After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 160865 - segfault in line wrapping code of UML class drawing
segfault in line wrapping code of UML class drawing
Status: RESOLVED FIXED
Product: dia
Classification: Other
Component: objects
0.94
Other Linux
: Urgent critical
: 0.95
Assigned To: Dia maintainers
Dia maintainers
: 161184 300358 308737 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2004-12-09 14:41 UTC by Gabor Simon
Modified: 2005-06-26 09:04 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Patch for buffer overflow in line wrapping code of UML classes (880 bytes, patch)
2004-12-09 14:48 UTC, Gabor Simon 		none Details | Review
Patch for buffer overflow in line wrapping code of UML classes (880 bytes, patch)
2004-12-09 14:50 UTC, Gabor Simon 		none Details | Review
Patch for eliminating the second occurence of this bug (1.18 KB, patch)
2005-04-13 12:09 UTC, Gabor Simon 		none Details | Review
Patch for the 2nd occurence of the bug (works) (1.76 KB, patch)
2005-04-14 08:59 UTC, Gabor Simon 		committed Details | Review

Description Gabor Simon 2004-12-09 14:41:35 UTC 
Create a class, enter a method with such a large argument list that
won't fit in a single line. Let the last argument be longer than the wrap length.
When dia tries to draw it, a segfault happens.
Comment 1 Gabor Simon 2004-12-09 14:48:51 UTC 
Created attachment 34660 [details] [review]
Patch for buffer overflow in line wrapping code of UML classes

The temporary buffer for partial lines was too small, it didn't contain space
for leading indentation.
Comment 2 Gabor Simon 2004-12-09 14:50:41 UTC 
Created attachment 34661 [details] [review]
Patch for buffer overflow in line wrapping code of UML classes

Partial line buffer didn't contain space for leading indentation.
Comment 3 Hans Breuer 2004-12-10 23:42:41 UTC 
Thanks, applied.

2004-12-11  Hans Breuer  <hans@breuer.org>

	* objects/UML/class.c : line wrapping code buffer
	overrun fixed by Gabor Simon, bug #160865
Comment 4 Hans Breuer 2004-12-15 22:25:50 UTC 
*** Bug 161184 has been marked as a duplicate of this bug. ***
Comment 5 Lars Clausen 2005-04-12 20:49:09 UTC 
There's one more instance, in line 516.  Gabor, ou probably understand the code
better than I, after fixing the first one.  Please let me know if you don't
intend to fix it.
Comment 6 Lars Clausen 2005-04-12 20:50:26 UTC 
*** Bug 300358 has been marked as a duplicate of this bug. ***
Comment 7 Gabor Simon 2005-04-13 12:09:19 UTC 
Created attachment 45211 [details] [review]
Patch for eliminating the second occurence of this bug
Comment 8 Gabor Simon 2005-04-13 12:11:10 UTC 
Lars, I made a quick fix, but I can't test it (don't know how to activate the
affected code), so if you can reproduce the error, check it again, please. Thanks.
Comment 9 Lars Clausen 2005-04-13 13:22:26 UTC 
Bug 300358 has diagrams that trigger the bug.
Comment 10 Gabor Simon 2005-04-14 08:59:32 UTC 
Created attachment 45242 [details] [review]
Patch for the 2nd occurence of the bug (works)
Comment 11 Gabor Simon 2005-04-14 09:04:34 UTC 
I tried those diagrams, and they proved that my prev patch (id=45211) is
worthless. However, I've sent another one (45242), which seems to cure the
problem, now those diagrams can be edited without crashing.
(Btw, I ran dia using valgrind, and it caught a lot of off-by-N bugs at various
other places, too. Perhaps it's also worth a try when investigating other bugs.)
Comment 12 Lars Clausen 2005-04-15 06:18:09 UTC 
Setting PATCH keyword again.
Comment 13 Hans Breuer 2005-04-23 14:17:04 UTC 
Thanks, applied.

2005-04-23  Hans Breuer  <hans@breuer.org>

	* objects/UML/class.c : fix another crash with the line 
	wrapping code (Gabor Simon, bug #160865)
Comment 14 Hans Breuer 2005-06-26 09:04:09 UTC 
*** Bug 308737 has been marked as a duplicate of this bug. ***