[Debian-med-packaging] Bug#751255: Help needed for wxWidgets 3.0 transition of TreeviewX
Martin Steghöfer
martin at steghoefer.eu
Sun Aug 10 12:06:42 UTC 2014
Hi Andreas!
The problem is that the wxString constructor tries to interpret garbage
from outside the string buffer. The reason for that is the string length
parameter that is explicitly given by the caller "TreeDrawer::DrawText".
It passes wxSTRING_MAXLEN as length, which used to mean: "Take the
complete string". However, the definition of wxSTRING_MAXLEN was removed
from the public API of wxWidgets.
This doesn't show up as compilation error because TreeLib/treedrawer.h
has a fall-back definition, that just defines it as 255 - which for
wxWidgets is just an arbitrary string length without special meaning.
That's why it tried to copy 255 characters (without looking out for the
0 termination), ran out of the string buffer and tried to interpret garbage.
I think someone misinterpreted that parameter for a
"maximum-buffer-length-safety-net" kind of parameter (like in snprintf).
The attached patch should fix it. I removed the dangerous fall-back
definition (that does more harm than good) and replaced the constructor
calls (in which the definition was used) by the appropriate constructor
calls.
Cheers,
Martin
El 07/08/14 a les 16:57, Andreas Tille ha escrit:
> Hi,
>
> one of the few packages in Debian Med which has more than 100 active
> users according to popcon seems to have a serious problem: The
> wxwidgets3.0 transition either injected some bugs or just uncovered
> existing bugs. Since upstream moved away from this program and the
> Debian Med team does not have wx-educated people I wonder whether some
> kind soul could have a look into this problem. I guess the problem
> can be understood when reading the bug report from here:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751255#31
>
> Any help would be really welcome.
>
> Kind regards
>
> Andreas.
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wxstring-maxlen.patch
Type: text/x-diff
Size: 1809 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-med-packaging/attachments/20140810/37554bf5/attachment.patch>
More information about the Debian-med-packaging
mailing list