Created attachment 358046 [details]
Trivial patch to fix it

Description of problem:

The petri hack gives a segmentaiton fault with 32 bit displays

Version-Release number of selected component (if applicable):

xlockmore-5.26.1-2.fc11.i586


How reproducible:

Always on a 32 bit display

Steps to Reproduce:
1. xlock -mode petri
  
Actual results:
#0  _int_malloc (av=<value optimized out>, bytes=<value optimized out>)
    at malloc.c:4272
#1  0x00416bfe in *__GI___libc_malloc (bytes=8) at malloc.c:3638
#2  0x00baae9c in _XSend (dpy=0x9ddb850, data=0x0, size=0) at xcb_io.c:306
#3  0x00baafa0 in _XReply (dpy=0x9ddb850, rep=0xbfbe5c68, extra=0, discard=1)
    at xcb_io.c:450
#4  0x00b89573 in _XGetWindowAttributes (dpy=0x9ddb850, w=48234503, 
    attr=0xbfbe5d14) at GetWAttrs.c:116
#5  0x00b896f2 in XGetWindowAttributes (dpy=0x9ddb850, w=48234503, 
    attr=0xbfbe5d14) at GetWAttrs.c:151
#6  0x0804d9d4 in mode_info (display=<value optimized out>, scrn=5309312, 
    window=48234503, iconic=1) at xlock.c:1344
#7  0x0804ede4 in finish (display=0x9ddb850, closeDisplay=1) at xlock.c:1434
#8  0x0804f018 in sigcatch (signum=11) at xlock.c:2933
#9  <signal handler called>
#10 make_random_colormap (mi=0x9dea250, cmap=48234501, colors=0x9df9784, 
    ncolorsP=0xbfbe6518, bright_p=1, allocate_p=1, writable_pP=0x0)
    at color.c:987
#11 0x080d81d9 in setup_random_colormap (mi=<value optimized out>)
    at petri.c:313
#12 setup_display (mi=<value optimized out>) at petri.c:737
#13 0x080d8818 in init_petri (mi=0x9dea250) at petri.c:1055
#14 0x08056753 in call_init_hook (ls=0x81bfee0, mi=0x9dea250) at mode.c:1284
---Type <return> to continue, or q <return> to quit---
#15 0x0804e54d in justDisplay (display=0x9ddb850) at xlock.c:2802
#16 0x08050fdb in lockDisplay (display=<value optimized out>, 
    do_display=<value optimized out>) at xlock.c:3018
#17 0x08053097 in main (argc=3, argv=0xbfbe6ba4) at xlock.c:3945


Expected results:

It should draw the petri dish screensaver hack

Additional info:

The bug is caused by the variable count in the petristruct structure "sp" being declared as "int" rather than "unsigned int". Then in the function setup_display the following code is excecuted where xgwa.depth is the depth of the display (32 in my case).

   if ( sp->count > (1L << (xgwa.depth-1)))
      sp->count = (1L << (xgwa.depth-1));

This sets sp->count to 2^31, but as it is declared signed, it goes negative. The next lines do:

   if ( sp->count >= (1L << ((sizeof( sp->arr[0].col) * 8) - 1)))
      sp->count = (1L << ((sizeof( sp->arr[0].col) * 8) - 1));

where col has sizeof(char), so the code is supposed to say: if sp->count > 2^7 then set it to 2^7, but as sp->count was declared signed, and has become negative, this code doesn't do anything.

Then sp->count is used with malloc and all sorts of nasty things happen! The precise location of the failure is a bit random, because it depends on memory usage etc.

The solution is trivial. Just change the declaration of count to "unsigned int" (patch attached).