Am Freitag, 25. November 2005 18:22 schrieb Cyril Margorin:
Hello,
During research the crashing application I've found a problem that can be easily reproduced by test. (http://www.winehq.org/pipermail/wine-patches/2005-November/022384.html)
By investigation of problem I've found that original DIB bit depth is 4bpp, Physical pixmap bit depth is (equal to screen) 24bpp. In x11drv/bitmap.c X11_GetBitmapBits takes in account just only bit depth of physical pixmap, and copies it to provided buffer as-is. I.e. it tries to fill buffer with size (e.g.) 48x48x4bpp with 48x48x24bpp that causes buffer overrun and late falling in SetBitmapBits function.
I just noticed that the Poser 6.0 demo also seems to crash at X11_GetBitmapBits, but your patch makes no difference. Don't know if it's supposed to... Anyway, in case you're interested, the Poser 6 crash, including a +x11drv trace and a link to the demo, is filed as bug 4034: http://bugs.winehq.org/show_bug.cgi?id=4034
The current work-around to stop falling is Index: dlls/x11drv/bitmap.c =================================================================== RCS file: /home/wine/wine/dlls/x11drv/bitmap.c,v retrieving revision 1.18 diff -u -r1.18 bitmap.c --- dlls/x11drv/bitmap.c 26 Sep 2005 11:04:12 -0000 1.18 +++ dlls/x11drv/bitmap.c 25 Nov 2005 09:29:12 -0000 @@ -186,7 +186,19 @@ /* copy XImage to 16 bit padded image buffer with real bitsperpixel */
startline = buffer; - switch (physBitmap->pixmap_depth) + + /********************************************************************** + * CoMargo: the switching for physBitmap->pixmap_depth is not correct. + * It should take both physBitmap->pixmap_depth and bitmap.bmBitsPixel + * and convert from one bitdepth to another. + * Otherwise we meet buffer overrun. + */ + if(physBitmap->pixmap_depth != bitmap.bmBitsPixel) + { + FIXME("Pixel conversion from %d bitdepth to %d bitdepth MUST be done!\n",physBitmap->pixmap_depth,bitmap.bmBitsPixel); + } +/* switch (physBitmap->pixmap_depth) */ + switch(bitmap.bmBitsPixel) { case 1: for (h=0;h<height;h++) ===================================================================
-- Cyril Margorin
Ciao, Willie -- Willie Sippel //////// | Tritium Studios // | ______________________________ //// /// | http://www.tritium-studios.com <willie(a)froq.net>