lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

LYNX-DEV Bad bug in Lynx 2.6

From: Alan Rooks
Subject: LYNX-DEV Bad bug in Lynx 2.6
Date: 2 Nov 1996 19:03:19 U 
About a week ago I asked for help because I'd compiled Lynx on my IRIX 5.3 box
and it was locking up.  I've since discovered the problem, and it's a pretty
bad one... I'm surprised others haven't found it.

The problem was that the display_lines variable was being stomped on by
something.  Turned out it was code in GridText.c that was initializing an
array of length MAX_LINE+1, but the code thought the array had length
LINESIZE.  Since MAX_LINE is 1024 and LINESIZE is 4096, all hell broke loose. 
Here's the context diff:

*** GridText.c  Tue Oct 22 23:51:38 1996
--- GridText.c.new      Sat Nov  2 18:35:12 1996
***************
*** 283,294 ****
       */ 
      if (underscore_string[0] != '.') { /* Make a line */
          char *p;
!         for (p=underscore_string; p<underscore_string+(MAX_LINE-1); p++)
              *p = '.';           /* Used for printfs later */
!         underscore_string[(MAX_LINE-1)] = '\0';
!         for (p=star_string; p<star_string+(LINESIZE-1); p++)
              *p = '_';           /* Used for printfs later */
!         star_string[(LINESIZE-1)] = '\0';
      }
  
      underline_on = FALSE; /* reset */
--- 283,294 ----
       */ 
      if (underscore_string[0] != '.') { /* Make a line */
          char *p;
!         for (p=underscore_string; p<underscore_string+MAX_LINE; p++)
              *p = '.';           /* Used for printfs later */
!         underscore_string[MAX_LINE] = '\0';
!         for (p=star_string; p<star_string+MAX_LINE; p++)
              *p = '_';           /* Used for printfs later */
!         star_string[MAX_LINE] = '\0';
      }
  
      underline_on = FALSE; /* reset */

Note that I've changed the code to initialize MAX_LINE bytes with the
appropriate character and then NUL-terminate, since the buffers are allocated
MAX_LINE+1 bytes.  I'm assuming that this was what was intended when the
arrays were declared with size MAX_LINE+1.

Is there a reason why this isn't done with memset()?  And while I'm at it, is
there a reason that underscore_string is filled with dots (instead of
underscores) and star_string is filled with underscores (instead of stars)?

Alan Rooks
address@hidden


;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]