There's an off-by-one error caused when selecting square colors for held pieces that frequently causes pngBoardBitmap to access a value past it's bounds, which also is likely to include an invalid status field.
The code in cairo and xboard seem to handle nulls well, this patch simply expands that array without initializing the final instance. --- draw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draw.c b/draw.c index 8b788925..f4aa94d2 100644 --- a/draw.c +++ b/draw.c @@ -110,7 +110,7 @@ static cairo_surface_t *pngPieceImages[2][(int)BlackPawn]; // png 256 x 256 im static cairo_surface_t *pngPieceBitmaps[2][(int)BlackPawn]; // scaled pieces as used static cairo_surface_t *pngPieceBitmaps2[2][(int)BlackPawn]; // scaled pieces in store static RsvgHandle *svgPieces[2][(int)BlackPawn]; // vector pieces in store -static cairo_surface_t *pngBoardBitmap[2], *pngOriginalBoardBitmap[2]; +static cairo_surface_t *pngBoardBitmap[3], *pngOriginalBoardBitmap[2]; int useTexture, textureW[2], textureH[2]; #define pieceToSolid(piece) &pieceBitmap[SOLID][(piece) % (int)BlackPawn] -- 2.16.1
