Hello,
During research the crashing application I've found a problem that can be easily reproduced by test. (http://www.winehq.org/pipermail/wine-patches/2005-November/022384.html)
By investigation of problem I've found that original DIB bit depth is 4bpp, Physical pixmap bit depth is (equal to screen) 24bpp. In x11drv/bitmap.c X11_GetBitmapBits takes in account just only bit depth of physical pixmap, and copies it to provided buffer as-is. I.e. it tries to fill buffer with size (e.g.) 48x48x4bpp with 48x48x24bpp that causes buffer overrun and late falling in SetBitmapBits function.
The current work-around to stop falling is Index: dlls/x11drv/bitmap.c =================================================================== RCS file: /home/wine/wine/dlls/x11drv/bitmap.c,v retrieving revision 1.18 diff -u -r1.18 bitmap.c --- dlls/x11drv/bitmap.c 26 Sep 2005 11:04:12 -0000 1.18 +++ dlls/x11drv/bitmap.c 25 Nov 2005 09:29:12 -0000 @@ -186,7 +186,19 @@ /* copy XImage to 16 bit padded image buffer with real bitsperpixel */
startline = buffer; - switch (physBitmap->pixmap_depth) + + /********************************************************************** + * CoMargo: the switching for physBitmap->pixmap_depth is not correct. + * It should take both physBitmap->pixmap_depth and bitmap.bmBitsPixel + * and convert from one bitdepth to another. + * Otherwise we meet buffer overrun. + */ + if(physBitmap->pixmap_depth != bitmap.bmBitsPixel) + { + FIXME("Pixel conversion from %d bitdepth to %d bitdepth MUST be done!\n",physBitmap->pixmap_depth,bitmap.bmBitsPixel); + } +/* switch (physBitmap->pixmap_depth) */ + switch(bitmap.bmBitsPixel) { case 1: for (h=0;h<height;h++) ===================================================================
-- Cyril Margorin