Kevin Russo (russo++at++ait.nrl.navy.mil)
Wed, 31 Aug 1994 22:39:12 GMT
We have run into a bug in libpfsgi/ilgettile.c (Perf 1.2)
that causes a bus error. Perhaps this is a well-known problem?
Whenever LoadPtu() is called over 50 times, the static buffer Images[100]
in ilgettile.c overflows, corrupting other memory. There are two oversights
in the code that contribute to the bug:
1) ildeffile() should check whether NImages >= MAX_IMAGES before proceeding
Perhaps Images[] should be dynamically (re)alloc'd in chunks of 100?
2) ilfreetiles() should set NImages = 0 before returning. Now it only
gets bigger even though the memory is really freed.
from ilgettile.c:
#define MAX_IMAGES 100
static char *ImageNames[MAX_IMAGES];
static ilRotZoomImg *Images[MAX_IMAGES];
static long NImages = 0;
long ildeffile(char *filename, char *name, int xs, int ys)
{
// check NImages < MAX_IMAGES, else realloc or quit with error
:
Images[NImages++] = ilRotZoomImgCreate(
:
}
void ilfreetiles(void)
{
int i;
for(i=0;i<NImages;i++)
free(Images[i]);
NImages = 0; // this is currently not done
}
- Kevin
-- Kevin Russo russo++at++ait.nrl.navy.mil US Naval Research Lab Washington, DC
This archive was generated by hypermail 2.0b2 on Mon Aug 10 1998 - 17:50:31 PDT