Package: gbdfed
Version: 1.5-1.1
Tags: patch
While attempting to debug another problem in gbdfed, I encountered a
crash in gbdfed which only manifests for me when compiling with -O0.
I had cloned the Debian git repository of gbdfed and built an
executable from commit af836277a7bb2b01bfb9433612640cc258edfdd3
using './configure' followed by 'make -g -O0', and when I tried to
run it and double-click on a glyph to open the glyph editor window,
I saw these messages, followed by a segfault:
(gbdfed:21556): GLib-GObject-WARNING **: invalid cast from `Glyphedit' to
`<unknown>'
(gbdfed:21556): GLib-GObject-WARNING **: invalid class cast from `Glyphedit' to
`<unknown>'
(gbdfed:21556): GLib-GObject-WARNING **: invalid cast from `Glyphedit' to
`<unknown>'
** (gbdfed:21556): CRITICAL **: glyphedit_set_grid: assertion
`IS_GLYPHEDIT(gw)' failed
(gbdfed:21556): GLib-GObject-WARNING **: invalid cast from `Glyphedit' to
`<unknown>'
** (gbdfed:21556): CRITICAL **: glyphedit_set_pixel_size: assertion
`IS_GLYPHEDIT(gw)' failed
(gbdfed:21556): GLib-GObject-WARNING **: invalid cast from `Glyphedit' to
`<unknown>'
** (gbdfed:21556): CRITICAL **: glyphedit_set_show_x_height: assertion
`IS_GLYPHEDIT(gw)' failed
(gbdfed:21556): GLib-GObject-WARNING **: invalid cast from `Glyphedit' to
`<unknown>'
** (gbdfed:21556): CRITICAL **: glyphedit_set_show_cap_height: assertion
`IS_GLYPHEDIT(gw)' failed
(gbdfed:21556): GLib-GObject-WARNING **: invalid cast from `Glyphedit' to
`<unknown>'
(gbdfed:21556): GLib-GObject-WARNING **: invalid cast from `Glyphedit' to
`<unknown>'
** (gbdfed:21556): CRITICAL **: glyphedit_get_image: assertion
`IS_GLYPHEDIT(gw)' failed
I debugged the problem and traced it to an array overrun. All those
casts to 'unknown' arose because glyphedit_get_type() was returning
a bogus value; this in turn arose because the static variable
glyphedit_type inside that function was being overwritten by the
assignment to glyphedit_signals[COLOR_CHANGE] in
glyphedit_class_init(), and the reason that was failing was because
glyphedit_signals[] was being declared as an array of size 3
(OPERATION_CHANGE+1) and that assignment was writing to element 3,
i.e. just beyond the end of the array. It looks as if the code had
previously been correct, but the declaration of glyphedit_signals[]
should have been updated when the COLOR_CHANGE signal was added at
the end of the enum.
I attach a patch which fixes the problem for me (gbdfed now runs
cleanly under gdb and even under valgrind), and should remain robust
against further extensions to the signal enumeration.
Cheers,
Simon
--
Simon Tatham What do we want? ROT13!
<ana...@pobox.com> When do we want it? ABJ!
diff --git a/glyphedit.c b/glyphedit.c
index 8e453e7..4b9a2ee 100644
--- a/glyphedit.c
+++ b/glyphedit.c
@@ -104,7 +104,8 @@ enum {
GLYPH_MODIFIED = 0,
POINTER_MOVED,
OPERATION_CHANGE,
- COLOR_CHANGE
+ COLOR_CHANGE,
+ NUM_SIGNALS
};
/**************************************************************************
@@ -114,7 +115,7 @@ enum {
**************************************************************************/
static GtkWidgetClass *parent_class = 0;
-static guint glyphedit_signals[OPERATION_CHANGE + 1];
+static guint glyphedit_signals[NUM_SIGNALS];
/**************************************************************************
*
