KPixmapIO bug in ShmSegment
Karl Vogel
karl.vogel at seagha.com
Sat Feb 8 13:53:12 GMT 2003
If the creation/attach of the shm segment fails, then bad things can happen.
ie.
void KPixmapIO::putImage(QPixmap *dst, int dx, int dy, const QImage *src)
...
if (m_bShm && (src->depth() > 1) && (d->bpp > 8) && (size > d->threshold))
{
#ifdef HAVE_MITSHM
initXImage(src->width(), src->height());
convertToXImage(*src);
...
The call to initXImage() can put bogus info in d->ximage->data, because it
doesn't check if the createShmSegment() call is successfull
void KPixmapIO::initXImage(int w, int h)
{
if (d->ximage && (w == d->ximage->width) && (h == d->ximage->height))
return;
createXImage(w, h);
int size = d->ximage->bytes_per_line * d->ximage->height;
if (size > d->shmsize)
createShmSegment(size);
d->ximage->data = d->shminfo->shmaddr;
return;
}
If createShmSegment() is unable attach the shm segment, then it sets m_bShm to
false. In this case d->shminfo->shmaddr is not valid! So there needs to be a
test written for this case.
Bumped onto this via:
http://bugs.kde.org/show_bug.cgi?id=42441
More information about the kde-core-devel
mailing list