https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104702
I have seen a divide-by-zero crash a couple of times, here:
#0 0x0817685d in rfb::RawEncoder::writeRect(rfb::Rect const&,
rfb::ImageGetter*) (this=0x95a3a08, [EMAIL PROTECTED], ig=0x91db5b4) at
RawEncoder.cxx:47
47 int nRows = nPixels / w;
So w, i.e. r->width() is zero. But rfb::SMsgWriter::writeRects has a
check for this, so what's going on?
Well, it turns out that writeRects isn't the only place that calls
rfb::SMsgWriter::writeRect(rfb::Rect const&, rfb::ImageGetter*) -- it
also gets called from rfb::VNCSConnectionST::writeRenderedCursorRect()
and that function has no such check.
My suggestion is to move the check to the common function, like this:
--- vnc-4.0b4-unixsrc/rfb/SMsgWriter.cxx.crash 2003-09-19 13:56:29.000000000 +0100
+++ vnc-4.0b4-unixsrc/rfb/SMsgWriter.cxx 2003-09-19 13:57:09.000000000 +0100
@@ -105,10 +105,8 @@
writeCopyRect(*i, i->tl.x - ui.copy_delta.x, i->tl.y - ui.copy_delta.y);
}
- for (i = ui.changed.begin(); i != ui.changed.end(); i++) {
- if (i->width() && i->height())
- writeRect(*i, ig);
- }
+ for (i = ui.changed.begin(); i != ui.changed.end(); i++)
+ writeRect(*i, ig);
}
@@ -119,7 +117,8 @@
void SMsgWriter::writeRect(const Rect& r, ImageGetter* ig)
{
- writeRect(r, cp->currentEncoding(), ig);
+ if (r.width() && r.height())
+ writeRect(r, cp->currentEncoding(), ig);
}
void SMsgWriter::writeRect(const Rect& r, unsigned int encoding,
Tim.
*/
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
