Re: Segmentation fault in winmenu.c:updateWorkspaceMenu()

Tue, 26 Sep 2017 06:04:38 -0700 

On Thu, 14 Sep 2017, Robert Wolf wrote:

> /**************************************************/
> /**** this is current code from git now ****/
> 358 static void updateWorkspaceMenu(WMenu * menu)
> 359 {
> 360   WScreen *scr = menu->frame->screen_ptr;
> 361   char title[MAX_WORKSPACENAME_WIDTH + 1];
> 362   WMenuEntry *entry;
> 363   int i;
> 364 
> 365   for (i = 0; i < scr->workspace_count; i++) {
> 366     if (i < menu->entry_no) {
> 367 
> 368       entry = menu->entries[i];
> 369       if (strcmp(entry->text, scr->workspaces[i]->name) != 0) {
> 370         wfree(entry->text);
> 371         strncpy(title, scr->workspaces[i]->name, MAX_WORKSPACENAME_WIDTH);
> 372         title[MAX_WORKSPACENAME_WIDTH] = 0;
> 373         menu->entries[i]->text = wstrdup(title);
> 374         menu->entries[i]->rtext = 
> GetShortcutKey(wKeyBindings[WKBD_MOVE_WORKSPACE1 + i]);
> 375         menu->flags.realized = 0;
> 376       }
> 377     } else {
> 378       strncpy(title, scr->workspaces[i]->name, MAX_WORKSPACENAME_WIDTH);
> 379       title[MAX_WORKSPACENAME_WIDTH] = 0;
> 380 
> 381       entry = wMenuAddCallback(menu, title, switchWSCommand, NULL);
> 382       entry->rtext = GetShortcutKey(wKeyBindings[WKBD_MOVE_WORKSPACE1 + 
> i]);
> 383 
> 384       menu->flags.realized = 0;
> 385     }
> 386 
> 387     /* workspace shortcut labels */
> 388     if (i / 10 == scr->current_workspace / 10)
> 389       entry->rtext = GetShortcutKey(wKeyBindings[WKBD_MOVE_WORKSPACE1 + 
> (i % 10)]);
> 390     else
> 391       entry->rtext = NULL;
> 392   }
> 393 
> 394   if (!menu->flags.realized)
> 395     wMenuRealize(menu);
> 396 }
> /**************************************************/
> 
> As you can see the line 381 contains wKeyBindings[WKBD_MOVE_WORKSPACE1 + i]. 
> The same code is on the line 373, but the line 388 contains 
> wKeyBindings[WKBD_MOVE_WORKSPACE1 + (i % 10)].


Hello all,

I have read last few days this code again and again and if I correctly
understand this code, the entry->rtext is correctly set on line 389, so the
code on lines 374 and 382 is useless. The code on lines 374 and 382 is
incorrect, because "WKBD_MOVE_WORKSPACE1 + i" can point out of the array
wKeyBindings[] for i>30 (or so).

I have used gdb on running wmaker --for-real and I could really see that this
code reads the values from some memory behind wKeyBindings array.

Could you please check this code and remove these lines 374 and 382? This code
comes from Iain Patterson - should I ask directly him to fix this code or can
someone else do that too?

Thank you very much for your answer and update.

Regards


Robert Wolf.


-- 
To unsubscribe, send mail to wmaker-dev-unsubscr...@lists.windowmaker.org.

Reply via email to