DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
Link: http://www.fltk.org/str.php?L2054
Version: 2.0-current
The alphabuffer handling in src/x11/Image.cxx in the --disable-xft case can
write 1 byte beyond an
allocated buffer. This happens e.g. with 16x16 pixel images and causes
crashes.
valgrind reports:
Invalid write of size 1
at 0x4893E4: argb32_converter(unsigned char const*, unsigned char*, int)
by 0x4BA415: fltk::xpmImage::fetch(fltk::Image&, char const* const*)
by 0x4BA45C: fltk::xpmImage::fetch()
by 0x488AFB: fltk::Image::fetch_if_needed() const
The error occurs, if the number of pixels is a multiple of 8.
In this case the last write to the binary mask is one byte byond the
allocated buffer.
Attached patch fixes the problem.
Link: http://www.fltk.org/str.php?L2054
Version: 2.0-current
diff -r f4f8b1cb4b0b src/x11/Image.cxx
--- a/src/x11/Image.cxx Thu Oct 02 16:11:29 2008 +0200
+++ b/src/x11/Image.cxx Thu Oct 02 16:34:16 2008 +0200
@@ -508,7 +508,9 @@ static void mask_converter(const uchar*
amask <<= 1;
}
}
- *ap = aaccum;
+ if (amask != 1) {
+ *ap = aaccum;
+ }
converter[RGB32]((const uchar*)buffer, to, w);
}
@@ -547,7 +549,9 @@ static void rgba_converter(const uchar*
amask <<= 1;
}
}
- *ap = aaccum;
+ if (amask != 1) {
+ *ap = aaccum;
+ }
converter[RGB32]((const uchar*)buffer, to, w);
}
@@ -588,7 +592,9 @@ static void argb32_converter(const uchar
amask <<= 1;
}
}
- *ap = aaccum;
+ if (amask != 1) {
+ *ap = aaccum;
+ }
converter[RGB32]((const uchar*)buffer, to, w);
}
@@ -627,7 +633,9 @@ static void rgbm_converter(const uchar*
amask <<= 1;
}
}
- *ap = aaccum;
+ if (amask != 1) {
+ *ap = aaccum;
+ }
converter[RGB32]((const uchar*)buffer, to, w);
}
@@ -668,7 +676,9 @@ static void mrgb32_converter(const uchar
amask <<= 1;
}
}
- *ap = aaccum;
+ if (amask != 1) {
+ *ap = aaccum;
+ }
converter[RGB32]((const uchar*)buffer, to, w);
}
_______________________________________________
fltk-bugs mailing list
[email protected]
http://lists.easysw.com/mailman/listinfo/fltk-bugs
