From fd5b72265103be114ba6ded69791fa7a81ba4c6e Mon Sep 17 00:00:00 2001 From: dkf Date: Tue, 19 Jan 2010 22:02:41 +0000 Subject: [Bug 2931374]: Stop overflow of working buffer during construction of long tag expressions. FossilOrigin-Name: 4952176bcce51eb1b6ca8addb37b21c12b8ad4f9 --- ChangeLog | 9 +++++++-- generic/tkCanvas.c | 8 ++++++-- tests/canvas.test | 11 ++++++++++- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8311038..bd09fbe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,12 @@ +2010-01-19 Donal K. Fellows + + * generic/tkCanvas.c (TagSearchScanExpr): [Bug 2931374]: Stop overflow + of working buffer during construction of long tag expressions. + 2010-01-18 Jan Nijtmans - * generic/tkCanvas.c Apply patch [#2932808 ]: Canvas items - not updating on widget state change + * generic/tkCanvas.c: [Patch 2932808]: Canvas items not + updating on widget state change. 2010-01-09 Pat Thoyts diff --git a/generic/tkCanvas.c b/generic/tkCanvas.c index eed2d5a..fa160b9 100644 --- a/generic/tkCanvas.c +++ b/generic/tkCanvas.c @@ -12,7 +12,7 @@ * See the file "license.terms" for information on usage and redistribution of * this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tkCanvas.c,v 1.46.2.3 2010/01/18 21:20:09 nijtmans Exp $ + * RCS: @(#) $Id: tkCanvas.c,v 1.46.2.4 2010/01/19 22:02:43 dkf Exp $ */ /* #define USE_OLD_TAG_SEARCH 1 */ @@ -3233,7 +3233,11 @@ TagSearchScanExpr( while (searchPtr->stringIndex < searchPtr->stringLength) { c = searchPtr->string[searchPtr->stringIndex++]; - if (expr->allocated == expr->index) { + /* + * Need two slots free at this point, not one. [Bug 2931374] + */ + + if (expr->index >= expr->allocated-1) { expr->allocated += 15; if (expr->uids) { expr->uids = (Tk_Uid *) diff --git a/tests/canvas.test b/tests/canvas.test index 489ba27..f6a85fb 100644 --- a/tests/canvas.test +++ b/tests/canvas.test @@ -6,7 +6,7 @@ # Copyright (c) 1998-2000 Ajuba Solutions. # All rights reserved. # -# RCS: @(#) $Id: canvas.test,v 1.23 2004/12/07 21:22:19 dgp Exp $ +# RCS: @(#) $Id: canvas.test,v 1.23.4.1 2010/01/19 22:02:43 dkf Exp $ package require tcltest 2.1 eval tcltest::configure $argv @@ -367,6 +367,15 @@ test canvas-10.12 {multple events bound to same tag expr} -setup { .c bind {a && b} {puts Enter} .c bind {a && b} {puts Leave} } -result {} +test canvas-10.13 {more long tag searches; Bug 2931374} -setup { + catch {destroy .c} + canvas .c +} -body { + .c find withtag {(A&&B&&C&&D)&&area&&!text} + # memory errors on failure +} -cleanup { + destroy .c +} -result {} test canvas-11.1 {canvas poly fill check, bug 5783} -setup { destroy .c -- cgit v0.12