From kwrite-devel  Sun Dec 09 15:24:41 2007
From: Vladimir Prus <ghost () cs ! msu ! su>
Date: Sun, 09 Dec 2007 15:24:41 +0000
To: kwrite-devel
Subject: Protect against negative size
Message-Id: <200712091824.43888.ghost () cs ! msu ! su>
X-MARC-Message: https://marc.info/?l=kwrite-devel&m=119721420603507
MIME-Version: 1
Content-Type: multipart/mixed; boundary="--Boundary-00=_7iAXH+WHNkkk38Y"

--Boundary-00=_7iAXH+WHNkkk38Y
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


Hello!

While working on KDevelop4, using Oxygen style, I've run
into a situation where KateViewInternal::doUpdateView is
called while height() returns -4. Since height() is used
in various math in that function, this leads to overflow,
and Kate starts to allocate huge vectors, and eventually
crashes.

The problem seems to be that:

   - KDevelop4, for a short moment, sets height 0 for
   the KateView object.
   - KateView, sometimes, add a padding of 4. This code
   in particularly suspect:

   if (style()->styleHint(QStyle::SH_ScrollView_FrameOnlyAroundContents)) {
      QHBoxLayout *extrahbox = new QHBoxLayout ();
      QFrame * frame = new QFrame(this);

Now, I don't know what's right solution for this problem.
On KDevelop side, I'm gonna make sure KateView is never 0 in height.
However, I'd like propose the following patch that merely adds
assert -- so that next time somebody runs into this problem, the
crash is more obvious.

OK to commit?

- Volodya

   

--Boundary-00=_7iAXH+WHNkkk38Y
Content-Type: text/x-diff;
  charset="us-ascii";
  name="assert_height.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="assert_height.diff"

Index: kateviewinternal.cpp
===================================================================
--- kateviewinternal.cpp	(revision 746370)
+++ kateviewinternal.cpp	(working copy)
@@ -551,6 +551,15 @@
   if (width() != cache()->viewWidth())
     cache()->setViewWidth(width());
 
+  /* It was observed that height() could be negative here --
+     when the main Kate view has 0 as size (during creation),
+     and there frame arount KateViewInternal.  In which
+     case, the division below will overflow, and we'll
+     go on allocating huge chunks of data later.
+     
+     The solution for now is "don't create kate view with
+     zero height".  */
+  Q_ASSERT(height() >= 0);     
   int newSize = (height() / renderer()->fontHeight()) + 1;
   cache()->updateViewCache(startPos(), newSize, viewLinesScrolled);
 

--Boundary-00=_7iAXH+WHNkkk38Y
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
KWrite-Devel mailing list
KWrite-Devel@kde.org
https://mail.kde.org/mailman/listinfo/kwrite-devel

--Boundary-00=_7iAXH+WHNkkk38Y--