* Problem report #33
@ 2006-05-14 4:38 Dan Nicolaescu
2006-05-14 11:03 ` Kim F. Storm
2006-05-14 11:31 ` Problem report #33 RESOLVED Jan D.
0 siblings, 2 replies; 6+ messages in thread
From: Dan Nicolaescu @ 2006-05-14 4:38 UTC (permalink / raw)
This one reappeared after the last xterm.c checkin.
Is it OK not to check f for NULL here?
CID: 33
Checker: NULL_RETURNS (help)
File: base/src/emacs/src/xterm.c
Function: handle_one_xevent
Description: Dereferencing NULL value "f"
5801 #ifdef HACK_EDITRES
5802 if (event.xclient.message_type
5803 == dpyinfo->Xatom_editres)
5804 {
Event returned_null: Function "x_any_window_to_frame" returned NULL value (checked 8 out of 9 times) [model]
Event var_assigned: Variable "f" assigned to NULL return value from "x_any_window_to_frame"
Also see events: [var_assigned][dereference]
5805 f = x_any_window_to_frame (dpyinfo, event.xclient.window);
Event dereference: Dereferencing NULL value "f"
Also see events: [returned_null][var_assigned]
5806 _XEditResCheckMessages (f->output_data.x->widget, NULL,
5807 &event, NULL);
5808 goto done;
5809 }
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem report #33
2006-05-14 4:38 Problem report #33 Dan Nicolaescu
@ 2006-05-14 11:03 ` Kim F. Storm
2006-05-14 11:31 ` Problem report #33 RESOLVED Jan D.
1 sibling, 0 replies; 6+ messages in thread
From: Kim F. Storm @ 2006-05-14 11:03 UTC (permalink / raw)
Cc: emacs-devel
Dan Nicolaescu <dann@ics.uci.edu> writes:
> This one reappeared after the last xterm.c checkin.
> Is it OK not to check f for NULL here?
>
> CID: 33
> Checker: NULL_RETURNS (help)
> File: base/src/emacs/src/xterm.c
> Function: handle_one_xevent
> Description: Dereferencing NULL value "f"
>
> 5801 #ifdef HACK_EDITRES
> 5802 if (event.xclient.message_type
> 5803 == dpyinfo->Xatom_editres)
> 5804 {
>
> Event returned_null: Function "x_any_window_to_frame" returned NULL value (checked 8 out of 9 times) [model]
> Event var_assigned: Variable "f" assigned to NULL return value from "x_any_window_to_frame"
> Also see events: [var_assigned][dereference]
>
> 5805 f = x_any_window_to_frame (dpyinfo, event.xclient.window);
>
> Event dereference: Dereferencing NULL value "f"
> Also see events: [returned_null][var_assigned]
>
> 5806 _XEditResCheckMessages (f->output_data.x->widget, NULL,
> 5807 &event, NULL);
> 5808 goto done;
> 5809 }
Looks like a real bug -- and there's another incident a few lines below.
Here is a "fix":
*** xterm.c 14 May 2006 02:24:31 +0200 1.911
--- xterm.c 14 May 2006 13:02:15 +0200
***************
*** 5803,5808 ****
--- 5803,5810 ----
== dpyinfo->Xatom_editres)
{
f = x_any_window_to_frame (dpyinfo, event.xclient.window);
+ if (!f)
+ goto OTHER;
_XEditResCheckMessages (f->output_data.x->widget, NULL,
&event, NULL);
goto done;
***************
*** 5820,5825 ****
--- 5822,5829 ----
images, only, which should have 1 page. */
Pixmap pixmap = (Pixmap) event.xclient.data.l[1];
f = x_window_to_frame (dpyinfo, event.xclient.window);
+ if (!f)
+ goto OTHER;
x_kill_gs_process (pixmap, f);
expose_frame (f, 0, 0, 0, 0);
goto done;
--
Kim F. Storm <storm@cua.dk> http://www.cua.dk
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem report #33 RESOLVED
2006-05-14 4:38 Problem report #33 Dan Nicolaescu
2006-05-14 11:03 ` Kim F. Storm
@ 2006-05-14 11:31 ` Jan D.
2006-05-15 21:46 ` Kim F. Storm
1 sibling, 1 reply; 6+ messages in thread
From: Jan D. @ 2006-05-14 11:31 UTC (permalink / raw)
Cc: emacs-devel
Dan Nicolaescu wrote:
> This one reappeared after the last xterm.c checkin.
> Is it OK not to check f for NULL here?
>
No it is not OK. If someone tries to get the widget tree with editres
on an Emacs lucid dialog for example, Emacs will crash. I've checked in
a fix.
Jan D.
> CID: 33
> Checker: NULL_RETURNS (help)
> File: base/src/emacs/src/xterm.c
> Function: handle_one_xevent
> Description: Dereferencing NULL value "f"
>
> 5801 #ifdef HACK_EDITRES
> 5802 if (event.xclient.message_type
> 5803 == dpyinfo->Xatom_editres)
> 5804 {
>
> Event returned_null: Function "x_any_window_to_frame" returned NULL value (checked 8 out of 9 times) [model]
> Event var_assigned: Variable "f" assigned to NULL return value from "x_any_window_to_frame"
> Also see events: [var_assigned][dereference]
>
> 5805 f = x_any_window_to_frame (dpyinfo, event.xclient.window);
>
> Event dereference: Dereferencing NULL value "f"
> Also see events: [returned_null][var_assigned]
>
> 5806 _XEditResCheckMessages (f->output_data.x->widget, NULL,
> 5807 &event, NULL);
> 5808 goto done;
> 5809 }
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem report #33 RESOLVED
2006-05-14 11:31 ` Problem report #33 RESOLVED Jan D.
@ 2006-05-15 21:46 ` Kim F. Storm
2006-05-16 6:16 ` Jan Djärv
0 siblings, 1 reply; 6+ messages in thread
From: Kim F. Storm @ 2006-05-15 21:46 UTC (permalink / raw)
Cc: Dan Nicolaescu, emacs-devel
"Jan D." <jan.h.d@swipnet.se> writes:
> Dan Nicolaescu wrote:
>> This one reappeared after the last xterm.c checkin.
>> Is it OK not to check f for NULL here?
>>
>
> No it is not OK. If someone tries to get the widget tree with editres
> on an Emacs lucid dialog for example, Emacs will crash. I've checked
> in a fix.
What about the x_window_to_frame call in relation to Ghostview?
If it can return NULL, emacs will crash...
Index: xterm.c
===================================================================
RCS file: /cvsroot/emacs/emacs/src/xterm.c,v
retrieving revision 1.912
diff -c -r1.912 xterm.c
*** xterm.c 14 May 2006 11:26:07 -0000 1.912
--- xterm.c 15 May 2006 21:43:13 -0000
***************
*** 5821,5826 ****
--- 5821,5828 ----
images, only, which should have 1 page. */
Pixmap pixmap = (Pixmap) event.xclient.data.l[1];
f = x_window_to_frame (dpyinfo, event.xclient.window);
+ if (!f)
+ goto OTHER;
x_kill_gs_process (pixmap, f);
expose_frame (f, 0, 0, 0, 0);
goto done;
--
Kim F. Storm <storm@cua.dk> http://www.cua.dk
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem report #33 RESOLVED
2006-05-15 21:46 ` Kim F. Storm
@ 2006-05-16 6:16 ` Jan Djärv
2006-05-16 11:08 ` Kim F. Storm
0 siblings, 1 reply; 6+ messages in thread
From: Jan Djärv @ 2006-05-16 6:16 UTC (permalink / raw)
Cc: Dan Nicolaescu, emacs-devel
> What about the x_window_to_frame call in relation to Ghostview?
> If it can return NULL, emacs will crash...
>
It can return NULL if the window has been removed (i.e. it is a race problem).
Probably not that common in real life, but I think you should check in your fix.
Jan D.
>
> Index: xterm.c
> ===================================================================
> RCS file: /cvsroot/emacs/emacs/src/xterm.c,v
> retrieving revision 1.912
> diff -c -r1.912 xterm.c
> *** xterm.c 14 May 2006 11:26:07 -0000 1.912
> --- xterm.c 15 May 2006 21:43:13 -0000
> ***************
> *** 5821,5826 ****
> --- 5821,5828 ----
> images, only, which should have 1 page. */
> Pixmap pixmap = (Pixmap) event.xclient.data.l[1];
> f = x_window_to_frame (dpyinfo, event.xclient.window);
> + if (!f)
> + goto OTHER;
> x_kill_gs_process (pixmap, f);
> expose_frame (f, 0, 0, 0, 0);
> goto done;
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem report #33 RESOLVED
2006-05-16 6:16 ` Jan Djärv
@ 2006-05-16 11:08 ` Kim F. Storm
0 siblings, 0 replies; 6+ messages in thread
From: Kim F. Storm @ 2006-05-16 11:08 UTC (permalink / raw)
Cc: Dan Nicolaescu, emacs-devel
Jan Djärv <jan.h.d@swipnet.se> writes:
> It can return NULL if the window has been removed (i.e. it is a race
> problem). Probably not that common in real life, but I think you
> should check in your fix.
Done. Thanks.
--
Kim F. Storm <storm@cua.dk> http://www.cua.dk
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2006-05-16 11:08 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-05-14 4:38 Problem report #33 Dan Nicolaescu
2006-05-14 11:03 ` Kim F. Storm
2006-05-14 11:31 ` Problem report #33 RESOLVED Jan D.
2006-05-15 21:46 ` Kim F. Storm
2006-05-16 6:16 ` Jan Djärv
2006-05-16 11:08 ` Kim F. Storm
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).