Please do not reply to this email: if you want to comment on the bug, go to
the URL shown below and enter your comments there.
http://bugs.xfree86.org/show_bug.cgi?id=512
------- Additional Comments From [EMAIL PROTECTED] 2004-04-07 19:28 -------
OK, here's what I've found (why do I feel like I'm talking to myself?)
The file extras/Mesa/src/config.h defines MAX_WIDTH and MAX_HEIGHT as 2048.
When Xinerama is enabled with two 1600x1200 monitors attached, the display
will appear to be a single 3200x1200 display.
When a mesa_buffer is being created, the .Width and .Height values are
initially 0. At some point (in _mesa_make_current2), _get_buffer_size is
called in order to set them to the actual width and height of the display.
Problem is, this code in extras/Mesa/src/X/xm_dd.c will only work if the
display width is not greater than MAX_WIDTH. If it is greater, it sets the
width to the existing value of buffer->Width (which is 0).
#ifdef XFree86Server
if (xmBuffer->frontbuffer->width > MAX_WIDTH ||
xmBuffer->frontbuffer->height > MAX_HEIGHT) {
winwidth = buffer->Width;
winheight = buffer->Height;
} else {
winwidth = xmBuffer->frontbuffer->width;
winheight = xmBuffer->frontbuffer->height;
}
#else
This is a problem later on in xmesa_alloc_back_buffer when it tries to
allocate space for this buffer's data:
b->backimage->data = (char *) MALLOC( b->backimage->height
* b->backimage->bytes_per_line );
if (!b->backimage->data) {
error("alloc_back_buffer: MALLOC failed.");
XMesaDestroyImage( b->backimage );
b->backimage = NULL;
}
}
b->backpixmap = None;
If height or width are 0, the malloc fails and both backimage and backpixmap
are left Null.
This is a problem later on in XMesaSwapBuffers (and a bunch of other places
too). In XMesaSwapBuffers, if b->backimage is non-null, it does some stuff
with it. Otherwise, it assumes there must be good data in b->backpixmap
(the else clause) and sends that b->backpixmap to XMesaCopyArea which does
not validate pointers and so it barfs trying to index off a null pointer.
I tried the following instead in xm_dd.c: (in get_buffer_size)
#ifdef XFree86Server
if (xmBuffer->frontbuffer->width > MAX_WIDTH)
winwidth = MAX_WIDTH;
else
winwidth = xmBuffer->frontbuffer->width;
if (xmBuffer->frontbuffer->height > MAX_HEIGHT) {
winheight = MAX_HEIGHT;
} else {
winheight = xmBuffer->frontbuffer->height;
}
#else
I'm not sure of the consequences of this, but it seems to make more sense if
the values are too big, to take the largest one we can handle rather than
defaulting to a troubling value like 0. So far my system runs with this
patch and none of the others (null pointer checking) applied. But I still
think it would be prudent to check for null pointers where it can be
efficiently done.
One other option would be to increase MAX_WIDTH, but that seems like it is
just postponing the pain for later.
--
Configure bugmail: http://bugs.xfree86.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
--
_______________________________________________
Dri-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/dri-devel
