I think I have encountered a bug in the dib.c code.  Specifically, the situation is that I am calling SetDIBits on an hBitmap
that is 24bits deep, and the source bitmap bits is 32bits deep.  It appears that XCreateImage() is creating the correct Image structure, and we then call calloc() to allocate the space for the bits.  We then call X11DRV_DIB_SetImageBits_32().
 
The issue is that for the case where we have a 24 bit destination, we assume that it is packed into 32bit data, but we
have only allocated space for 24bits of data, and we overrun the buffer.  Breaking out the case of 24 bits destination, and
converting the 32bit pixels separately into 24bit destination fixes this problem.  The problem also exists in the GetDIBits
code, where the assumption is that 24bits is stored in 32bit format.
 
rob
 

Reply via email to