[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug #1999] Pingus Crashes with segmentation fault, while bashing ou
From: |
Gervase Lam |
Subject: |
Re: [Bug #1999] Pingus Crashes with segmentation fault, while bashing out of right screen |
Date: |
Fri, 20 Dec 2002 22:26:25 +0000 |
> Date: 18 Dec 2002 12:19:25 +0100
> From: Ingo Ruhnke <address@hidden>
> Subject: Re: [Bug #1999] Pingus Crashes with segmentation fault, while
> bashing out of right screen
> The segfault itself has another cause, its simply a buffer-overflow in
> the blitting code, something there doesn't check for
> (x > width) || (y > height) and simply writes bejoint the
> boundaries -> crash.
I looked at "blitter.cxx". I thought I found the problem there, but after
a bit of brain work, I found that the code there was OK.
So I ran Pingus on gdb and got this:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 5014)]
PingusSpotMap::remove(CL_SurfaceProvider*, int, int) (this=0x8345db8,
sprovider=0x8b03460, x=1567, y=384)
at spot_map.hxx:47
47 inline bool is_empty (void) { return empty; }
Current language: auto; currently c++
(gdb)
After looking at the code further, I found that tile[x][y].is_empty()
referred to an element that was beyond the range of the (dynamically)
defined range. Attached is the patch for this.
Thanks,
Gervase.
pingus.200212202224.cvs.diff
Description: Text Data