DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New] Link: http://www.fltk.org/str.php?L2730 Version: 1.3-current The fix for the access at offset -1 (STR #2691) causes an out of bounds access at the other end, e.g.: ==22171== Invalid read of size 1 ==22171== at 0x80DA58F: Fl_Text_Display::measure_proportional_character(char const*, int, int) const (Fl_Text_Display.cxx:3220) ==22171== by 0x80DA42B: Fl_Text_Display::wrapped_line_counter(Fl_Text_Buffer*, int, int, int, bool, int, int*, int*, int*, int*, bool) const (Fl_Text_Display.cxx:3164) ==22171== by 0x80D69DD: Fl_Text_Display::count_lines(int, int, bool) const (Fl_Text_Display.cxx:1162) ==22171== by 0x80D4C5B: Fl_Text_Display::resize(int, int, int, int) (Fl_Text_Display.cxx:320) ==22171== by 0x80D72BD: Fl_Text_Display::buffer_modified_cb(int, int, int, int, char const*, void*) (Fl_Text_Display.cxx:1485) ==22171== by 0x80D3483: Fl_Text_Buffer::call_modify_callbacks(int, int, int, int, char const*) const (Fl_Text_Buffer.cxx:1310) ==22171== by 0x80D1565: Fl_Text_Buffer::text(char const*) (Fl_Text_Buffer.cxx:188) ==22171== Address 0x4867457 is 0 bytes after a block of size 1,583 alloc'd ==22171== at 0x402562C: malloc (vg_replace_malloc.c:236) ==22171== by 0x80D14F1: Fl_Text_Buffer::text(char const*) (Fl_Text_Buffer.cxx:178) p is buf->length()-1, and so is b initially. "if (b<lineStart) b = lineStart;" increases it to buf->length(). "const char *s = buf->address(b);" gets a value just beyond the end of the buffer. Link: http://www.fltk.org/str.php?L2730 Version: 1.3-current _______________________________________________ fltk-bugs mailing list [email protected] http://lists.easysw.com/mailman/listinfo/fltk-bugs
