On 04/02/2016 08:37 PM, Yuriy M. Kaminskiy wrote: > Run `valgrind imlib2_test`, move mouse to right lower corner, got > ==16086== Invalid read of size 1 > ==16086== at 0x4E79C4E: __imlib_MergeUpdate (in > /usr/lib/x86_64-linux-gnu/libImlib2.so.1.4.6) > ==16086== by 0x401773: main (in /usr/bin/imlib2_test) > ==16086== Address 0x9d20360 is 0 bytes after a block of size 1,200 > alloc'd > ==16086== at 0x4C28C20: malloc (vg_replace_malloc.c:296) > ==16086== by 0x4E798E3: __imlib_MergeUpdate (in > /usr/lib/x86_64-linux-gnu/libImlib2.so.1.4.6) > ==16086== by 0x401773: main (in /usr/bin/imlib2_test) > > It is at src/lib/updates.c: > |113| for (xx = x + 1, ww = 1; > | > >|114| (T(xx, y).used & T_USED) && (xx < tw); > xx++,| > |115| for (yy = y + 1, hh = 1, ok = 1; > | > > xx is 20 and tw is 20, so T(xx, y) addresses one byte out of buffer. > > Two *alternative* patches attached (apply only *one* of them). > TODO: I have not tried to search for similar pattern over codebase (yet). > > Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818 > > First patch (reversed condition) looks good to me - committed.
Thanks :) /Kim ------------------------------------------------------------------------------ _______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
