Package: libfltk1.1 Version: 1.1.10-9 Severity: normal Tags: patch Goplay (one of the fltk's rdepends) displays screenshots of games. Most of them display corruptly.
There's a uninitialised stack variable that's incrementing the number of color channels, making RGB images be read as RGBA. Patch attached. The bug doesn't seem to trigger when: • Running goplay under valgrind (although valgrind does spot it) • Building fltk with DEB_BUILD_OPTIONS="nostrip noopt nodoc" Regards, Steve -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (990, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libfltk1.1 depends on: ii libc6 2.13-21 ii libfontconfig1 2.8.0-3 ii libgcc1 1:4.6.2-5 ii libgl1-mesa-glx [libgl1] 7.11.1-1 ii libjpeg8 8c-2 ii libpng12-0 1.2.46-3 ii libstdc++6 4.6.2-5 ii libx11-6 2:1.4.4-4 ii libxft2 2.2.0-3 ii libxinerama1 2:1.1.1-3 ii multiarch-support 2.13-21 libfltk1.1 recommends no packages. libfltk1.1 suggests no packages. -- no debconf information
--- a/src/Fl_PNG_Image.cxx +++ b/src/Fl_PNG_Image.cxx @@ -67,7 +67,8 @@ png_infop info; // PNG info pointers png_bytep *rows; // PNG row pointers png_uint_32 width, height; - int bit_depth, color_type, num_trans; + int bit_depth, color_type; + int num_trans = 0; // Open the PNG file...
