Patch for bug in gtkrc.c:gtk_rc_get_token()




There is a vicious bug in gtk_rc_get_token(), which is rather hard to
trigger (although not so hard, since I got bitten), but as they say,
"with enough eyes to look at, all bugs are shallow".

The bug happens when the buffer ends with a complete token, and so
after the next read from the gtkrc, the buffer begins with a
space. The global var 'position' has been reset to 0 just before
re-reading the buffer (l.488).

Immediately after the gtkrc read, a new char (in this case, a space)
is read from the buffer and 'position' is incremented (l.497). So we
finish the parsing of the last token, for instance a symbol (l.567),
and 'position' is decremented back to 0, which is where we arm the
gun (click).

Given the test at l.489, 'position' equals 0 and we read from the
gtkrc into the buffer once again (bang), while only the first char of
the buffer's previous content was used. Our foot is now shot (ouch).

Here's a patch :

--- gtkrc.c.old Sun Dec 28 00:44:01 1997
+++ gtkrc.c     Sun Dec 28 00:39:44 1997
@@ -484,10 +484,10 @@
 
   while (1)
     {
-      if (position >= (buffer_size - 1))
-       position = 0;
-      if (!position || (buffer[position] == '\0'))
+
+      if ((position >= (buffer_size - 1)) || (buffer[position] == '\0'))
        {
+         position = 0;
          count = fread (buffer, sizeof (char), buffer_size - 1, input_fp);
          if ((count == 0) && feof (input_fp))
            return TOKEN_EOF;


-- 
					Guillaume.
					http://www.worldnet.fr/~glaurent



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]