[Wesnoth-bugs] [bug #14145] assigning a large std::string to [scrollable_label]'s contents, leads to segmentation fault

Yurii Chernyi Mon, 17 Aug 2009 12:30:18 -0700

URL:
  <http://gna.org/bugs/?14145>


                 Summary: assigning a large std::string to
[scrollable_label]'s contents, leads to segmentation fault
                 Project: Battle for Wesnoth
            Submitted by: crab
            Submitted on: Monday 08/17/2009 at 22:30
                Category: Bug
                Severity: 3 - Normal
                Priority: 4
              Item Group: Graphics
                  Status: Confirmed
                 Privacy: Public
             Assigned to: mordante
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: r37919
        Operating System: Debian

    _______________________________________________________

Details:

Code:

execution_label->set_markup_mode(tcontrol::PANGO_MARKUP);
execution_label->set_label(execution_text.str());

Segfaults if execution_text.str() is big enough.

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb65726d0 (LWP 6789)]
0x085f9356 in draw (this=0x8e16c60, canv...@0xc7587d8, variabl...@0xc7587e0)
at src/gui/auxiliary/canvas.cpp:934
934             VALIDATE(static_cast<int>(x) < canvas->w &&
(gdb) bt
#0  0x085f9356 in draw (this=0x8e16c60, canv...@0xc7587d8,
variabl...@0xc7587e0) at src/gui/auxiliary/canvas.cpp:934
#1  0x085f8413 in gui2::tcanvas::draw (this=0xc7587c0, force=false) at
src/gui/auxiliary/canvas.cpp:1006
#2  0x085f84e3 in gui2::tcanvas::blit (this=0xc7587c0, su...@0xbffe4288,
rect={x = 15, y = 226, w = 922, h = 47759})
    at src/gui/auxiliary/canvas.cpp:1014
#3  0x083d941b in gui2::tcontrol::impl_draw_background (this=0xc7586c0,
frame_buff...@0xbffe4288) at src/gui/widgets/control.cpp:308
#4  0x0843427e in gui2::twidget::draw_background (this=0xc75874c,
frame_buff...@0xbffe4288) at src/gui/widgets/widget.cpp:249
#5  0x083e3a86 in gui2::tgrid::impl_draw_children (this=0xc758620,
frame_buff...@0xbffe4288) at src/gui/widgets/grid.cpp:853
#6  0x084341a6 in gui2::twidget::draw_children (this=0xc758668,
frame_buff...@0xbffe4288) at src/gui/widgets/widget.cpp:262
#7  0x0842666e in gui2::tscrollbar_container::impl_draw_children
(this=0xc758268, frame_buff...@0xbffe4288)
    at src/gui/widgets/scrollbar_container.cpp:557
#8  0x084341ef in gui2::twidget::draw_children (this=0xc7583b4,
frame_buff...@0xbffe4288) at src/gui/widgets/widget.cpp:264
#9  0x083e3a98 in gui2::tgrid::impl_draw_children (this=0xcb21284,
frame_buff...@0xbffe4288) at src/gui/widgets/grid.cpp:854
#10 0x084341ef in gui2::twidget::draw_children (this=0xcb212cc,
frame_buff...@0xbffe4288) at src/gui/widgets/widget.cpp:264
#11 0x083dca4a in gui2::tcontainer_::impl_draw_children (this=0xcb21200,
frame_buff...@0xbffe4288) at src/gui/widgets/container.cpp:120
#12 0x084341ef in gui2::twidget::draw_children (this=0xcb21654,
frame_buff...@0xbffe4288) at src/gui/widgets/widget.cpp:264
#13 0x08439163 in gui2::twindow::draw (this=0xcb21200) at
src/gui/widgets/window.cpp:568
#14 0x083e02db in gui2::tevent_handler::handle_event (this=0xcb2131c,
eve...@0xc5cb378) at src/gui/widgets/event_handler.cpp:259
#15 0x0880f75b in events::pump () at src/events.cpp:379
#16 0x0843ee89 in gui2::tevent_handler::process_events (this=0xcb2131c) at
src/gui/widgets/event_handler.hpp:45
#17 0x0843999d in gui2::twindow::show (this=0xcb21200, restore=true,
auto_close_timeout=0) at src/gui/widgets/window.cpp:413
#18 0x083a52ad in gui2::tdialog::show (this=0xbffe4544, vid...@0xbffe63fc,
auto_close_time=0) at src/gui/dialogs/dialog.cpp:48
#19 0x087446ac in game_logic::formula_debugger::show_gui (this=0xbffe46a0) at
src/formula_debugger.cpp:164
#20 0x087447be in game_logic::formula_debugger::check_breakpoints
(this=0xbffe46a0) at src/formula_debugger.cpp:146
#21 0x08744cec in game_logic::formula_debugger::evaluate_formula_callback
(this=0xbffe46a0, f...@0xbffe476c, variabl...@0xbffe4730)
    at src/formula_debugger.cpp:220
#22 0x0856cef1 in game_logic::evaluate_formula_callback (f...@0xbffe46a0,
f...@0xbffe476c, variabl...@0xbffe4730)
    at src/formula_debugger_fwd.cpp:44
#23 0x0830f8d2 in game_logic::formula::evaluate (this=0xbffe476c,
variabl...@0xbffe4730, fdb=0xbffe46a0)
    at src/gui/auxiliary/../../formula.hpp:48
#24 0x0870abc4 in ai::formula_ai::evaluate (this=0xb4b051c,
formula_s...@0xbffe4944) at src/ai/formula/ai.cpp:127
#25 0x086a4f9d in ai::engine_fai::evaluate (this=0xb4b0510, s...@0xbffe4944)
at src/ai/composite/engine_fai.cpp:123
#26 0x08697c18 in ai::ai_composite::evaluate (this=0xb4b02a8,
s...@0xbffe4944) at src/ai/composite/ai.cpp:85
#27 0x084ca6a6 in ai::manager::evaluate_command (side=1, s...@0xbffe4944) at
src/ai/manager.cpp:382
#28 0x085a3980 in events::menu_handler::do_ai_formula (this=0xbffe53a4,
s...@0xbffe4944, side_num=1) at src/menu_events.cpp:3121
#29 0x085e5680 in play_controller::enter_textbox (this=0xbffe52b8) at
src/play_controller.cpp:768
#30 0x085e5806 in play_controller::process_keydown_event (this=0xbffe52b8,
eve...@0xbdc6a78) at src/play_controller.cpp:863
#31 0x0855559d in controller_base::handle_event (this=0xbffe52b8,
eve...@0xbdc6a78) at src/controller_base.cpp:58
#32 0x0880f75b in events::pump () at src/events.cpp:379
#33 0x085552f1 in controller_base::play_slice (this=0xbffe52b8,
is_delay_enabled=true) at src/controller_base.cpp:184
#34 0x0824ce34 in playsingle_controller::play_human_turn (this=0xbffe52b8) at
src/playsingle_controller.cpp:703
#35 0x0824d25c in playsingle_controller::play_side (this=0xbffe52b8,
team_index=1, save=true) at src/playsingle_controller.cpp:604
#36 0x0824dc2b in playsingle_controller::play_turn (this=0xbffe52b8,
save=true) at src/playsingle_controller.cpp:561
#37 0x0825179f in playsingle_controller::play_scenario (this=0xbffe52b8,
sto...@0xbffe5a3c, l...@0xbffe632c, skip_replay=false, 
    end_level_result=0xbffe5a28) at src/playsingle_controller.cpp:370
#38 0x0823c8cb in playsingle_scenario (game_conf...@0xbffe6440,
level=0xbffe59a0, di...@0x8d3b748, state_of_ga...@0xbffe649c, 
    sto...@0xbffe5a3c, l...@0xbffe632c, skip_replay=false,
end_level=0xbffe5a28) at src/playcampaign.cpp:121
#39 0x08240096 in play_game (di...@0x8d3b748, gamesta...@0xbffe649c,
game_conf...@0xbffe6440, l...@0xbffe632c, io_type=IO_NONE, 
    skip_replay=false) at src/playcampaign.cpp:357
---Type <return> to continue, or q <return> to quit---
#40 0x08068970 in play_test (this=0xbffe63ec) at src/game.cpp:700
#41 0x0806aeee in do_gameloop (argc=7, argv=0xbffe68b4) at src/game.cpp:2024
#42 0x0806baf6 in main (argc=7, argv=0xbffe68b4) at src/game.cpp:2184
(gdb) q


===
Even if there's an inherent limit for the size of text, it would be much
better if it truncated the string instead of segfaulting.





    _______________________________________________________

Reply to this item at:

  <http://gna.org/bugs/?14145>

_______________________________________________
  Message sent via/by Gna!
  http://gna.org/


_______________________________________________
Wesnoth-bugs mailing list
[email protected]
https://mail.gna.org/listinfo/wesnoth-bugs

[Wesnoth-bugs] [bug #14145] assigning a large std::string to [scrollable_label]'s contents, leads to segmentation fault

Reply via email to