Bug#470501: libx11-6: crash (segmentation fault) in XPutImage (libX11.so.6) via gs / pspresent

[Vincent Lefevre <vincent@vinc17.org>]

On 2008-03-12 12:30:15 +0100, Vincent Lefevre wrote:
> (gdb) print *ximage
> $1 = {width = 1187, height = 1483, xoffset = 0, format = 2, 
>   data = 0x2aecbb8c1068 'ÿ' <repeats 200 times>..., byte_order = 1, 
>   bitmap_unit = 8, bitmap_bit_order = 1, bitmap_pad = 8, depth = 24, 
>   bytes_per_line = 5040, bits_per_pixel = 24, red_mask = 0, green_mask = 0, 
>   blue_mask = 0, obdata = 0x0, f = {
>     create_image = 0x2aecbb4e0d30 <XCreateImage>, 
>     destroy_image = 0x2aecbb4e1100 <_XDestroyImage>, 
>     get_pixel = 0x2aecbb4e15f0 <_XGetPixel>, 
>     put_pixel = 0x2aecbb4e1190 <_XPutPixel>, 
>     sub_image = 0x2aecbb4e0f40 <_XSubImage>, 
>     add_pixel = 0x2aecbb4e0bc0 <_XAddPixel>}}
> (gdb) info locals
> pixel = <value optimized out>
> px = 0
> src = 0x2aecbbfe172e <Address 0x2aecbbfe172e out of bounds>
> dst = 0x7ffff4b88c68 ""
> i = 3
> nbytes = <value optimized out>
> plane = <value optimized out>
> 
> So, it seems that the problem comes from some function in
> /usr/lib/ghostscript/8.62/X11.so (provided by the ghostscript-x
> package).

With more details:

0x2aecbbfe172e (src) - 0x2aecbb8c1068 (data) is 7472838, while
5040 * 1483 is 7474320. So, if I understand correctly, the buffer
provided by ghostscript is too small?

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)