Bug 26589 - XpmCreateBufferFromXpmImage() always returns -3 (XpmNoMemory)
Summary: XpmCreateBufferFromXpmImage() always returns -3 (XpmNoMemory)
Alias: None
Product: xorg
Classification: Unclassified
Component: Lib/Xpm (show other bugs)
Version: unspecified
Hardware: x86 (IA32) Linux (All)
: high major
Assignee: Matthieu Herrb
QA Contact: Xorg Project Team
Whiteboard: 2011BRB_Reviewed
Keywords: regression
Depends on:
Reported: 2010-02-16 03:37 UTC by Daniel Höper
Modified: 2018-06-12 19:10 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Description Daniel Höper 2010-02-16 03:37:30 UTC
int result;
char *buffer;
XpmImage image;
/* xpm image creation */
result = XpmCreateBufferFromXpmImage(&buffer, &image, NULL);

result is always -3 (XpmNoMemory)

XpmWriteFileFromXpmImage() with the same arguments works fine.

I could track down the problem to this code segment of WriteColors() in src/CrBufFrI.c (near line 314):
        strcpy(s, "\",\n");
        l = s + 3 - buf;
        if( *data_size                   >= UINT_MAX-l ||
            *data_size + l               <= *used_size ||
           (*data_size + l - *used_size) <= sizeof(buf))

The last comparison is always true (under normal circumstances) and therefore this function returns XpmNoMemory. Is this check really necessary?

The call of XpmCreateBufferFromXpmImage() worked as expected after removing the third comparison.
Comment 1 Jeremy Huddleston Sequoia 2011-10-07 18:10:27 UTC
This check was added in:

commit 50986a34f231fbc7a4b62466bd89bd4ae4027d2e
Author: Matthieu Herrb <matthieu.herrb@laas.fr>
Date:   Thu Nov 25 21:19:11 2004 +0000

    Fixes for CAN-2004-0914 (Thomas Biege).

It really doesn't make sense to me.  Not looking at the context and just 
looking at the check, it makes no sense to do *both* of these checks:
+           *data_size + l               <= *used_size ||
+          (*data_size + l - *used_size) <= sizeof(buf))

Looking a bit more at the context, I think that check is entirely bogus.  I've 
sent a patch to xorg-devel for review which removes it.
Comment 2 Adam Jackson 2018-06-12 19:10:06 UTC
Mass closure: This bug has been untouched for more than six years, and is not
obviously still valid. Please reopen this bug or file a new report if you continue to experience issues with current releases.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.