#88 Crash on open dialog

v0.9.17
closed
Interface (41)
9
2012-10-03
2007-09-03
Tomasz Gloc
No

Select Open, click on empty area on a dialog (next to exist image). Tux will close immediately.

Discussion

  • Logged In: YES
    user_id=132410
    Originator: NO

    I'm not seeing this in what's in CVS (what will become Tux Paint 0.9.18). Note, however, that the Open dialog has been changed. It no longer shows Starter images. Any chance you can test the CVS version to see if the issue still occurs for you? Thanks

     
  • Tomasz Gloc
    Tomasz Gloc
    2007-09-04

    Logged In: YES
    user_id=1441535
    Originator: YES

    I tested version from cvs. Bug still on.
    After choose non-exist image, select Open at bottom. Then tux will crash. Sometimes need try do several times.

    Reason:
    src/tuxpaint.c:
    13548 / Figure out filename: /
    13549
    13550 snprintf(fname, sizeof(fname), "%s/%s%s",
    13551 dirname[d_places[which]], d_names[which], d_exts[which]);
    13552
    13553 img = myIMG_Load(fname);

    'which' have values 0-15 (depend on selected box) but it does not check if this image exists. d_places have size equal count of files in directory. So 'which' can be larger then size of s_places and d_places[which] make overflow. Program crash at line 13550/13551.
    d_places (d_names and d_exts) is length 'num_files_in_dir'. But (check which < num_files_in_dir) does not help. d_places is not clean after malloc. d_places[i] is only set for valid images, not for thumbnails, so it have some trash in line 13551. This make overflow with dirname[d_places[which]].

    I hope you can understand me and will fix this bug.

     
  • Logged In: YES
    user_id=132410
    Originator: NO

    Ah, thanks so much - I understand the bug now, and thanks for looking into the code! I'll fix this ASAP, and it will be in 0.9.18.

     
  • Logged In: YES
    user_id=132410
    Originator: NO

    Fixed in CVS and fix will be in 0.9.18. Thanks!
    (Note: Erase button had the same bug, and was fixed by the same correction.)