Dachannien
May 23rd, 2008, 19:24
Problem: Unmasking can lead to a crash under certain circumstances.
To reproduce:
1. Create a large map (larger than the max window size, preferably much larger) using an image. (Make the image all-black to make testing easier in step 4.)
2. Mask the map.
3. Zoom out two clicks.
4. Scroll the map left. If you do this right, you will see a tan-colored line at the left edge of the map, somewhat lighter colored than the mask color.
5. Unmask a portion of the map including that tan-colored line. One of two things will happen:
a) The unmask will happen successfully, but there will be a one-pixel-wide vertical line that also gets unmasked a few hundred pixels to the right and a few hundred pixels up of the part of the left edge that you unmasked.
b) If the vertical line mentioned in (a) would extend off the top of the map, the program will crash.
I suspect that what is happening is that a column of pixels just off the left edge of the map is being revealed when you zoom out and scroll left (due to rounding error or whatever). This is the actual bug, and the unmask crash is merely a symptom. When you try unmasking that column of pixels, the program calculates the unmask region using this invalid column of pixels. If the calculated unmask region then extends off the map, it crashes from trying to access memory outside the unmask buffer.
To reproduce:
1. Create a large map (larger than the max window size, preferably much larger) using an image. (Make the image all-black to make testing easier in step 4.)
2. Mask the map.
3. Zoom out two clicks.
4. Scroll the map left. If you do this right, you will see a tan-colored line at the left edge of the map, somewhat lighter colored than the mask color.
5. Unmask a portion of the map including that tan-colored line. One of two things will happen:
a) The unmask will happen successfully, but there will be a one-pixel-wide vertical line that also gets unmasked a few hundred pixels to the right and a few hundred pixels up of the part of the left edge that you unmasked.
b) If the vertical line mentioned in (a) would extend off the top of the map, the program will crash.
I suspect that what is happening is that a column of pixels just off the left edge of the map is being revealed when you zoom out and scroll left (due to rounding error or whatever). This is the actual bug, and the unmask crash is merely a symptom. When you try unmasking that column of pixels, the program calculates the unmask region using this invalid column of pixels. If the calculated unmask region then extends off the map, it crashes from trying to access memory outside the unmask buffer.