[Xlock-develop] xlockmore crash in petri.c
David A Bagley
bagleyd at gwyn.tux.org
Fri Aug 21 12:51:46 EDT 2009
Hi Nigel
Thanks for letting me know about problem with the fix. I will make sure it gets in the next one.
--
Cheers,
/X\ David A. Bagley
(( X bagleyd at tux.org http://www.tux.org/~bagleyd/
\X/ xlockmore and more
>
> Hi,
>
> I was experiencing crashes with xlockmore and I finally tracked it down to a
> bug in petri.c.
>
> The variable "count" in petristruct is declared "int" (i.e. signed). However,
> later on there are the lines:
>
> if ( sp->count > (1L << (xgwa.depth-1)))
> sp->count = (1L << (xgwa.depth-1));
>
> Now, if the display is 32 bit (as in my case) this overflows a signed int and
> makes count go negative. The lines immediately following:
>
> if ( sp->count >= (1L << ((sizeof( sp->arr[0].col) * 8) - 1)))
> sp->count = (1L << ((sizeof( sp->arr[0].col) * 8) - 1));
>
> have no effect, because count is negative. This eventually leads to a crash in
> make_random_colormap leaving the display locked and unlockable!
>
> The simple fix is, of course, to make count unsigned.
>
> FWIW I was using the xlockmore 5.26.1 which ships with Fedora 11. It seems to
> be unpatched. I have also informed Fedora of this bug.
>
> All the best,
> Nigel Warr
>
> --
> Dr. Nigel Warr, Institut fuer Kernphysik, Universitaet zu Koeln,
> Zuelpicherstr. 77, D-50937 Koeln, Germany. Tel (0221) 470 3459
>
More information about the Xlock-develop
mailing list