Hi,
I came across a crash in pygtk_generic_cell_renderer_get_size(). It
doesn't check to see if the arguments passed in are NULL before passing
them to PyArg_ParseTuple(), which dereferences them and crashes.
I've filed bug #97436 about it, and attached this patch to it.
Joe
Index: pygtkcellrenderer.c
===================================================================
RCS file: /cvs/gnome/gnome-python/pygtk/gtk/pygtkcellrenderer.c,v
retrieving revision 1.2
diff -u -p -u -r1.2 pygtkcellrenderer.c
--- pygtkcellrenderer.c 20 Jul 2002 05:44:37 -0000 1.2
+++ pygtkcellrenderer.c 1 Nov 2002 20:16:26 -0000
@@ -94,6 +94,7 @@ pygtk_generic_cell_renderer_get_size (Gt
gint *height)
{
PyObject *self, *py_ret, *py_widget, *py_cell_area;
+ gint my_x, my_y, my_width, my_height;
g_return_if_fail(PYGTK_IS_GENERIC_CELL_RENDERER (cell));
@@ -117,13 +118,26 @@ pygtk_generic_cell_renderer_get_size (Gt
Py_DECREF(py_widget);
Py_DECREF(py_cell_area);
- if (!PyArg_ParseTuple(py_ret, "iiii", x_offset, y_offset, width, height)) {
+ if (!PyArg_ParseTuple(py_ret, "iiii",
+ &my_x, &my_y, &my_width, &my_height)) {
PyErr_Clear();
Py_DECREF(py_ret);
g_warning("could not parse return value of get_size() method. "
"Should be of form (x_offset, y_offset, width, height)");
return;
}
+
+ if (x_offset)
+ *x_offset = my_x;
+
+ if (y_offset)
+ *y_offset = my_y;
+
+ if (width)
+ *width = my_width;
+
+ if (height)
+ *height = my_height;
/* success */
}
