DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
Link: http://www.fltk.org/str.php?L2647
Version: 1.3-current
I've been getting crashes sometimes in the X11 clipboard when getting stuff
out of primary from firefox. I didn't do any deep digging into exactly what
kind of junk it was sending as I figured the FLTK code needed to be robust
anyway. Included patch cleans up some old cruft and adds some sanity
checks. I'm no longer able to crash things here.
Link: http://www.fltk.org/str.php?L2647
Version: 1.3-current
diff -up fltk-1.3.x-r8732/src/Fl_x.cxx.orig fltk-1.3.x-r8732/src/Fl_x.cxx
--- fltk-1.3.x-r8732/src/Fl_x.cxx.orig 2011-05-26 17:11:08.158068729 +0200
+++ fltk-1.3.x-r8732/src/Fl_x.cxx 2011-05-26 17:15:35.860244660 +0200
@@ -1162,18 +1162,15 @@ int fl_handle(const XEvent& thisevent)
fl_event_time);
return true;
}
- XTextProperty text_prop;
- text_prop.value=portion;
- text_prop.format=format;
- text_prop.encoding=actual;
- text_prop.nitems=count;
- char **text_list;
- text_list = (char**)&portion;
- int bytesnew = strlen(*text_list)+1;
- buffer = (unsigned char*)realloc(buffer, bytesread+bytesnew+remaining);
- memcpy(buffer+bytesread, *text_list, bytesnew);
+ // Make sure we got something sane...
+ if ((portion == NULL) || (format != 8) || (count == 0))
+ return true;
+ buffer = (unsigned char*)realloc(buffer, bytesread+count+remaining+1);
+ memcpy(buffer+bytesread, portion, count);
XFree(portion);
- bytesread += bytesnew - 1;
+ bytesread += count;
+ // Cannot trust data to be null terminated
+ buffer[bytesread] = '\0';
if (!remaining) break;
}
if (buffer) {
_______________________________________________
fltk-bugs mailing list
[email protected]
http://lists.easysw.com/mailman/listinfo/fltk-bugs
