Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!cs.utexas.edu!uunet!image.soe.clarkson.edu!daemon
From: nelson@PEAR.ECS.CLARKSON.EDU
Newsgroups: comp.sources.bugs
Subject: popi patchlevel 3
Message-ID: <2347@pear.ecs.clarkson.edu>
Date: 29 Dec 89 16:43:32 GMT
Sender: daemon@sun.soe.clarkson.edu
Reply-To: nelson@sun.soe.clarkson.edu
Organization: Clarkson University, Potsdam, NY
Lines: 23

The routine ImgAlloc found in io.c seems to have a bug.  First it mallocs
an array of pointers, then fills that array in with more malloced pointers.
Now, since the array is accessed using the y coordinate, you would think
that the size of the array would be related to Ysize.  Instead, a reference
is made to Xsize (See below).  This seems wrong to me.
-russ


pixel_t **
ImgAlloc()
{
    pixel_t		**img,
    			**linep,
			**imgend;

    noerr = TRUE;
    if ((img = (pixel_t **) LINT_CAST(Emalloc((unsigned)Xsize * sizeof(pixel_t *)))) == 0)
	return (pixel_t **) 0;

    imgend = &img[Ysize];
    for (linep = img; linep != imgend; ++linep)
	*linep = (pixel_t *) Emalloc((unsigned)Xsize * sizeof (pixel_t));