Hi Dmitry,

First of all, thanks for finding the time to report those bugs and even fix them.

On 6/15/07, Dmitry Karasik <dmitry@karasik.eu.org > wrote:
I'm observing a crash in ui_desktop_restore() ( xwin.c ), on XPutImage call.
The first problem is that result of XCreateImage() is not checked; in my case
it was NULL. Also, I found that it was NULL because it seems that there's an
inherent assumption that scanline size for XImage is sufficient
bits_per_pixel*width. On my xorg 7.2, it is otherwise:...

Before we dive further into this, please check it against the CVS version as we did have a crash introduced with Xorg 7.2 fixed just a month or two ago.
Also check whether this is the same issue as in this patch:

PS. There's another crash I've just found, in xclip.c inside lf2crlf(), on line 210,
*o++ = '\0'; . This fix seems to be working:

--- xclip.c.orig        Fri Jun 15 12:47:13 2007
+++ xclip.c     Fri Jun 15 12:47:17 2007
@@ -193,7 +193,7 @@
        uint8 *result, *p, *o;

        /* Worst case: Every char is LF */
-       result = xmalloc(*length * 2);
+       result = xmalloc(*length * 2 + 1);

        p = data;
        o = result;

Allright. This looks solid to me, and in agreement with what we do in utf16_lf2crlf.
Can someone with CVS write permissions check this in please?