LoadImage (4bpp) / CopyImage() crashing

Willie Sippel willie at zeitgeistmedia.net
Fri Dec 9 20:53:50 CST 2005 

Am Freitag, 25. November 2005 18:22 schrieb Cyril Margorin:
> Hello,
>
> During research the crashing application I've found a problem that can
> be easily reproduced by test.
> (http://www.winehq.org/pipermail/wine-patches/2005-November/022384.html)
>
> By investigation of problem I've found that original DIB bit depth is
> 4bpp, Physical pixmap bit depth is (equal to screen) 24bpp.
> In x11drv/bitmap.c X11_GetBitmapBits takes in account just only bit
> depth of physical pixmap, and copies it to provided buffer as-is.
> I.e. it tries to fill buffer with size (e.g.) 48x48x4bpp with
> 48x48x24bpp that causes buffer overrun and late falling in
> SetBitmapBits function.
>
I just noticed that the Poser 6.0 demo also seems to crash at 
X11_GetBitmapBits, but your patch makes no difference. Don't know if it's 
supposed to...
Anyway, in case you're interested, the Poser 6 crash, including a +x11drv 
trace and a link to the demo, is filed as bug 4034:
http://bugs.winehq.org/show_bug.cgi?id=4034

> The current work-around to stop falling is
> Index: dlls/x11drv/bitmap.c
> ===================================================================
> RCS file: /home/wine/wine/dlls/x11drv/bitmap.c,v
> retrieving revision 1.18
> diff -u -r1.18 bitmap.c
> --- dlls/x11drv/bitmap.c	26 Sep 2005 11:04:12 -0000	1.18
> +++ dlls/x11drv/bitmap.c	25 Nov 2005 09:29:12 -0000
> @@ -186,7 +186,19 @@
>      /* copy XImage to 16 bit padded image buffer with real bitsperpixel */
>
>      startline = buffer;
> -    switch (physBitmap->pixmap_depth)
> +
> +   
> /********************************************************************** +  
>   * CoMargo: the switching for physBitmap->pixmap_depth is not correct. +  
>   *	It should take both physBitmap->pixmap_depth and bitmap.bmBitsPixel +  
>   *	and convert from one bitdepth to another.
> +     *	Otherwise we meet buffer overrun.
> +     */
> +    if(physBitmap->pixmap_depth != bitmap.bmBitsPixel)
> +    {
> +	FIXME("Pixel conversion from %d bitdepth to %d bitdepth MUST be
> done!\n",physBitmap->pixmap_depth,bitmap.bmBitsPixel);
> +    }
> +/*    switch (physBitmap->pixmap_depth) */
> +    switch(bitmap.bmBitsPixel)
>      {
>      case 1:
>          for (h=0;h<height;h++)
> ===================================================================
>
> --
> Cyril Margorin

Ciao,
Willie

-- 
Willie Sippel

  ////////  |  Tritium Studios
 //         |  ______________________________
//// ///    |  http://www.tritium-studios.com

<willie at froq.net>

More information about the wine-devel mailing list