[xorg-bugzilla-noise] [Bug 651] New: REGION_INIT fails with NullBox
bugzilla-daemon at pdx.freedesktop.org
bugzilla-daemon at pdx.freedesktop.org
Thu May 20 10:14:23 PDT 2004
http://pdx.freedesktop.org/cgi-bin/bugzilla/show_bug.cgi?id=651
Summary: REGION_INIT fails with NullBox
Product: xorg
Version: 6.7.0
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Server/general
AssignedTo: xorg-bugzilla-noise at freedesktop.org
ReportedBy: twaugh at redhat.com
I am trying to compile RealVNC 4.0beta5 against Xorg, and although I get an Xvnc
binary it segfaults on start.
The crash is in REGION_INIT(pScreen, reg, NullBox, 0) -- in VNC code -- although
in xc/program/Xserver/include/regionstr.h it appears that using NullBox here is
okay:
#ifndef REGION_NULL
#define REGION_NULL(_pScreen, _pReg) \
REGION_INIT(_pScreen, _pReg, NullBox, 1)
#endif
However, REGION_INIT picks up this definition:
#define REGION_INIT(_pScreen, _pReg, _rect, _size) \
{ \
REGION_SCREEN(_pScreen); \
(_pReg)->extents = *(_rect); \
(_pReg)->data = (RegDataPtr)NULL; \
}
and (NullBox being NULL) the dereference of _rect seems to be what's causing the
problem.
In XFree86-4.3.0 the REGION_INIT definition was:
#define REGION_INIT(_pScreen, _pReg, _rect, _size) \
{ \
if (_rect) \
{ \
(_pReg)->extents = *(_rect); \
(_pReg)->data = (RegDataPtr)NULL; \
} \
else \
{ \
(_pReg)->extents = miEmptyBox; \
if (((_size) > 1) && ((_pReg)->data = \
(RegDataPtr)xalloc(REGION_SZOF(_size)))) \
{ \
(_pReg)->data->size = (_size); \
(_pReg)->data->numRects = 0; \
} \
else \
(_pReg)->data = &miEmptyData; \
} \
}
and so my question is: why don't we check whether _rect can be dereferenced any
more? Is this a bug in REGION_INIT?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the xorg-bugzilla-noise
mailing list