After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 72509 - Off-by-one in socket code causes segfault
Off-by-one in socket code causes segfault
Status: RESOLVED FIXED
Product: gtk+
Classification: Platform
Component: Widget: Other
1.3.x
Other Linux
: Normal major
: ---
Assigned To: gtk-bugs
gtk-bugs
: 72691 72806 73205 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2002-02-25 12:14 UTC by Thomas Leonard
Modified: 2004-12-22 21:47 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Thomas Leonard 2002-02-25 12:14:43 UTC 
In gtksocket.c:372:

for (i = socket->accel_group->n_accels; i >= 0; i--)
{
  GtkAccelGroupEntry *accel_entry = &socket->accel_group->priv_accels[i];

I get a segfault just after this (socket->accel_group->priv_accels in NULL)
whenever a plug window is destroyed.

Surely, if n_accels is zero (it is in my case) then the loop shouldn't
run at all?

I think 'i = ...->n_accels - 1; i >= 0' would be better...
Comment 1 Anders Carlsson 2002-02-25 12:16:57 UTC 
This has been fixed in CVS:

Sun Feb 24 21:18:20 2002  Owen Taylor  <otaylor@redhat.com>

* gtk/gtksocket.c (gtk_socket_end_embedding): Fix
off-by-one error. (Pointed out by Anders Carlsson)
Comment 2 Gediminas Paulauskas 2002-03-02 22:48:52 UTC 
*** Bug 72691 has been marked as a duplicate of this bug. ***
Comment 3 Gediminas Paulauskas 2002-03-02 22:51:51 UTC 
*** Bug 73205 has been marked as a duplicate of this bug. ***
Comment 4 Chris Chabot 2002-03-02 23:48:16 UTC 
*** Bug 72806 has been marked as a duplicate of this bug. ***