Re: Gtk 1.0.1 - SEGV in selection handling

[Owen Taylor <otaylor gtk org>]

Des Herriott <des@ops.netcom.net.uk> writes:

> Looks like 1.0.1 has introduced an error in the selection handling
> code.  Happens to me on Solaris, you can reproduce it by selecting some
> text in an entry widget and typing over it.  The application crashes
> with a SIGSEGV.

Ugh. The segfault isn't reproducible here, but you're certainly
right about the error.
 
> It seems a change was made in gtkselection.c around line 633 which
> would cause this - in 1.0.0 tmp_list was compared with NULL before
> going any further.  In 1.0.1, it isn't, and selection_info gets
> dereferenced.  When it's NULL (since current_selections is NULL), the
> application crashes.
> 
> This patch seems to fix it, but is the Right Thing To Do?

Pretty much. I would write it a bit differently, but with the
same effect:

Index: gtkselection.c
===================================================================
RCS file: /debian/home/gnomecvs/gtk+/gtk/gtkselection.c,v
retrieving revision 1.9.2.1
diff -u -r1.9.2.1 gtkselection.c
--- gtkselection.c	1998/04/29 02:50:40	1.9.2.1
+++ gtkselection.c	1998/05/05 15:00:48
@@ -630,18 +630,20 @@
       tmp_list = tmp_list->next;
     }
     
-  if (selection_info->time > event->time)
-    return FALSE;		/* return FALSE to indicate that
+  if (tmp_list)
+    {
+      if (selection_info->time > event->time)
+	return FALSE;		/* return FALSE to indicate that
 				 * the selection was out of date,
 				 * and this clear should be ignored */
-  else
-    if (tmp_list)
-      {
-	current_selections = g_list_remove_link (current_selections, tmp_list);
-	g_list_free (tmp_list);
-	g_free (selection_info);
-      }
-
+      else
+	{
+	  current_selections = g_list_remove_link (current_selections, tmp_list);
+	  g_list_free (tmp_list);
+	  g_free (selection_info);
+	}
+    }
+  
   return TRUE;
 }