Bug 22543 - application crash when calling XtVaCreateManagedWidget
Summary: application crash when calling XtVaCreateManagedWidget
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Lib/Xt (show other bugs)
Version: 7.4 (2008.09)
Hardware: All Linux (All)
: medium normal
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-06-29 14:54 UTC by Rich Coe
Modified: 2011-10-07 17:16 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:

Attachments
Resources.c patch (1006 bytes, patch)
2009-06-29 14:54 UTC, Rich Coe 		no flags Details | Splinter Review
View All

Description Rich Coe 2009-06-29 14:54:44 UTC 
Created attachment 27239 [details] [review]
Resources.c patch

Application crashes when calling XtVaCreateManagedWidget
if specified resources are not found:

#0  0xf7b5382e in ?? () from /usr/lib/libXt.so.6
#1  0xf7b54876 in _XtGetResources () from /usr/lib/libXt.so.6
#2  0xf7b3c429 in ?? () from /usr/lib/libXt.so.6
#3  0xf7b3ce65 in _XtCreateWidget () from /usr/lib/libXt.so.6
#4  0xf7b6e376 in ?? () from /usr/lib/libXt.so.6
#5  0xf7b6e48d in XtVaCreateManagedWidget () from /usr/lib/libXt.so.6

Calling code:
myform = XtVaCreateManagedWidget( "myform",
	    xmFormWidgetClass,
	    wParent,
	    XmNwidth, 259,
	    XmNheight, 648,
	    XmNresizePolicy, XmRESIZE_NONE,
	    XmNunitType, XmPIXELS,
	    XmNautoUnmanage, FALSE,
	    XmNnoResize, TRUE,
	    XmNdialogTitle, "My Desktop Manager",
	    XmNbackground, myColorBg,
	    XmNforeground, myColorFg,
	    XmNhighlightColor, scanHighlightColor,
	    NULL );

Crash occurs in GetResources() because the code is attempting to 
adjust elements in the input/output array 'typed_args' while still 
referring to the original offsets with the marker arrays 'typed' and 'found'.

The patch corrects the error by not 'compressing the list' array 'typed_args'
until all the args have been processed.
Comment 1 Jeremy Huddleston Sequoia 2011-10-07 17:16:43 UTC 
commit 9e898aa4fd964e888044e2fa2d64089505331f62
Author: Jeremy Huddleston <jeremyhu@apple.com>
Date:   Fri Oct 7 17:01:34 2011 -0700

    Don't pop elements from our array while we're itterating through it.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=22543
    
    Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.