GNOME Bugzilla – Bug 47615
With MALLOC_CHECK_=2 on, searching for " " crashes Nautilus
Last modified: 2004-12-22 21:47:04 UTC
To reproduce: (1) In the command line, before running Nautilus, type "export MALLOC_CHECK_=2". This sets up a memory-stressing mechanism that helps find memory trashing code. (2) Type "nautilus" on the command line from the same terminal. (3) Type Control-F to get the Find UI (I had the simple Find preference set; haven't tried with fancy Find) (4) Type " " (four spaces) and hit Return Nautilus crashes at this point. If I don't turn MALLOC_CHECK_=2 on I don't see this crash. But that just means memory is being trashed and not revealing the damage right away. ------- Additional Comments From sullivan@eazel.com 2001-03-09 11:23:35 ---- Moving to 1.0/P6 for Darin since he's at lunch and I'm feeling panicky. ------- Additional Comments From sullivan@eazel.com 2001-03-09 11:29:44 ---- I think the problem is that the code that constructs "fragment" in nautilus_simple_search_criteria_to_search_uri stomps all over memory. fragment is defined at a particular length and then strcat is used to extend it indefinitely -- that's blatantly wrong, unless I'm hopelessly confused. ------- Additional Comments From sullivan@eazel.com 2001-03-09 11:34:27 ---- I am somewhat confused at least. The length is not a fixed length; it is meant to take into account the length of all the pieces. I'll bet there's an error in this measurement though (looking further...) ------- Additional Comments From sullivan@eazel.com 2001-03-09 11:46:55 ---- I found a bug in the text-counting code; testing fix now. ------- Additional Comments From sullivan@eazel.com 2001-03-09 11:52:18 ---- Fix works, writing patch. ------- Additional Comments From sullivan@eazel.com 2001-03-09 11:53:15 ---- *** Bug 47618 has been marked as a duplicate of this bug. *** ------- Additional Comments From sullivan@eazel.com 2001-03-09 11:55:26 ---- Created an attachment (id=1382) Simple fix ------- Additional Comments From sullivan@eazel.com 2001-03-09 11:57:22 ---- The fix is to change the measuring code to exactly match the code that appends to the string. The measuring code was previously using " contains & " as shorthand for the " contains " and " & " that the appending code was using. But " contains " and " & " have a total of one more space than " contains & ". ------- Additional Comments From rebecka@eazel.com 2001-03-09 12:07:45 ---- The patch looks fine to me. I also implemented the change myself and checked that it worked by doing searches for "nautilus" (returned > 4000 results, all on my list appeared to contain the word nautilus) and by doing a search for "nautilus adapter" and seeing it return many nautilus-adapter files. I wanted to test this by comparing the number of results returned with the number returned using the search by file name and properties bar, but I could not use this measurement because of bug 42512 ------- Additional Comments From darin@bentspoon.com 2001-03-09 13:51:41 ---- The patch looks perfect, too. You can consider it reviewed by both me and Rebecka for check-in. It also seems like a must-have for 1.0. ------- Additional Comments From don@eazel.com 2001-03-09 14:19:21 ---- Approved for 1.0. ------- Additional Comments From sullivan@eazel.com 2001-03-09 14:29:45 ---- Checked in on branch and HEAD. ------- Bug moved to this database by unknown@bugzilla.gnome.org 2001-09-09 21:13 -------