[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kwrite-devel
Subject:    Protect against negative size
From:       Vladimir Prus <ghost () cs ! msu ! su>
Date:       2007-12-09 15:24:41
Message-ID: 200712091824.43888.ghost () cs ! msu ! su
[Download RAW message or body]

Hello!

While working on KDevelop4, using Oxygen style, I've run
into a situation where KateViewInternal::doUpdateView is
called while height() returns -4. Since height() is used
in various math in that function, this leads to overflow,
and Kate starts to allocate huge vectors, and eventually
crashes.

The problem seems to be that:

   - KDevelop4, for a short moment, sets height 0 for
   the KateView object.
   - KateView, sometimes, add a padding of 4. This code
   in particularly suspect:

   if (style()->styleHint(QStyle::SH_ScrollView_FrameOnlyAroundContents)) {
      QHBoxLayout *extrahbox = new QHBoxLayout ();
      QFrame * frame = new QFrame(this);

Now, I don't know what's right solution for this problem.
On KDevelop side, I'm gonna make sure KateView is never 0 in height.
However, I'd like propose the following patch that merely adds
assert -- so that next time somebody runs into this problem, the
crash is more obvious.

OK to commit?

- Volodya

   

["assert_height.diff" (text/x-diff)]

Index: kateviewinternal.cpp
===================================================================
--- kateviewinternal.cpp	(revision 746370)
+++ kateviewinternal.cpp	(working copy)
@@ -551,6 +551,15 @@
   if (width() != cache()->viewWidth())
     cache()->setViewWidth(width());
 
+  /* It was observed that height() could be negative here --
+     when the main Kate view has 0 as size (during creation),
+     and there frame arount KateViewInternal.  In which
+     case, the division below will overflow, and we'll
+     go on allocating huge chunks of data later.
+     
+     The solution for now is "don't create kate view with
+     zero height".  */
+  Q_ASSERT(height() >= 0);     
   int newSize = (height() / renderer()->fontHeight()) + 1;
   cache()->updateViewCache(startPos(), newSize, viewLinesScrolled);
 


_______________________________________________
KWrite-Devel mailing list
KWrite-Devel@kde.org
https://mail.kde.org/mailman/listinfo/kwrite-devel


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic