GNOME Bugzilla – Bug 719896
Uninitialized variable in function 'render_icon_name_pixbuf()'
Last modified: 2013-12-06 17:03:05 UTC
Hi guys, I found an initialization bug in function 'render_icon_name_pixbuf()' (gtkiconfactory.c). For the purpose of simplicity I've only printed the relevant lines. The lines of interest are marked with my comment "// <--- NOTE THIS LINE !!". Notice that if icon_source->direction != GTK_TEXT_DIR_NONE AND IF gtk_icon_theme_choose_icon() returns NULL by the time we get to the 2nd of my indicated lines, 'tmp_pixbuf' will have an uninitialized value. If the value happens to be zero, the function will exit gracefully as intended. But if the value happens to be non-zero, all hell breaks loose!! The solution is simply to initialize 'tmp_pixbuf' to zero at the top of the function. Do I need to submit a patch for this? The fix is so simple that a patch would seem to be overkill but I'll submit one if necessary. John Emmas (Abbreviated) code follows:- static GdkPixbuf * render_icon_name_pixbuf (GtkIconSource *icon_source, GtkStyle *style, GtkTextDirection direction, GtkStateType state, GtkIconSize size, GtkWidget *widget, const char *detail) { GdkPixbuf *pixbuf; GdkPixbuf *tmp_pixbuf; // <--- NOTE THIS LINE !! GdkScreen *screen; GtkIconTheme *icon_theme; gint width, height, pixel_size; GError *error = NULL; // Some stuff to initialize 'screen' icon_theme = gtk_icon_theme_get_for_screen (screen); // Some stuff to initialize 'width' and 'height' pixel_size = MIN (width, height); if (icon_source->direction != GTK_TEXT_DIR_NONE) { const gchar *names[3]; GtkIconInfo *info; // Some stuff to initialize 'names' info = gtk_icon_theme_choose_icon (icon_theme, names, pixel_size, GTK_ICON_LOOKUP_USE_BUILTIN); if (info) { tmp_pixbuf = gtk_icon_info_load_icon (info, &error); gtk_icon_info_free (info); } } else { tmp_pixbuf = gtk_icon_theme_load_icon (icon_theme, icon_source->source.icon_name, pixel_size, 0, &error); } if (!tmp_pixbuf) // <--- NOTE THIS LINE !! { return NULL; } // Some stuff to set up 'pixbuf' from 'tmp_pixbuf' g_object_unref (tmp_pixbuf); return pixbuf; }
The current code already has a fix for this: https://mail.gnome.org/archives/commits-list/2010-September/msg11358.html but the 2.24 branch does not: https://git.gnome.org/browse/gtk+/tree/gtk/gtkiconfactory.c?h=gtk-2-24 That branch isn't maintained, I believe.
Hi Murray, I believed that gtk2 and gtk3 were both being maintained (though mostly gtk3 of course). I also believed that 2.24 was the current branch for gtk2. In fact, the most change in 2.24 is only a fortnight ago. Have I misunderstood something..? John
cherry-picked the fix