
{
   r200ContextPtr rmesa = R200_CONTEXT(ctx);
   GLint pitch = unpack->RowLength ? unpack->RowLength : width;
   GLuint dest, planemask;
   GLuint cpp = rmesa->r200Screen->cpp;
   GLint size = width * pitch * cpp;



I'm unfamiliar with this particular code, however it seems that 
the same calculation being done in r200TryDrawPixels() would be 
valid for r200TryReadPixels().

Does the patch I've attached look correct?


-- 
Mike A. Harris       ftp://people.redhat.com/mharris
OS Systems Engineer - X.org X11 maintainer - Red Hat
--- xc/lib/GL/mesa/src/drv/r200/r200_pixel.c.r200-uninitialized-variable-used   
2004-03-26 03:49:15.000000000 -0500
+++ xc/lib/GL/mesa/src/drv/r200/r200_pixel.c    2004-03-26 04:06:07.000000000 -0500
@@ -155,9 +155,10 @@
                  GLvoid *pixels )
 {
    r200ContextPtr rmesa = R200_CONTEXT(ctx);
-   GLint size;
    GLint pitch = pack->RowLength ? pack->RowLength : width;
    GLint blit_format;
+   GLuint cpp = rmesa->r200Screen->cpp;
+   GLint size = width * pitch * cpp;
 
    if (R200_DEBUG & DEBUG_PIXEL)
       fprintf(stderr, "%s\n", __FUNCTION__);