* Problem report #28
@ 2006-04-10 18:50 Dan Nicolaescu
2006-04-10 19:52 ` Stuart D. Herring
0 siblings, 1 reply; 3+ messages in thread
From: Dan Nicolaescu @ 2006-04-10 18:50 UTC (permalink / raw)
CID: 28
Checker: FORWARD_NULL (help)
File: emacs/src/xmenu.c
Function: Fx_popup_menu
Description: Variable "f" tracked as NULL was passed to a function that dereferences it.
Event assign_zero: Variable "f" assigned value 0.
Also see events: [var_deref_model]
790 FRAME_PTR f = NULL;
791 Lisp_Object x, y, window;
792 int keymaps = 0;
793 int for_click = 0;
794 int specpdl_count = SPECPDL_INDEX ();
795 struct gcpro gcpro1;
796
797 #ifdef HAVE_MENUS
798 if (! NILP (position))
799 {
800 int get_current_pos_p = 0;
801 check_x ();
802
803 /* Decode the first argument: find the window and the coordinates. */
804 if (EQ (position, Qt)
805 || (CONSP (position) && (EQ (XCAR (position), Qmenu_bar)
806 || EQ (XCAR (position), Qtool_bar))))
807 {
808 get_current_pos_p = 1;
809 }
810 else
811 {
812 tem = Fcar (position);
813 if (CONSP (tem))
814 {
815 window = Fcar (Fcdr (position));
816 x = XCAR (tem);
817 y = Fcar (XCDR (tem));
818 }
819 else
820 {
821 for_click = 1;
822 tem = Fcar (Fcdr (position)); /* EVENT_START (position) */
823 window = Fcar (tem); /* POSN_WINDOW (tem) */
824 tem = Fcar (Fcdr (Fcdr (tem))); /* POSN_WINDOW_POSN (tem) */
825 x = Fcar (tem);
826 y = Fcdr (tem);
827 }
828
829 /* If a click happens in an external tool bar or a detached
830 tool bar, x and y is NIL. In that case, use the current
831 mouse position. This happens for the help button in the
832 tool bar. Ideally popup-menu should pass NIL to
833 this function, but it doesn't. */
834 if (NILP (x) && NILP (y))
835 get_current_pos_p = 1;
836 }
837
At conditional (1): "get_current_pos_p != 0" taking true path
838 if (get_current_pos_p)
839 {
840 /* Use the mouse's current position. */
At conditional (2): "selected_frame & 7 == 4" taking true path
At conditional (3): "((0), (selected_frame & -8))->size & 1073742848 == 1073742848" taking true path
At conditional (4): "(((0), (selected_frame & -8))->output_data).nothing != 0" taking true path
841 FRAME_PTR new_f = SELECTED_FRAME ();
842 #ifdef HAVE_X_WINDOWS
843 /* Can't use mouse_position_hook for X since it returns
844 coordinates relative to the window the mouse is in,
845 we need coordinates relative to the edit widget always. */
At conditional (5): "new_f != 0" taking true path
846 if (new_f != 0)
847 {
848 int cur_x, cur_y;
849
850 mouse_position_for_popup (new_f, &cur_x, &cur_y);
851 /* cur_x/y may be negative, so use make_number. */
852 x = make_number (cur_x);
853 y = make_number (cur_y);
854 }
855
856 #else /* not HAVE_X_WINDOWS */
857 Lisp_Object bar_window;
858 enum scroll_bar_part part;
859 unsigned long time;
860
861 if (mouse_position_hook)
862 (*mouse_position_hook) (&new_f, 1, &bar_window,
863 &part, &x, &y, &time);
864 #endif /* not HAVE_X_WINDOWS */
865
At conditional (6): "new_f != 0" taking true path
866 if (new_f != 0)
867 XSETFRAME (window, new_f);
868 else
869 {
870 window = selected_window;
871 XSETFASTINT (x, 0);
872 XSETFASTINT (y, 0);
873 }
874 }
875
At conditional (7): "x & 7 != 0" taking false path
At conditional (8): "0" taking false path
876 CHECK_NUMBER (x);
At conditional (9): "y & 7 != 0" taking false path
At conditional (10): "0" taking false path
877 CHECK_NUMBER (y);
878
879 /* Decode where to put the menu. */
880
At conditional (11): "window & 7 == 4" taking false path
881 if (FRAMEP (window))
882 {
883 f = XFRAME (window);
884 xpos = 0;
885 ypos = 0;
886 }
At conditional (12): "window & 7 == 4" taking false path
887 else if (WINDOWP (window))
888 {
889 CHECK_LIVE_WINDOW (window);
890 f = XFRAME (WINDOW_FRAME (XWINDOW (window)));
891
892 xpos = WINDOW_LEFT_EDGE_X (XWINDOW (window));
893 ypos = WINDOW_TOP_EDGE_Y (XWINDOW (window));
894 }
895 else
896 /* ??? Not really clean; should be CHECK_WINDOW_OR_FRAME,
897 but I don't want to make one now. */
At conditional (13): "window & 7 != 4" taking true path
At conditional (14): "0" taking false path
898 CHECK_WINDOW (window);
899
900 xpos += XINT (x);
901 ypos += XINT (y);
902
903 XSETFRAME (Vmenu_updating_frame, f);
904 }
905 else
906 Vmenu_updating_frame = Qnil;
907 #endif /* HAVE_MENUS */
908
909 record_unwind_protect (unuse_menu_items, Qnil);
910 title = Qnil;
911 GCPRO1 (title);
912
913 /* Decode the menu items from what was specified. */
914
915 keymap = get_keymap (menu, 0, 0);
At conditional (15): "keymap & 7 == 5" taking true path
916 if (CONSP (keymap))
917 {
918 /* We were given a keymap. Extract menu info from the keymap. */
919 Lisp_Object prompt;
920
921 /* Extract the detailed info to make one pane. */
At conditional (16): "position == Qnil" taking false path
922 keymap_panes (&menu, 1, NILP (position));
923
924 /* Search for a string appearing directly as an element of the keymap.
925 That string is the title of the menu. */
926 prompt = Fkeymap_prompt (keymap);
At conditional (17): "title == Qnil" taking true path
At conditional (18): "prompt != Qnil" taking true path
927 if (NILP (title) && !NILP (prompt))
928 title = prompt;
929
930 /* Make that be the pane title of the first pane. */
At conditional (19): "prompt != Qnil" taking true path
At conditional (20): "menu_items_n_panes >= 0" taking true path
931 if (!NILP (prompt) && menu_items_n_panes >= 0)
932 XVECTOR (menu_items)->contents[MENU_ITEMS_PANE_NAME] = prompt;
933
934 keymaps = 1;
935 }
936 else if (CONSP (menu) && KEYMAPP (XCAR (menu)))
937 {
938 /* We were given a list of keymaps. */
939 int nmaps = XFASTINT (Flength (menu));
940 Lisp_Object *maps
941 = (Lisp_Object *) alloca (nmaps * sizeof (Lisp_Object));
942 int i;
943
944 title = Qnil;
945
946 /* The first keymap that has a prompt string
947 supplies the menu title. */
948 for (tem = menu, i = 0; CONSP (tem); tem = XCDR (tem))
949 {
950 Lisp_Object prompt;
951
952 maps[i++] = keymap = get_keymap (XCAR (tem), 1, 0);
953
954 prompt = Fkeymap_prompt (keymap);
955 if (NILP (title) && !NILP (prompt))
956 title = prompt;
957 }
958
959 /* Extract the detailed info to make one pane. */
960 keymap_panes (maps, nmaps, NILP (position));
961
962 /* Make the title be the pane title of the first pane. */
963 if (!NILP (title) && menu_items_n_panes >= 0)
964 XVECTOR (menu_items)->contents[MENU_ITEMS_PANE_NAME] = title;
965
966 keymaps = 1;
967 }
968 else
969 {
970 /* We were given an old-fashioned menu. */
971 title = Fcar (menu);
972 CHECK_STRING (title);
973
974 list_of_panes (Fcdr (menu));
975
976 keymaps = 0;
977 }
978
979 unbind_to (specpdl_count, Qnil);
980
At conditional (21): "position == Qnil" taking false path
981 if (NILP (position))
982 {
983 discard_menu_items ();
984 UNGCPRO;
985 return Qnil;
986 }
987
988 #ifdef HAVE_MENUS
989 /* Display them in a menu. */
990 BLOCK_INPUT;
991
Event var_deref_model: Variable "f" tracked as NULL was passed to a function that dereferences it. [model]
Also see events: [assign_zero]
992 selection = xmenu_show (f, xpos, ypos, for_click,
993 keymaps, title, &error_name);
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Problem report #28
2006-04-10 18:50 Problem report #28 Dan Nicolaescu
@ 2006-04-10 19:52 ` Stuart D. Herring
2006-04-11 6:32 ` Problem report #28 FALSE Jan D.
0 siblings, 1 reply; 3+ messages in thread
From: Stuart D. Herring @ 2006-04-10 19:52 UTC (permalink / raw)
I don't have an answer for this one, but I've trimmed the issue down for
clarity. We have the following if-else_if-else:
> 881 if (FRAMEP (window))
> 882 {
> 883 f = XFRAME (window);
> 884 xpos = 0;
> 885 ypos = 0;
> 886 }
>
> At conditional (12): "window & 7 == 4" taking false path
>
> 887 else if (WINDOWP (window))
> 888 {
> 889 CHECK_LIVE_WINDOW (window);
> 890 f = XFRAME (WINDOW_FRAME (XWINDOW (window)));
> 891
> 892 xpos = WINDOW_LEFT_EDGE_X (XWINDOW (window));
> 893 ypos = WINDOW_TOP_EDGE_Y (XWINDOW (window));
> 894 }
> 895 else
> 896 /* ??? Not really clean; should be CHECK_WINDOW_OR_FRAME,
> 897 but I don't want to make one now. */
>
> At conditional (13): "window & 7 != 4" taking true path
> At conditional (14): "0" taking false path
>
> 898 CHECK_WINDOW (window);
f, guaranteed to be NULL before this block, is assigned in the first two
cases but not in the third (which is tagged with a "huh?" comment). Later
f is used in a place Coverity claims requires non-nullity.
Hope this helps the next analyzer,
Davis
--
This product is sold by volume, not by mass. If it appears too dense or
too sparse, it is because mass-energy conversion has occurred during
shipping.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Problem report #28 FALSE
2006-04-10 19:52 ` Stuart D. Herring
@ 2006-04-11 6:32 ` Jan D.
0 siblings, 0 replies; 3+ messages in thread
From: Jan D. @ 2006-04-11 6:32 UTC (permalink / raw)
Cc: emacs-devel
Thanks for trimming it down. It is a very verbose report :-).
Stuart D. Herring wrote:
> I don't have an answer for this one, but I've trimmed the issue down for
> clarity. We have the following if-else_if-else:
>
>> 881 if (FRAMEP (window))
>> 882 {
>> 883 f = XFRAME (window);
>> 884 xpos = 0;
>> 885 ypos = 0;
>> 886 }
>>
>> At conditional (12): "window & 7 == 4" taking false path
>>
>> 887 else if (WINDOWP (window))
>> 888 {
>> 889 CHECK_LIVE_WINDOW (window);
>> 890 f = XFRAME (WINDOW_FRAME (XWINDOW (window)));
>> 891
>> 892 xpos = WINDOW_LEFT_EDGE_X (XWINDOW (window));
>> 893 ypos = WINDOW_TOP_EDGE_Y (XWINDOW (window));
>> 894 }
>> 895 else
>> 896 /* ??? Not really clean; should be CHECK_WINDOW_OR_FRAME,
>> 897 but I don't want to make one now. */
>>
>> At conditional (13): "window & 7 != 4" taking true path
>> At conditional (14): "0" taking false path
>>
>> 898 CHECK_WINDOW (window);
>
> f, guaranteed to be NULL before this block, is assigned in the first two
> cases but not in the third (which is tagged with a "huh?" comment). Later
> f is used in a place Coverity claims requires non-nullity.
>
The else where f is not asigned (the ??? part) does a CHECK_WINDOW (window)
where window obviously is not a window (checked in the if directly before), so
it signals an error and exits and the call to xmenu_show never happens.
Jan D.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-04-11 6:32 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-04-10 18:50 Problem report #28 Dan Nicolaescu
2006-04-10 19:52 ` Stuart D. Herring
2006-04-11 6:32 ` Problem report #28 FALSE Jan D.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).