[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XForms] Segfault after fl_finish and fix

From: Jens Thoms Toerring
Subject: Re: [XForms] Segfault after fl_finish and fix
Date: Tue, 4 Oct 2016 09:26:17 +0200
User-agent: Mutt/1.5.21 (2010-09-15)

Hi Steve,

On Mon, Oct 03, 2016 at 09:12:18PM -0400, Steven G. Messervey wrote:
>   From my understanding, if you call fl_finish in a callback, fl_do_forms
> should return.
> Instead, tt segfaults.

I guess it never was intended to be callled from a callback
that returns but only just before exiting the application
(e.g. from an atexit() handler.

Since fl_finish() destroys everything related to XForms
(deleting all objects and forms and freeing memory for
them) calling it from a callback sounds a bit like cut-
ting off the branch you're sitting on since your within
an XForms callback whose proper working depends on
XForms;-) But since you can do it I agree that at least
an attempt should be made to handle that as far as pos-

> Debian Wheezy 64-bit on x86_64.
>   Simple program to demonstrate the issue:
> #include <forms.h>
> void callback(FL_OBJECT *obj, long data) {
>   fl_finish();
> }
> int main(int argc, char **argv) {
>   FL_FORM *form;
>   FL_OBJECT *btn;
>   fl_initialize(&argc, argv, "TEST", 0, 0);
>   form = fl_bgn_form(FL_UP_BOX,320,120);
>   btn = fl_add_button(FL_NORMAL_BUTTON,40,70,80,30,"Click me");
>   fl_set_object_callback(btn,callback,0);
>   fl_end_form();
>   fl_show_form(form, FL_PLACE_MOUSE, FL_TRANSIENT, "FOO");
>   fl_do_forms();
>   return 0;
> }

Indeed, that segfaults.

>   My proposed fix:
> In lib/events.c - fli_object_qread():
> replace all occurrences of fli_context = <some value>; with:
> if (fli_context)
>   fli_context = <some_value>.
> After applying the fix and recompiling, the above program works.

I've got to think about this since it's at a rather low level
point and I don't see all possible consequences at the moment.
We've got to make sure that not e.g. a now free'd object
(but for which there's still a pointer) gets accessed. At a
quick glance we've got to bail out immediately when after a
call of an objects callback it's obvious that fl_finish()
has been invked in there. What that involves is still a bit
unclear to me, though. I guess I will need some time to
consider all the possible consequences.

> I discovered it while making XForms bindings to javascript (Duktape).

Sounds like an interesting project!

                           Best regards, Jens
  \   Jens Thoms Toerring  ________      address@hidden
   \_______________________________      http://toerring.de

reply via email to

[Prev in Thread] Current Thread [Next in Thread]