bugBattle for Wesnoth - Bugs: bug #14145, assigning a large std::string to...

 
 
Show feedback again

bug #14145: assigning a large std::string to [scrollable_label]'s contents, leads to segmentation fault

Submitted by:  Iurii Chernyi <crab>
Submitted on:  Mon 17 Aug 2009 07:30:12 PM UTC  
 
Category: BugSeverity: 3 - Normal
Priority: 4Item Group: Graphics
Status: ConfirmedPrivacy: Public
Assigned to: Mark de Wever <mordante>Open/Closed: Open
Release: r37919Operating System: Debian

Add a New Comment (Rich MarkupRich Markup):
   

You are not logged in

Please log in, so followups can be emailed to you.

 

Mon 17 Aug 2009 07:32:54 PM UTC, comment #1:

More info in the irc log of 2009.08.17 starting at 20:42.

Mark de Wever <mordante>
Project MemberIn charge of this item.
Mon 17 Aug 2009 07:30:12 PM UTC, original submission:

Code:

execution_label->set_markup_mode(tcontrol::PANGO_MARKUP);
execution_label->set_label(execution_text.str());

Segfaults if execution_text.str() is big enough.

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb65726d0 (LWP 6789)]
0x085f9356 in draw (this=0x8e16c60, canvas=@0xc7587d8, variables=@0xc7587e0) at src/gui/auxiliary/canvas.cpp:934
934 VALIDATE(static_cast<int>(x) < canvas->w &&
(gdb) bt
#0 0x085f9356 in draw (this=0x8e16c60, canvas=@0xc7587d8, variables=@0xc7587e0) at src/gui/auxiliary/canvas.cpp:934
#1 0x085f8413 in gui2::tcanvas::draw (this=0xc7587c0, force=false) at src/gui/auxiliary/canvas.cpp:1006
#2 0x085f84e3 in gui2::tcanvas::blit (this=0xc7587c0, surf=@0xbffe4288, rect={x = 15, y = 226, w = 922, h = 47759})
at src/gui/auxiliary/canvas.cpp:1014
#3 0x083d941b in gui2::tcontrol::impl_draw_background (this=0xc7586c0, frame_buffer=@0xbffe4288) at src/gui/widgets/control.cpp:308
#4 0x0843427e in gui2::twidget::draw_background (this=0xc75874c, frame_buffer=@0xbffe4288) at src/gui/widgets/widget.cpp:249
#5 0x083e3a86 in gui2::tgrid::impl_draw_children (this=0xc758620, frame_buffer=@0xbffe4288) at src/gui/widgets/grid.cpp:853
#6 0x084341a6 in gui2::twidget::draw_children (this=0xc758668, frame_buffer=@0xbffe4288) at src/gui/widgets/widget.cpp:262
#7 0x0842666e in gui2::tscrollbar_container::impl_draw_children (this=0xc758268, frame_buffer=@0xbffe4288)
at src/gui/widgets/scrollbar_container.cpp:557
#8 0x084341ef in gui2::twidget::draw_children (this=0xc7583b4, frame_buffer=@0xbffe4288) at src/gui/widgets/widget.cpp:264
#9 0x083e3a98 in gui2::tgrid::impl_draw_children (this=0xcb21284, frame_buffer=@0xbffe4288) at src/gui/widgets/grid.cpp:854
#10 0x084341ef in gui2::twidget::draw_children (this=0xcb212cc, frame_buffer=@0xbffe4288) at src/gui/widgets/widget.cpp:264
#11 0x083dca4a in gui2::tcontainer_::impl_draw_children (this=0xcb21200, frame_buffer=@0xbffe4288) at src/gui/widgets/container.cpp:120
#12 0x084341ef in gui2::twidget::draw_children (this=0xcb21654, frame_buffer=@0xbffe4288) at src/gui/widgets/widget.cpp:264
#13 0x08439163 in gui2::twindow::draw (this=0xcb21200) at src/gui/widgets/window.cpp:568
#14 0x083e02db in gui2::tevent_handler::handle_event (this=0xcb2131c, event=@0xc5cb378) at src/gui/widgets/event_handler.cpp:259
#15 0x0880f75b in events::pump () at src/events.cpp:379
#16 0x0843ee89 in gui2::tevent_handler::process_events (this=0xcb2131c) at src/gui/widgets/event_handler.hpp:45
#17 0x0843999d in gui2::twindow::show (this=0xcb21200, restore=true, auto_close_timeout=0) at src/gui/widgets/window.cpp:413
#18 0x083a52ad in gui2::tdialog::show (this=0xbffe4544, video=@0xbffe63fc, auto_close_time=0) at src/gui/dialogs/dialog.cpp:48
#19 0x087446ac in game_logic::formula_debugger::show_gui (this=0xbffe46a0) at src/formula_debugger.cpp:164
#20 0x087447be in game_logic::formula_debugger::check_breakpoints (this=0xbffe46a0) at src/formula_debugger.cpp:146
#21 0x08744cec in game_logic::formula_debugger::evaluate_formula_callback (this=0xbffe46a0, f=@0xbffe476c, variables=@0xbffe4730)
at src/formula_debugger.cpp:220
#22 0x0856cef1 in game_logic::evaluate_formula_callback (fdb=@0xbffe46a0, f=@0xbffe476c, variables=@0xbffe4730)
at src/formula_debugger_fwd.cpp:44
#23 0x0830f8d2 in game_logic::formula::evaluate (this=0xbffe476c, variables=@0xbffe4730, fdb=0xbffe46a0)
at src/gui/auxiliary/../../formula.hpp:48
#24 0x0870abc4 in ai::formula_ai::evaluate (this=0xb4b051c, formula_str=@0xbffe4944) at src/ai/formula/ai.cpp:127
#25 0x086a4f9d in ai::engine_fai::evaluate (this=0xb4b0510, str=@0xbffe4944) at src/ai/composite/engine_fai.cpp:123
#26 0x08697c18 in ai::ai_composite::evaluate (this=0xb4b02a8, str=@0xbffe4944) at src/ai/composite/ai.cpp:85
#27 0x084ca6a6 in ai::manager::evaluate_command (side=1, str=@0xbffe4944) at src/ai/manager.cpp:382
#28 0x085a3980 in events::menu_handler::do_ai_formula (this=0xbffe53a4, str=@0xbffe4944, side_num=1) at src/menu_events.cpp:3121
#29 0x085e5680 in play_controller::enter_textbox (this=0xbffe52b8) at src/play_controller.cpp:768
#30 0x085e5806 in play_controller::process_keydown_event (this=0xbffe52b8, event=@0xbdc6a78) at src/play_controller.cpp:863
#31 0x0855559d in controller_base::handle_event (this=0xbffe52b8, event=@0xbdc6a78) at src/controller_base.cpp:58
#32 0x0880f75b in events::pump () at src/events.cpp:379
#33 0x085552f1 in controller_base::play_slice (this=0xbffe52b8, is_delay_enabled=true) at src/controller_base.cpp:184
#34 0x0824ce34 in playsingle_controller::play_human_turn (this=0xbffe52b8) at src/playsingle_controller.cpp:703
#35 0x0824d25c in playsingle_controller::play_side (this=0xbffe52b8, team_index=1, save=true) at src/playsingle_controller.cpp:604
#36 0x0824dc2b in playsingle_controller::play_turn (this=0xbffe52b8, save=true) at src/playsingle_controller.cpp:561
#37 0x0825179f in playsingle_controller::play_scenario (this=0xbffe52b8, story=@0xbffe5a3c, log=@0xbffe632c, skip_replay=false,
end_level_result=0xbffe5a28) at src/playsingle_controller.cpp:370
#38 0x0823c8cb in playsingle_scenario (game_config=@0xbffe6440, level=0xbffe59a0, disp=@0x8d3b748, state_of_game=@0xbffe649c,
story=@0xbffe5a3c, log=@0xbffe632c, skip_replay=false, end_level=0xbffe5a28) at src/playcampaign.cpp:121
#39 0x08240096 in play_game (disp=@0x8d3b748, gamestate=@0xbffe649c, game_config=@0xbffe6440, log=@0xbffe632c, io_type=IO_NONE,
skip_replay=false) at src/playcampaign.cpp:357
---Type <return> to continue, or q <return> to quit---
#40 0x08068970 in play_test (this=0xbffe63ec) at src/game.cpp:700
#41 0x0806aeee in do_gameloop (argc=7, argv=0xbffe68b4) at src/game.cpp:2024
#42 0x0806baf6 in main (argc=7, argv=0xbffe68b4) at src/game.cpp:2184
(gdb) q

===
Even if there's an inherent limit for the size of text, it would be much better if it truncated the string instead of segfaulting.

Iurii Chernyi <crab>
Project Member

 

(Note: upload size limit is set to 1024 kB, after insertion of the required escape characters.)

Attach File(s):
   
   
Comment:
   

No files currently attached

 

Depends on the following items: None found

Items that depend on this one: None found

 

Carbon-Copy List
  • -unavailable- added by mordante (Posted a comment)
  • -unavailable- added by crab (Submitted the item)
  •  

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.

     

    Please enter the title of George Orwell's famous dystopian book (it's a date):

     

     

    No Changes Have Been Made to This Item
    Show feedback again

    Back to the top


    Powered by Savane 3.1-cleanup