The X server still has 'unsigned long' in a few places to hold 32 bit values. One of those is in miPutImage where it's holding the temporary planemask for XYPixmap format images.
It computed the highest plane in the source image with 1 << (depth - 1). On 64-bit machines, taking that value and storing it in an unsigned long promotes it to a signed 64-bit value (0xffffffff80000000). Then, it loops over that value, shifting one bit right each time, waiting for it to go to zero.. That takes 64 iterations, and ends up with some mystic planemask values *and* walking off the end of the source image data and out into space. A simple cast is all that is required to compute the correct initial plane mask (0x0000000080000000), at which point the loop operates correctly once again. Checking the fbPutImage code, I note that this same bug was fixed in 2006 by Aaron Plattner in commit f39fd4242902eaa862321d39337f429dd14ebacf Signed-off-by: Keith Packard <[email protected]> --- mi/mibitblt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mi/mibitblt.c b/mi/mibitblt.c index b0d14ae..3ed4ed1 100644 --- a/mi/mibitblt.c +++ b/mi/mibitblt.c @@ -730,7 +730,7 @@ miPutImage(DrawablePtr pDraw, GCPtr pGC, int depth, ChangeGC(NullClient, pGC, GCForeground | GCBackground, gcv); bytesPer = (long) h *BitmapBytePad(w + leftPad); - for (i = 1 << (depth - 1); i != 0; i >>= 1, pImage += bytesPer) { + for (i = (unsigned long) 1 << (depth - 1); i != 0; i >>= 1, pImage += bytesPer) { if (i & oldPlanemask) { gcv[0].val = (XID) i; ChangeGC(NullClient, pGC, GCPlaneMask, gcv); -- 1.9.0 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
