LoadImage (4bpp) / CopyImage() crashing
Cyril Margorin
comargo at gmail.com
Fri Nov 25 11:22:38 CST 2005
Hello,
During research the crashing application I've found a problem that can
be easily reproduced by test.
(http://www.winehq.org/pipermail/wine-patches/2005-November/022384.html)
By investigation of problem I've found that original DIB bit depth is
4bpp, Physical pixmap bit depth is (equal to screen) 24bpp.
In x11drv/bitmap.c X11_GetBitmapBits takes in account just only bit
depth of physical pixmap, and copies it to provided buffer as-is.
I.e. it tries to fill buffer with size (e.g.) 48x48x4bpp with
48x48x24bpp that causes buffer overrun and late falling in
SetBitmapBits function.
The current work-around to stop falling is
Index: dlls/x11drv/bitmap.c
===================================================================
RCS file: /home/wine/wine/dlls/x11drv/bitmap.c,v
retrieving revision 1.18
diff -u -r1.18 bitmap.c
--- dlls/x11drv/bitmap.c 26 Sep 2005 11:04:12 -0000 1.18
+++ dlls/x11drv/bitmap.c 25 Nov 2005 09:29:12 -0000
@@ -186,7 +186,19 @@
/* copy XImage to 16 bit padded image buffer with real bitsperpixel */
startline = buffer;
- switch (physBitmap->pixmap_depth)
+
+ /**********************************************************************
+ * CoMargo: the switching for physBitmap->pixmap_depth is not correct.
+ * It should take both physBitmap->pixmap_depth and bitmap.bmBitsPixel
+ * and convert from one bitdepth to another.
+ * Otherwise we meet buffer overrun.
+ */
+ if(physBitmap->pixmap_depth != bitmap.bmBitsPixel)
+ {
+ FIXME("Pixel conversion from %d bitdepth to %d bitdepth MUST be
done!\n",physBitmap->pixmap_depth,bitmap.bmBitsPixel);
+ }
+/* switch (physBitmap->pixmap_depth) */
+ switch(bitmap.bmBitsPixel)
{
case 1:
for (h=0;h<height;h++)
===================================================================
--
Cyril Margorin
More information about the wine-devel
mailing list