Skip Menu |

This queue is for tickets about the Tickit CPAN distribution.

Report information
The Basics
Id: 102093
Status: resolved
Priority: 0/
Queue: Tickit
People
Owner: Nobody in particular
Requestors: TEAM [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 0.50
Fixed in: 0.51

History Show all quoted text
  Thu Feb 12 15:42:41 2015 TEAM [...] cpan.org - Ticket created
Subject: Segmentation fault in ->text_at with \n
Finally managed to get a test case that triggers the segmentation fault issue mentioned a few times. This appears to be caused by the \n character, removing it from this test shows the lines as expected. Stacktrace just indicates memcpy(), all other stack frames have been lost by the time the segfault occurs. cheers, Tom
Subject: 2015-02-12-tickit-text_at-segfault.pl
#!/usr/bin/env perl use strict; use warnings; package Tickit::Widget::Segfault; use parent qw(Tickit::Widget); use Tickit::Style; use constant WIDGET_PEN_FROM_STYLE => 1; BEGIN { style_definition base => ; } sub lines { 1 } sub cols { 1 } sub render_to_rb { my ($self, $rb, $rect) = @_; $rb->clip($rect); $rb->clear; my @lines = map "$_\n", qw(one two three four); my $y = 0; $rb->text_at($y++, 0, shift(@lines), $self->get_style_pen) while @lines; } package main; use Tickit; Tickit->new( root => Tickit::Widget::Segfault->new( ) )->run;
  Thu Feb 12 15:43:20 2015 TEAM [...] cpan.org - Reference to ticket #101716 added
  Thu Feb 12 15:51:19 2015 TEAM [...] cpan.org - Correspondence added
Looking at the code in renderbuffer.c: 616 rb->texts[rb->n_texts] = malloc(len + 1); len is -1 on error, so that just needs checking before we hit this line I think?
  Thu Feb 12 15:56:24 2015 TEAM [...] cpan.org - Correspondence added
Confirmed no segfault with attached patch.
Subject: 2015-02-12-text_at_segfault.diff
diff --git a/src/renderbuffer.c b/src/renderbuffer.c index 39c96c5..2baaa56 100644 --- a/src/renderbuffer.c +++ b/src/renderbuffer.c @@ -600,6 +600,8 @@ int tickit_renderbuffer_textn_at(TickitRenderBuffer *rb, int line, int col, char TickitStringPos endpos; len = tickit_string_ncount(text, len, &endpos, NULL); + if(1 + len == 0) + return -1; int cols = endpos.columns; int ret = cols;
  Thu Feb 12 15:56:29 2015 TEAM [...] cpan.org - Status changed from 'new' to 'patched'
  Fri Feb 13 16:44:42 2015 leonerd-cpan [...] leonerd.org.uk - Correspondence added
That seems to fix it. Will be in next release. -- Paul Evans
  Wed Apr 22 04:31:06 2015 leonerd-cpan [...] leonerd.org.uk - Correspondence added
Released in libtickit bundled with Tickit 0.51 -- Paul Evans
  Wed Apr 22 04:31:07 2015 leonerd-cpan [...] leonerd.org.uk - Status changed from 'patched' to 'resolved'
  Wed Apr 22 04:31:13 2015 leonerd-cpan [...] leonerd.org.uk - Fixed in 0.51 added