DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New] Link: http://www.fltk.org/str.php?L2637 Version: 1.3.0 1) Posted updated test program. Has two images under control of a tab widget, error will appear when you tab to the "Odd" page. Precisely three error messages will appear, at 0,1,2 bytes after the end of the allocated block. See log below. 2) Checked under 32 bit Linux. No error even for odd width images. "configure" generates a "config.h" that does not define U64. 3) "configure" (I use no special options) will generate a "config.h" with U64 defined under 64 bit Linux. 4) When U64 is defined "fl_draw_image.cxx" (around line 295) will select the 64 bit, two pixels at a time "innards" implementation. This "innards" implementation was clearly written with an assumption that odd numbers do not exist. ("int w1 = (w+1)/2;" -- yeah, right). 5) The best fix is probably to disable the U64 specific #ifdef branch from the image conversion code as the performance gains provided by it are dubious at best. I am actually more worried about the destination buffer of the conversion. That's the one which will be possibly written to beyond its end. In the usage scenario where I detected this issue the destination seems to be allocated with some extra padding (after all valgrind does not complain about writes), but is this true for every usage scenario??? ==25119== Memcheck, a memory error detector ==25119== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==25119== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info ==25119== Command: test/icontest ==25119== ==25119== Invalid read of size 4 ==25119== at 0x41E2A7: screen_init() (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x41E3F0: Fl::screen_xywh(int&, int&, int&, int&, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x410EE4: Fl_X::make_xid(Fl_Window*, XVisualInfo*, unsigned long) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x40D79D: Fl_Window::show(int, char**) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x404E7D: main (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== Address 0x78476e0 is not stack'd, malloc'd or (recently) free'd ==25119== ==25119== Invalid read of size 1 ==25119== at 0x414875: xrgb_converter(unsigned char const*, unsigned char*, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x41538D: innards(unsigned char const*, int, int, int, int, int, int, int, void (*)(void*, int, int, int, unsigned char*), void*) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x415550: Fl_Xlib_Graphics_Driver::draw_image(unsigned char const*, int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x40745A: fl_draw_image(unsigned char const*, int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x409358: Fl_Xlib_Graphics_Driver::draw(Fl_RGB_Image*, int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x408713: Fl_RGB_Image::draw(int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x41264A: Fl_Image::draw(int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x413BFD: fl_draw(char const*, int, int, int, int, unsigned int, void (*)(char const*, int, int, int), Fl_Image*, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x414064: fl_draw(char const*, int, int, int, int, unsigned int, Fl_Image*, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4175C0: fl_normal_label(Fl_Label const*, int, int, int, int, unsigned int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4176AE: Fl_Widget::draw_label(int, int, int, int, unsigned int) const (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x406A23: Fl_Button::draw() (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== Address 0x7a523a1 is 0 bytes after a block of size 5,265 alloc'd ==25119== at 0x4C27909: operator new[](unsigned long) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==25119== by 0x4091FA: Fl_Xlib_Graphics_Driver::draw(Fl_RGB_Image*, int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x408713: Fl_RGB_Image::draw(int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x41264A: Fl_Image::draw(int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x413BFD: fl_draw(char const*, int, int, int, int, unsigned int, void (*)(char const*, int, int, int), Fl_Image*, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x414064: fl_draw(char const*, int, int, int, int, unsigned int, Fl_Image*, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4175C0: fl_normal_label(Fl_Label const*, int, int, int, int, unsigned int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4176AE: Fl_Widget::draw_label(int, int, int, int, unsigned int) const (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x406A23: Fl_Button::draw() (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4083E7: Fl_Group::draw_child(Fl_Widget&) const (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4085EC: Fl_Group::draw_children() (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4083E7: Fl_Group::draw_child(Fl_Widget&) const (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== ==25119== Invalid read of size 1 ==25119== at 0x41487A: xrgb_converter(unsigned char const*, unsigned char*, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x41538D: innards(unsigned char const*, int, int, int, int, int, int, int, void (*)(void*, int, int, int, unsigned char*), void*) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x415550: Fl_Xlib_Graphics_Driver::draw_image(unsigned char const*, int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x40745A: fl_draw_image(unsigned char const*, int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x409358: Fl_Xlib_Graphics_Driver::draw(Fl_RGB_Image*, int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x408713: Fl_RGB_Image::draw(int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x41264A: Fl_Image::draw(int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x413BFD: fl_draw(char const*, int, int, int, int, unsigned int, void (*)(char const*, int, int, int), Fl_Image*, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x414064: fl_draw(char const*, int, int, int, int, unsigned int, Fl_Image*, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4175C0: fl_normal_label(Fl_Label const*, int, int, int, int, unsigned int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4176AE: Fl_Widget::draw_label(int, int, int, int, unsigned int) const (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x406A23: Fl_Button::draw() (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== Address 0x7a523a2 is 1 bytes after a block of size 5,265 alloc'd ==25119== at 0x4C27909: operator new[](unsigned long) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==25119== by 0x4091FA: Fl_Xlib_Graphics_Driver::draw(Fl_RGB_Image*, int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x408713: Fl_RGB_Image::draw(int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x41264A: Fl_Image::draw(int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x413BFD: fl_draw(char const*, int, int, int, int, unsigned int, void (*)(char const*, int, int, int), Fl_Image*, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x414064: fl_draw(char const*, int, int, int, int, unsigned int, Fl_Image*, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4175C0: fl_normal_label(Fl_Label const*, int, int, int, int, unsigned int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4176AE: Fl_Widget::draw_label(int, int, int, int, unsigned int) const (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x406A23: Fl_Button::draw() (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4083E7: Fl_Group::draw_child(Fl_Widget&) const (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4085EC: Fl_Group::draw_children() (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4083E7: Fl_Group::draw_child(Fl_Widget&) const (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== ==25119== Invalid read of size 1 ==25119== at 0x414880: xrgb_converter(unsigned char const*, unsigned char*, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x41538D: innards(unsigned char const*, int, int, int, int, int, int, int, void (*)(void*, int, int, int, unsigned char*), void*) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x415550: Fl_Xlib_Graphics_Driver::draw_image(unsigned char const*, int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x40745A: fl_draw_image(unsigned char const*, int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x409358: Fl_Xlib_Graphics_Driver::draw(Fl_RGB_Image*, int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x408713: Fl_RGB_Image::draw(int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x41264A: Fl_Image::draw(int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x413BFD: fl_draw(char const*, int, int, int, int, unsigned int, void (*)(char const*, int, int, int), Fl_Image*, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x414064: fl_draw(char const*, int, int, int, int, unsigned int, Fl_Image*, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4175C0: fl_normal_label(Fl_Label const*, int, int, int, int, unsigned int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4176AE: Fl_Widget::draw_label(int, int, int, int, unsigned int) const (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x406A23: Fl_Button::draw() (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== Address 0x7a523a3 is 2 bytes after a block of size 5,265 alloc'd ==25119== at 0x4C27909: operator new[](unsigned long) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==25119== by 0x4091FA: Fl_Xlib_Graphics_Driver::draw(Fl_RGB_Image*, int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x408713: Fl_RGB_Image::draw(int, int, int, int, int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x41264A: Fl_Image::draw(int, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x413BFD: fl_draw(char const*, int, int, int, int, unsigned int, void (*)(char const*, int, int, int), Fl_Image*, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x414064: fl_draw(char const*, int, int, int, int, unsigned int, Fl_Image*, int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4175C0: fl_normal_label(Fl_Label const*, int, int, int, int, unsigned int) (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4176AE: Fl_Widget::draw_label(int, int, int, int, unsigned int) const (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x406A23: Fl_Button::draw() (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4083E7: Fl_Group::draw_child(Fl_Widget&) const (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4085EC: Fl_Group::draw_children() (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== by 0x4083E7: Fl_Group::draw_child(Fl_Widget&) const (in /tmp/fltk-1.3.x-r8695/test/icontest) ==25119== ==25119== ==25119== HEAP SUMMARY: ==25119== in use at exit: 492,398 bytes in 1,597 blocks ==25119== total heap usage: 9,378 allocs, 7,781 frees, 1,757,801 bytes allocated ==25119== ==25119== LEAK SUMMARY: ==25119== definitely lost: 1,148 bytes in 3 blocks ==25119== indirectly lost: 1,296 bytes in 40 blocks ==25119== possibly lost: 1,968 bytes in 38 blocks ==25119== still reachable: 487,986 bytes in 1,516 blocks ==25119== suppressed: 0 bytes in 0 blocks ==25119== Rerun with --leak-check=full to see details of leaked memory ==25119== ==25119== For counts of detected and suppressed errors, rerun with: -v ==25119== ERROR SUMMARY: 13 errors from 4 contexts (suppressed: 10 from 5) Link: http://www.fltk.org/str.php?L2637 Version: 1.3.0 _______________________________________________ fltk-bugs mailing list [email protected] http://lists.easysw.com/mailman/listinfo/fltk-bugs
