From 027efdef074cb8c116b5f9c888ad445ea692f654 Mon Sep 17 00:00:00 2001 From: dkf Date: Tue, 19 Jan 2010 22:10:03 +0000 Subject: [Bug 2931374]: Stop overflow of working buffer during construction of long tag expressions. --- ChangeLog | 13 +++++++++---- generic/tkCanvas.c | 8 ++++++-- tests/canvas.test | 11 ++++++++++- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index c075fcb..3e0d879 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2010-01-19 Donal K. Fellows + + * generic/tkCanvas.c (TagSearchScanExpr): [Bug 2931374]: Stop overflow + of working buffer during construction of long tag expressions. + 2010-01-19 Pat Thoyts * library/bgerror.tcl: [TIP 359]: Extended Window Manager Hints @@ -13,7 +18,7 @@ 2010-01-18 Jan Nijtmans - * generic/tkCanvArc.c fix more gcc warnings: missing initializer + * generic/tkCanvArc.c Fix more gcc warnings: missing initializer * generic/tkCanvBmap.c * generic/tkCanvImg.c * generic/tkCanvLine.c @@ -41,8 +46,8 @@ * generic/tkTextTag.c * generic/tkTextWind.c * generic/tkTrig.c - * generic/tkCanvas.c Apply patch [#2932808 ]: Canvas items - not updating on widget state change + * generic/tkCanvas.c: [Patch 2932808]: Canvas items not updating + on widget state change. 2010-01-13 Jan Nijtmans @@ -102,7 +107,7 @@ 2010-01-08 Pat Thoyts - * doc/photo.n: [Bug 2927569] Multiple edits have peverted the + * doc/photo.n: [Bug 2927569]: Multiple edits have peverted the original meaning of the phrase 'image file data' to reference a filename option that does not exist. diff --git a/generic/tkCanvas.c b/generic/tkCanvas.c index b489eb4..ade1374 100644 --- a/generic/tkCanvas.c +++ b/generic/tkCanvas.c @@ -12,7 +12,7 @@ * See the file "license.terms" for information on usage and redistribution of * this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tkCanvas.c,v 1.63 2010/01/18 20:43:38 nijtmans Exp $ + * RCS: @(#) $Id: tkCanvas.c,v 1.64 2010/01/19 22:10:03 dkf Exp $ */ /* #define USE_OLD_TAG_SEARCH 1 */ @@ -3561,7 +3561,11 @@ TagSearchScanExpr( while (searchPtr->stringIndex < searchPtr->stringLength) { c = searchPtr->string[searchPtr->stringIndex++]; - if (expr->allocated == expr->index) { + /* + * Need two slots free at this point, not one. [Bug 2931374] + */ + + if (expr->index >= expr->allocated-1) { expr->allocated += 15; if (expr->uids) { expr->uids = (Tk_Uid *) ckrealloc((char *) expr->uids, diff --git a/tests/canvas.test b/tests/canvas.test index 13108fb..065de67 100644 --- a/tests/canvas.test +++ b/tests/canvas.test @@ -7,7 +7,7 @@ # Copyright (c) 2008 Donal K. Fellows # All rights reserved. # -# RCS: @(#) $Id: canvas.test,v 1.29 2009/01/13 01:46:06 patthoyts Exp $ +# RCS: @(#) $Id: canvas.test,v 1.30 2010/01/19 22:10:03 dkf Exp $ package require tcltest 2.1 eval tcltest::configure $argv @@ -488,6 +488,15 @@ test canvas-10.12 {multple events bound to same tag expr} -setup { .c bind {a && b} {puts Enter} .c bind {a && b} {puts Leave} } -result {} +test canvas-10.13 {more long tag searches; Bug 2931374} -setup { + catch {destroy .c} + canvas .c +} -body { + .c find withtag {(A&&B&&C&&D)&&area&&!text} + # memory errors on failure +} -cleanup { + destroy .c +} -result {} test canvas-11.1 {canvas poly fill check, bug 5783} -setup { destroy .c -- cgit v0.12