Here is some additional information on the PQ2 drawpic crash bug (#318).
Purify reports an array bounds write in memset, writing one past the end
of a 64000 byte block. Stack trace below:
_gfxr_auxplot_brush(gfxr_pic_t * 0x04ac0500, unsigned char * 0x04aef668,
int 63680, int 320, int 1, int 34, int 0, int 432) line 795 + 86 bytes
_gfxr_plot_aux_pattern(gfxr_pic_t * 0x04ac0500, int 309, int 192, int 7,
int 0, int 33, int 3, int 34, int 15, int 0, int 0, int 4) line 945 + 172
bytes
_gfxr_draw_pattern(gfxr_pic_t * 0x04ac0500, int 309, int 192, int 34, int
15, int 0, int 3, int 55, int 7, int 33, int 0) line 1021 + 187 bytes
gfxr_draw_pic0(gfxr_pic_t * 0x04ac0500, int 1, int 0, int 7691, unsigned
char * 0x04aff180, gfxr_pic0_params_t * 0x0013f8d4, int 2126) line 2136 +
224 bytes
gfxr_interpreter_calculate_pic(gfx_resstate_t * 0x02ade2a0, gfxr_pic_t *
0x04a23c80, gfxr_pic_t * 0x04ac0500, int 1, int 0, int 78, void *
0x0297a118) line 114 + 163 bytes
gfxr_get_pic(gfx_resstate_t * 0x02ade2a0, int 78, int 1, int 1, int 0, int
1) line 322 + 136 bytes
gfxop_new_pic(gfx_state_t * 0x0043d868 static_gfx_state, int 78, int 1,
int 0) line 1832 + 131 bytes
c_gfx_drawpic(_state * 0x02991fe0) line 1177 + 114 bytes
con_parse(_state * 0x02991fe0, char * 0x0043d948 input) line 431 + 61
bytes
script_debug(_state * 0x02991fe0, unsigned short * 0x049cf47c, unsigned
short * 0x049cf47e, unsigned short * 0x049cf488, unsigned short *
0x049cf478, int * 0x0013fafc, int 0) line 2769 + 92 bytes
run_vm(_state * 0x02991fe0, int 0) line 571 + 148 bytes
When this happens in _gfxr_auxplot_brush():
yoffset=63680
offset=320
plot=1
color=34
brush_mode=0
randseed=432
yc=0
This is where the problems begin. There are more things reported after
this, but this is probably the cause of those problems. Let me know if
more information is needed.
--
http://www.clock.org/~matt
