Hi GTK developers,
I write it once to gtk-devel-list, but the message was rejected cause I'm not subscribed, so I'm resending it to this list. I found an error in gtktext.c module which results in application crash (an attempt to address a zero pointer). The problem arises only when a specific conditions are met. That's why nobody bumped into this bug before. The crash occures if all these conditions are met: 1. You try try to delete a text fragment 2. The deletion implies exactly one and entire TextProperty object deletion 3. The text cursor (text->cursor_mark) points to the end of removed property In a course of text deletion the cursor mark moves to the very beginning of the property to be removed. So, after the deletion completes, the cursor mark property field points to non-existent property (the property out of the text property list). The program crashed when attempting any next operation with the text. The problem can be fixed easily. Every time any property is to be deleted, the property list pointer should be compared with the property list pointer in a cursor_mark. If they are same, the cursor_mark should be refreshed using the find_mark(). Moreover, the comment in delete_text_property() says the cursor might need fixing, but no measures are really taken even in the last gtk-1.2 releases. Here is the patch: bash-2.04$ diff gtktext.c /jet/wowa/build/gtk+-1.2.10/gtk/gtktext.c 3397,3398d3396 < gboolean cursor_mark_destroyed; < 3401,3403d3398 < cursor_mark_property_destroyed = < (tmp == MARK_LIST_PTR (&text->cursor_mark)); < 3407,3410d3401 < < if (cursor_mark_property_destroyed) < text->cursor_mark = find_mark (text, text->cursor_mark.index); < Regards, Vladimir V. Tsichevski senior expert ----------------------------------------------------- Any opinions or recommendations herein are those of the author and not of his computer. _______________________________________________ gtk-list mailing list [EMAIL PROTECTED] http://mail.gnome.org/mailman/listinfo/gtk-list
