From: Robert Wilhelm (robert.wilhelm@gmx.net)
Date: Fri Sep 05 2003 - 12:28:42 EDT
In 4939 we call UT_UTF8Stringbuf::grow(0) with an still empty
UT_UTF8Stringbuf.
This leads to malloc(0) and than later crash or confusion,
depending what this malloc returns.
diff -u -r1.26 ut_stringbuf.cpp
--- ut_stringbuf.cpp 5 Aug 2003 19:53:03 -0000 1.26
+++ ut_stringbuf.cpp 5 Sep 2003 16:08:26 -0000
@@ -705,6 +705,7 @@
if (m_psz == 0)
{
+ if (length == 0) return true;
m_psz = static_cast<char *>(malloc(length));
if (m_psz == 0) return false;
m_strlen = 0;
Stacktrace:
Program received signal SIGSEGV, Segmentation fault.
UT_UTF8Stringbuf::grow(unsigned) (this=0x88a8290, length=0)
at ut_stringbuf.cpp:713
713 ut_stringbuf.cpp: No such file or directory.
in ut_stringbuf.cpp
#0 UT_UTF8Stringbuf::grow(unsigned) (this=0x88a8290, length=0)
at ut_stringbuf.cpp:713
#1 0x081e37f7 in UT_UTF8Stringbuf::escapeXML() (this=0x88a8290)
at ut_stringbuf.cpp:550
...
This archive was generated by hypermail 2.1.4 : Fri Sep 05 2003 - 12:47:06 EDT