Possible fix for crash

Subject: Possible fix for crash
From: Nikolaj Brandt Jensen (mailbag@postman.dk)
Date: Mon Jun 25 2001 - 14:31:49 CDT

• sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Dom Lachowicz: "Re: Possible fix for crash"
• Previous message: Leonard Rosenthol: "Re: Mac OS Build (was Re: Abiword gets "recognition" at MacHack)"
• Next in thread: Dom Lachowicz: "Re: Possible fix for crash"
• Reply: Dom Lachowicz: "Re: Possible fix for crash"

Hi again.

Some days ago I wrote about a problem with AbiWord crashing in release
builds, but not in debug builds. Well, I think I have finally found
the problem.

I found that the stack was smashed in UT_UCS2String&
UT_UCS2String::operator+=(unsigned char rhs) and probably also in
UT_UCS2String& UT_UCS2String::operator+=(char rhs) since they are
almost identical.

UT_UCS_strcpy_char is called with single UT_UCSChar buffer as
destination. However, UT_UCS_strcpy_char copies the character AND a 16
bit null.

Changing the function in src\af\util\xp\ut_string_class.cpp to:
UT_UCS2String& UT_UCS2String::operator+=(unsigned char rhs)
{
        UT_UCSChar cs[2];
        char rs[2];

        // TODO: is this nonsense needed?
        rs[0] = (char)rhs; rs[1] = 0; // TODO: is this loss of 'unsigned'
safe?
        UT_UCS_strcpy_char (&cs[0], rs);

        pimpl->append(&cs[0], 1);
        return *this;
}

Fixes the problem :-)

Please commit this if someone with more insight into the strings stuff
thinks it look right.

        - Nikolaj

• Next message: Dom Lachowicz: "Re: Possible fix for crash"
• Previous message: Leonard Rosenthol: "Re: Mac OS Build (was Re: Abiword gets "recognition" at MacHack)"
• Next in thread: Dom Lachowicz: "Re: Possible fix for crash"
• Reply: Dom Lachowicz: "Re: Possible fix for crash"

This archive was generated by hypermail 2b25 : Mon Jun 25 2001 - 14:32:12 CDT