Changes between Initial Version and Version 1 of Ticket #10469, comment 4


Ignore:
Timestamp:
Aug 19, 2014, 11:53:08 AM (10 years ago)
Author:
pulkomandy

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #10469, comment 4

    initial v1  
    1 I tried to debug mesa_legacy, and I found that there is an integer overflow. The fWidth and fHeight used when allocating the bitmap are unsigned ints, so an attempt to set them to -1 leads to an overflow. This prevents the already existing "<1" checks from working. Since we also don't check wether the bitmap allocation and InitCheck succeded, we hit a BBitmap assert when accessing the non existing bits.
     1I tried to debug mesa_legacy, and I found that there is an integer overflow. The fWidth and fHeight used when allocating the bitmap are unsigned ints, so an attempt to set them to -1 leads to an overflow (https://github.com/haiku/mesa_legacy/blob/7.9/src/mesa/drivers/haiku/swrast/MesaSoftwareRenderer.cpp#L318). This prevents the already existing "<1" checks from working (https://github.com/haiku/mesa_legacy/blob/7.9/src/mesa/drivers/haiku/swrast/MesaSoftwareRenderer.cpp#L570). Since we also don't check wether the bitmap allocation and InitCheck succeded, we hit a BBitmap assert when accessing the non existing bits. (https://github.com/haiku/mesa_legacy/blob/7.9/src/mesa/drivers/haiku/swrast/MesaSoftwareRenderer.cpp#L573)