[Verse-dev] R4pre text node buffer creation bug (and fix)
Emil Brink
emil at obsession.se
Fri Sep 17 15:15:21 CEST 2004
Hello.
There seems to be an old bug in the R4pre text node buffer creation
handling.
Line 117 of vs_node_text.c reads
if(buffer_id < node->buffer_count && node->buffer[buffer_id].name[0] != 0)
condider the case where the node is new (it has 16 allocated buffers,
but they all have null names) and a client asks to create a buffer
using the "magic" ID of ~0 (65535). Now, 65535 is not less than 16,
so the entire if() bails ut, the code goes on to access a buffer at
the requested ID, which segfaults pronto on my machine.
I believe the code from r3p2 is more correct, so the line should read:
if(buffer_id >= node->buffer_count || node->buffer[buffer_id].name[0] != 0)
I.e., flip the comparison and the logic test.
Regards,
/Emil
More information about the Verse-dev
mailing list