GNOME Bugzilla – Bug 93806
Script-Fu args parsing needs to be made sane
Last modified: 2004-10-24 20:36:33 UTC
type the following into the console: (without line breaks, of course) (let ((foo (array-cons 1))) (gimp-parasite-attach '("bar" 0 foo))) Instant segfault. This is incorrect code, but should just cause an error message, not a segfault. The correct code, (let ((foo (array-cons 1))) (gimp-parasite-attach (list "bar" 0 foo))) works correctly
WinGimp 1.2.4 on Win98: ERROR: unbound variable (errobj array-cons)
oops, (array-cons 1) should be (cons-array 1 'byte)
Changes at the request of Dave Neary on the developer mailing list. I am changing many of the bugzilla reports that have not specified a target milestone to Future milestone. Hope that is acceptable.
This is an easy fix, and crashing on bad arguments is definately ungood. Resetting to 1.3.
So that we avoid people confusing this for a feature request or a blocker bug, I'm setting this to 2.0. Dave.
Nathan, you've said this is an easy fix. Could you outline what you think needs doing? I don't know scheme or script-fu, so I didn't even notice that your script was bad :) Dave.
mmmm, don't have easy access to the code this instance, but the minimum that needs to be done is check for null at the place where it crashes. Of course it would be better to print that you need an array instead of a symbol there.
Definitely not as easy as Nathan outlined. I've attached gdb to Script-Fu but I don't get a useable stack trace so I have no idea where to look for the problem.
2004-01-28 Manish Singh <yosh@gimp.org> * plug-ins/script-fu/siod-wrapper.c (marshall_proc_db_call): validate the types of the individual list members when passing parasites. Fixes #93806.
Well, the original bug is fixed, but while looking at the code, it's pretty clear that there are other places this could happen (though not all would cause a crash). Also, there are places (like the INT16ARRAY bits) which mix sized pointers and longs, which won't result in correct interpretation, but shouldn't cause crashes. Changing description accordingly.
I'm looking at some Script-Fu issues and would like to know what change was made so it can be fixed for the 2.0 GIMP but someone forgot to attach the patch here.
The patch is in 2.0 only. 1.2.x is pretty much unmaintained, and has been for some time.
Bumping a bunch of bugs which won't block the 2.0 release to 2.0.1. Dave.
Is anyone working on this for the 2.0 branch? Otherwise I'd say we bump it to the 2.2 milestone.
Bumping to 2.2. This shouldn't keep anyone from trying to fix it in the 2.0 branch.
We should try to fix anything that could cause a crash in the 2.0 branch as well. Stability is cool.
I have tried this again in both GIMP 2.0.4 and in the latest CVS GIMP. I am unable to duplicate the seg fault originally reported. Instead I get the message: ERROR: Invalid type for argument 1 to gimp_parasite_attach Unless someone else can duplicate the error this bug report should be closed as FIXED.
See comment #10 which claims that there are other places in Script-Fu that need similar fixes.
Yosh, you mentioned more critical places. Are they fixes by my latest array checking changes?
I'd suggest we close this one as FIXED or can anyone clearly point out a particular problem that needs fixing still?
Closing as FIXED. Feel free to reopen or open a new bug report if you can point out a specific problem.