To exercise code in different/new ways, I ran freesci under purify while
freesci was "playing" KQ1 enhanced. This was with scaling factor of 1,
with trilinear filtering (and a bunch of other things) on.
(NOTE TO USERS: KQ1 IS NOT PLAYABLE)
The function graph_map_ega_color() appears to read uninitialized memory
(at kgraphics.c:223). I set a breakpoint, and it appears to happen most
of the times it's called. It's called when any dialog is played, whether
it's the "about" box or anything else. The parameters passed are {
color=0, control=-1, priority=-1 }. If any other state information at the
breakpoint would be useful, let me know and I"ll supply it.
There's a similar kind of uninitialized read @ kgraphics.c:2359. It's
another access to the s->ega_colors array, just like the problem above.
The last one I think I actually have figured out. There's a complaint
about an uninitialized memory read @ gfx_pixmap_scale.c:301
(gfx_apply_delta). I appears that the delta array is not always
fully initialized:
1) Line 277 and 282. Only the first 3 ints in the 4 int array would be set
to 0 by the memset operation.
2) When the case is the last "else if" (transparent) in
gfx_get_pixel_delta, only the 3rd int the the delta array is initialized.
All the other ints will be uninitialized. So, when gfx_apply_delta is
called, uninitialized memory is read.
Once I fixed these (patch sent later), I then noticed that the color array
is also not always fully initialized:
1) In gfx_get_pixel_delta, if the case is transparent, only the last int
in the color array is initialized. None of the other ints are. When
gfx_apply_delta is called, uninitialized memory is read.
I don't know what this should be initialized to, as this code is kind of
over my head (maybe more comments?) so this fix is not included in my
patch.
I'm on a roll, so I'm going to go onto the next subject in a separate
message. Sorry for the long-windedness of the mail, but I'm trying to
illustrate my thought process so if it's wrong somewhere, someone will
spot where I went wrong :)
--
http://www.clock.org/~matt
