Fix wrong types passed to XChangeProperty

[binary1248]

Fixes #1168.

[LaurentGomila]

Could you elaborate? I can't find how your new code differs from the previous one, except on big-endian systems but I doubt this is the case in #1168.

[binary1248]

sizeof(long) is 8 on LP64 systems (this includes Unix). Xlib was reading past the end of the allocated buffer because even though it only reads the low-order 32-bits out of each element, it still expects elements that are sizeof(long) large. Don't ask me why... it's Xlib.

[ghost]

tried bugfix/xlib_set_icon, crashes on XCreateImage (btw its call not affected by commit). building in steam runtime --i386 (https://github.com/ValveSoftware/steam-runtime).

#include <SFML/Graphics.hpp>

int main() {
	sf::Image *res = new sf::Image();
	res->loadFromFile("icon.png");

	sf::Window *win = new sf::Window(sf::VideoMode(800, 600), "test");
	win->setIcon(res->getSize().x, res->getSize().y, res->getPixelsPtr());

	delete res;
	delete win;
}

[ghost]

Wow, just tried one thing and it not crashes anymore.

    Uint8* iconPixels = static_cast<Uint8*>(std::malloc(width * height * 4));
    for (std::size_t i = 0; i < width * height; ++i)
    {
        iconPixels[8 + i * 4 + 0] = pixels[i * 4 + 2];
        iconPixels[8 + i * 4 + 1] = pixels[i * 4 + 1];
        iconPixels[8 + i * 4 + 2] = pixels[i * 4 + 0];
        iconPixels[8 + i * 4 + 3] = pixels[i * 4 + 3];
    }

here we have width * height * 4 array, but [8 + i * 4 + 0]. So

Uint8* iconPixels = static_cast<Uint8*>(std::malloc(width * height * 4 + 8));

fixed crash

[MarioLiebisch]

Consider me confused.

Ah, missed the dimensions at the beginning.

Should this really use unsigned long rather than an explicit length like uint32? Might that be the culprit here?

[ghost]

btw this works too. so there's simple going out of array boundaries

    Uint8* iconPixels = static_cast<Uint8*>(std::malloc(width * height * 4));
    for (std::size_t i = 0; i < width * height; ++i)
    {
        iconPixels[i * 4 + 0] = pixels[i * 4 + 2];
        iconPixels[i * 4 + 1] = pixels[i * 4 + 1];
        iconPixels[i * 4 + 2] = pixels[i * 4 + 0];
        iconPixels[i * 4 + 3] = pixels[i * 4 + 3];
    }

[ghost]

I mean that the segfault can be caused by memory corruption after going out of boundaries and two issues caused by one problem

[MarioLiebisch]

Could you try this PR but replace unsigned long with sf::Uint32?

[mantognini]

btw this works too. so there's simple going out of array boundaries

Question is: why is there this 8 padding in the first place? Some X-related format?

[ghost]

@MarioLiebisch in my case app crashed before any changes made in this commit. I got crash at line 789, but this commit starts at line 838. And there's obvious going out of boundaries.

the array is widthheight4, but last element in the loop accessed is
(8 + (width * height - 1) * 4) = 4 * (width * height - 1 + 2) = 4 * (width * height + 1), so next 8 bytes after the end of the array are overwritten by this.

[ghost]

@mantognini I think it's copy&paste from line 841

[MarioLiebisch]

@mantognini The offset skips the bytes used to store the image dimensions., 2 times 4 bytes.

[ghost]

@MarioLiebisch the offset is needed only here:

// ICCCM also wants the first 2 unsigned 32-bit values to be width and height

but not at the converting to BGRA.

[MarioLiebisch]

The offset is no longer there that way in the new commit.

Have to try that myself I guess. How do I set up the Steam Runtime?

[ghost]

@MarioLiebisch you're looking wrong way :) offset used 2 times. This commit removed second one.

https://github.com/SFML/SFML/blob/bugfix/xlib_set_icon/src/SFML/Window/Unix/WindowImplX11.cpp#L777

[ghost]

I'm sorry guys for lots of messages. So here's the last (i hope :) )

In the commit ca03b64 iconPixels was expanded to (width * height * 4 + 8) and assignment in the loop was offset by 8.

After in commit 9996b7a iconPixels' size was decreased back to (width * height * 4), but offset was left. So the bug is here.

@binary1248 thank you very much for returning to Xlib again. Yeah, that patch is huge, so it was easy to miss something

[binary1248]

Fixed.

[eXpl0it3r]

@Achpile Can you give this a try again?

[ghost]

@eXpl0it3r i think there's no need to do it :) because I made same changes for steam release and it looks like it works fine :)

[eXpl0it3r]

Tested on my Ubuntu VM works fine.

[eXpl0it3r]

This PR has been added to my merge list, meaning it will be merged soon, unless someone raises any concerns.