#1610 Hardcrash with StreamComment Ctrl+Shift+Q in certain conditions.

Bug
closed-fixed
Neil Hodgson
scite (54)
5
2014-08-22
2014-06-09
No

Ctrl+Shift+Q will cause an hardcrash in case the caret is at the end of the line or at the last character of the document.

I think the Function StartStreamComment() has the following 2 issues:

  1. When the caret is at the line end and pressing Ctrl+Shift+Q, which results in endword being equal to the total length of linebuf, making this code set end_counter and endword to a much to high value leading to a hardcrash.

    =======================================================================================
    while (linebuf[endword + 1] != '\0' && wordCharacters.contains(linebuf[endword + 1])) {
    end_counter++;
    endword++;
    }
    =======================================================================================
    I have changed the first line to this ito avoid the crash for the moment:
    =======================================================================================
    while (linebuf[endword] != '\0' && linebuf[endword + 1] != '\0' && wordCharacters.contains(linebuf[endword + 1])) {
    =======================================================================================

  2. In case the caret is at the last position of the document, these lines will makes cause a hardcrash as that will set selectionEnd higher that the document length.
    =======================================================================================
    selectionEnd += (end_counter + 1);
    =======================================================================================

If have added these lines after that statement for now to fix this
=======================================================================================
selectionStart -= start_counter;
selectionEnd += (end_counter + 1);
size_t totlength = wEditor.Call(SCI_GETLENGTH);
if (totlength < selectionEnd)
selectionEnd = totlength;
=======================================================================================

Thanks,
Jos

Discussion

  • Neil Hodgson
    Neil Hodgson
    2014-06-10

    I am having difficulty reproducing this. Perhaps you could show an example line that demonstrates the problem. For (1), when the caret is at the line end, endword = current so linebuf[endword + 1] == '\0' and the loop doesn't progress.

     
    • This is the scenario to replicate the error:
      * Create a new file called T.CPP
      * Type the word test and press Ctrl+Shift+Q
      The attached show the debug status of a break on line 2273 of SciTEBase.cpp.
      It shows that the array positions 0-4 are filled with "test\0" but position 5 is tested.

      Does this make it clearer?

      Thanks
      Jos 

       
      Last edit: Jos van der Zande 2014-06-10
      Attachments
      • Neil Hodgson
        Neil Hodgson
        2014-06-10

        OK, I can see that.

        There is already a function for finding the word at the selection, RangeExtendAndGrab which is used far more often, doesn't limit the line size, and should be better tested. Something like
        RangeExtendAndGrab(wEditor, selectionStart, selectionEnd,
        &SciTEBase::islexerwordcharforsel);

         
  • Neil Hodgson
    Neil Hodgson
    2014-06-16

    Committed fix as [c5cd1b]. Has the side effect of commenting word to left/right when invoked with an empty selection.

     

    Related

    Commit: [c5cd1b]

  • Neil Hodgson
    Neil Hodgson
    2014-06-16

    • labels: --> scite
    • status: open --> open-fixed
    • assigned_to: Neil Hodgson
     
  • Neil Hodgson
    Neil Hodgson
    2014-07-04

    • status: open-fixed --> closed-fixed