Re: gtk+-1.2.xxx fatal error in gtktext.c

From: Owen Taylor <otaylor redhat com>
To: Vladimir Tsichevski <wowa jet msk su>
Cc: gtk-devel-list gnome org
Subject: Re: gtk+-1.2.xxx fatal error in gtktext.c
Date: 23 Oct 2001 13:35:02 -0400

Vladimir Tsichevski <wowa jet msk su> writes:

> Hi GTK developers,
> 
> I found an error in gtktext.c module which results in application
> crash (an attempt to address a zero pointer). The problem arises only
> when a specific conditions are met. That's why nobody bumped into this 
> bug before.
> 
> The crash occures if all these conditions are met:
> 
> 1. You try try to delete a text fragment
> 2. The deletion implies exactly one and entire TextProperty object
> deletion
> 3. The text cursor (text->cursor_mark) points to the end of removed property
> 
> In a course of text deletion the cursor mark moves to the very
> beginning of the property to be removed. So, after the deletion
> completes, the cursor mark property field points to non-existent
> property (the property out of the text property list). The program
> crashed when attempting any next operation with the text.
> 
> The problem can be fixed easily. Every time any property is to be
> deleted, the property list pointer should be compared with the
> property list pointer in a cursor_mark. If they are same, the
> cursor_mark should be refreshed using the find_mark(). Moreover, the
> comment in delete_text_property() says the cursor might need fixing,
> but no measures are really taken even in the last gtk-1.2 releases.

Thanks for the patch. If you want it to be considered for 1.2.11, you
should file a bug in bugzilla.gnome.org. (See the README file in
GTK+-1.2.10 for detailed instructions.) Otherwise, we are very likely
to forget about it.

Also, we'd really prefer it if patches were submitted with 'diff -u';
it's not really possible to apply patches with straight 'diff'.

(As has been pointed out in gtk-list, GtkText is not known buggy
and we aren't spending time on fixing it, but if I can quickly
verify that your patch is correct and isn't likely to introduce
new problems elsewhere - I'll apply it for 1.2.11.)

Regards,
                                        Owen

> 
> Here is the patch:
> 
> bash-2.04$ diff gtktext.c /jet/wowa/build/gtk+-1.2.10/gtk/gtktext.c
> 3397,3398d3396
> < 	  gboolean cursor_mark_destroyed;
> < 
> 3401,3403d3398
> < 	  cursor_mark_property_destroyed =
> < 	    (tmp == MARK_LIST_PTR (&text->cursor_mark));
> < 
> 3407,3410d3401
> < 
> < 	  if (cursor_mark_property_destroyed)
> < 	    text->cursor_mark = find_mark (text, text->cursor_mark.index);
> <

References:
- gtk+-1.2.xxx fatal error in gtktext.c
  - From: Vladimir Tsichevski

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]