There's an off-by-one error caused when selecting square colors for held pieces
that frequently causes pngBoardBitmap to access a value past it's bounds, which
also is likely to include an invalid status field.
The code in cairo and xboard seem to handle nulls well, this patch
simply expands that array without initializing the final instance.
---
draw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/draw.c b/draw.c
index 8b788925..f4aa94d2 100644
--- a/draw.c
+++ b/draw.c
@@ -110,7 +110,7 @@ static cairo_surface_t *pngPieceImages[2][(int)BlackPawn];
// png 256 x 256 im
static cairo_surface_t *pngPieceBitmaps[2][(int)BlackPawn]; // scaled pieces
as used
static cairo_surface_t *pngPieceBitmaps2[2][(int)BlackPawn]; // scaled pieces
in store
static RsvgHandle *svgPieces[2][(int)BlackPawn]; // vector pieces in store
-static cairo_surface_t *pngBoardBitmap[2], *pngOriginalBoardBitmap[2];
+static cairo_surface_t *pngBoardBitmap[3], *pngOriginalBoardBitmap[2];
int useTexture, textureW[2], textureH[2];
#define pieceToSolid(piece) &pieceBitmap[SOLID][(piece) % (int)BlackPawn]