From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Wed, 6 Aug 2014 18:34:56 +0200 Subject: [PATCH] Fix crash when clearing surface memory The beginning of the surface data needs to be computed correctly if the stride is negative, otherwise, it should point already to the beginning of the surface data. This bug seems to exists since 4a208b (0.5.2) https://bugzilla.redhat.com/show_bug.cgi?id=1029646 --- server/red_worker.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/server/red_worker.c b/server/red_worker.c index 7a1c2d9..d7962c5 100644 --- a/server/red_worker.c +++ b/server/red_worker.c @@ -9654,7 +9654,11 @@ static inline void red_create_surface(RedWorker *worker, uint32_t surface_id, ui surface->context.stride = stride; surface->context.line_0 = line_0; if (!data_is_valid) { - memset((char *)line_0 + (int32_t)(stride * (height - 1)), 0, height*abs(stride)); + char *data = line_0; + if (stride < 0) { + data -= abs(stride) * (height - 1); + } + memset(data, 0, height*abs(stride)); } surface->create.info = NULL; surface->destroy.info = NULL;