Re: bb segfault - will someone please confirm?
On Tue, Apr 12, 2005 at 08:41:07PM -0700, Corey Hickey wrote:
> Thank you for the fix! That was more than I expected. Also, thank you to
> the others for confirming this.
It shows up as a segfault in loading images with sound off, but it shows
up as an attempt to write outside allocated memory with sound off (since
sound isn't loaded into ram). The bug in zbuff became obvious when
running in gdb with sound off.
> Am I right in deducing that this bug doesn't show on i386 because both
> int and long are 32-bit, whereas on amd64 longs are 64-bit?
Yeah exactly.
> I just tested your fix on an i386 machine; no problems. I'll send the
> attached patch to the debian bug tracking system.
Excelent.
> diff -Naur bb-1.3rc1.orig/tex.c bb-1.3rc1/tex.c
> --- bb-1.3rc1.orig/tex.c 2001-04-26 08:52:27.000000000 -0700
> +++ bb-1.3rc1/tex.c 2005-04-12 20:15:41.000000000 -0700
> @@ -92,7 +92,7 @@
>
> static inline void clear_zbuff()
> {
> - memset(zbuff, 0x55, (X_s * Y_s * sizeof(long)));
> + memset(zbuff, 0x55, (X_s * Y_s * sizeof(int)));
> }
>
>
Yeah if you look at the other zbuff functions above, they all use int,
so using long for this one was obviously not intended, but makes no
difference as long as int and long are both 32bit. I suspect this broke
on most 64bit architectures, and could theoretically break on a 32bit
architecture if its gcc has longs defined as 64bit (which would be
allowed after all).
Len Sorensen
Reply to: