In message <[EMAIL PROTECTED]> on Sun, 21 May 2006 14:42:00 -0400, Todd Kover
<[EMAIL PROTECTED]> said:
kovert> > Didn't it help enough to make tmp_win->HiliteImage NULL?
kovert>
kovert> no. It still ended up freeing memory that was already freed.
kovert> I'm not quite clear on where it got the value from to pass in
kovert> after setting it to NULL.
Wait, so you're saying that after you set it to NULL, some other value
is placed there?
Aha, I think I know why. In events.c, HandleDestroyNotify doesn't set
Tmp_win to NULL, which means that the next call to it will try to
delete whatever it points at. In the mean time, that are of memory
has most likely been reallocated, making Tmp_win point at apparently
bogus data, most probably leading to a crash! So it's quite likely
that the following patch fixes this problem. Can you verify that
(remove your #id 0 and #endif)?
--- events.c bf62739b47179668fa7b5aa47c35af1e4be19c64
+++ events.c 69f6f0e64e740e88fd1ec2899c7c158c27a9289a
@@ -2335,6 +2335,7 @@
DeleteIconsList (Tmp_win); /* 14 */
free((char *)Tmp_win);
+ Tmp_Win = NULL;
if (Scr->ClickToFocus || Scr->SloppyFocus)
set_last_window (Scr->currentvs->wsw->currentwspc);
I think we need to make an effort to check that we reset free'd things
with a NULL everywhere that happens.
Cheers,
Richard
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte [EMAIL PROTECTED]
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis
