Mercurial > pidgin.yaz
view libpurple/circbuffer.c @ 29228:ee1ed5d16235
Save the event source ID for search_find_cb so that it's removed when the
log dialog is closed. This fixes a double free which might be caused by
having a large logset (and maybe pressing Close multiple times).
It looks something like this, with a few variations:
== Invalid read of size 8
== at 0x483001: search_find_cb (gtklog.c:425)
== by 0xBB91E50: g_main_context_dispatch (gmain.c:1824)
== by 0xBB953E7: g_main_context_iterate (gmain.c:2455)
== by 0xBB958BC: g_main_loop_run (gmain.c:2663)
== by 0x63AF606: gtk_main (gtkmain.c:1205)
== by 0x485ADF: main (gtkmain.c:978)
== Address 0x1b469860 is 56 bytes inside a block of size 72 free'd
== at 0x4C239EF: free (vg_replace_malloc.c:323)
== by 0x483A6C: destroy_cb (gtklog.c:223)
== by 0xAB9B12C: g_closure_invoke (gclosure.c:767)
== by 0xABB02B1: signal_emit_unlocked_R (gsignal.c:3247)
== by 0xABB1806: g_signal_emit_valist (gsignal.c:2980)
== by 0xABB1CD2: g_signal_emit (gsignal.c:3037)
== by 0xAB9B12C: g_closure_invoke (gclosure.c:767)
== by 0xABB02B1: signal_emit_unlocked_R (gsignal.c:3247)
== by 0xABB1806: g_signal_emit_valist (gsignal.c:2980)
== by 0xABB1CD2: g_signal_emit (gsignal.c:3037)
== by 0x630ECB4: gtk_real_button_released (gtkbutton.c:1707)
== by 0xAB9B12C: g_closure_invoke (gclosure.c:767)
==
Fixes #11071.
author | Elliott Sales de Andrade <qulogic@pidgin.im> |
---|---|
date | Tue, 05 Jan 2010 06:43:18 +0000 |
parents | 01f1929d0936 |
children |
line wrap: on
line source
/* * @file circbuffer.h Buffer Utility Functions * @ingroup core */ /* Purple is the legal property of its developers, whose names are too numerous * to list here. Please refer to the COPYRIGHT file distributed with this * source distribution. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */ #include "internal.h" #include "circbuffer.h" #define DEFAULT_BUF_SIZE 256 PurpleCircBuffer * purple_circ_buffer_new(gsize growsize) { PurpleCircBuffer *buf = g_new0(PurpleCircBuffer, 1); buf->growsize = growsize ? growsize : DEFAULT_BUF_SIZE; return buf; } void purple_circ_buffer_destroy(PurpleCircBuffer *buf) { g_return_if_fail(buf != NULL); g_free(buf->buffer); g_free(buf); } static void grow_circ_buffer(PurpleCircBuffer *buf, gsize len) { int in_offset = 0, out_offset = 0; int start_buflen; g_return_if_fail(buf != NULL); start_buflen = buf->buflen; while ((buf->buflen - buf->bufused) < len) buf->buflen += buf->growsize; if (buf->inptr != NULL) { in_offset = buf->inptr - buf->buffer; out_offset = buf->outptr - buf->buffer; } buf->buffer = g_realloc(buf->buffer, buf->buflen); /* adjust the fill and remove pointer locations */ if (buf->inptr == NULL) { buf->inptr = buf->outptr = buf->buffer; } else { buf->inptr = buf->buffer + in_offset; buf->outptr = buf->buffer + out_offset; } /* If the fill pointer is wrapped to before the remove * pointer, we need to shift the data */ if (in_offset < out_offset || (in_offset == out_offset && buf->bufused > 0)) { int shift_n = MIN(buf->buflen - start_buflen, in_offset); memcpy(buf->buffer + start_buflen, buf->buffer, shift_n); /* If we couldn't fit the wrapped read buffer * at the end */ if (shift_n < in_offset) { memmove(buf->buffer, buf->buffer + shift_n, in_offset - shift_n); buf->inptr = buf->buffer + (in_offset - shift_n); } else { buf->inptr = buf->buffer + start_buflen + in_offset; } } } void purple_circ_buffer_append(PurpleCircBuffer *buf, gconstpointer src, gsize len) { int len_stored; g_return_if_fail(buf != NULL); /* Grow the buffer, if necessary */ if ((buf->buflen - buf->bufused) < len) grow_circ_buffer(buf, len); /* If there is not enough room to copy all of src before hitting * the end of the buffer then we will need to do two copies. * One copy from inptr to the end of the buffer, and the * second copy from the start of the buffer to the end of src. */ if (buf->inptr >= buf->outptr) len_stored = MIN(len, buf->buflen - (buf->inptr - buf->buffer)); else len_stored = len; if (len_stored > 0) memcpy(buf->inptr, src, len_stored); if (len_stored < len) { memcpy(buf->buffer, (char*)src + len_stored, len - len_stored); buf->inptr = buf->buffer + (len - len_stored); } else { buf->inptr += len_stored; } buf->bufused += len; } gsize purple_circ_buffer_get_max_read(const PurpleCircBuffer *buf) { gsize max_read; g_return_val_if_fail(buf != NULL, 0); if (buf->bufused == 0) max_read = 0; else if ((buf->outptr - buf->inptr) >= 0) max_read = buf->buflen - (buf->outptr - buf->buffer); else max_read = buf->inptr - buf->outptr; return max_read; } gboolean purple_circ_buffer_mark_read(PurpleCircBuffer *buf, gsize len) { g_return_val_if_fail(buf != NULL, FALSE); g_return_val_if_fail(purple_circ_buffer_get_max_read(buf) >= len, FALSE); buf->outptr += len; buf->bufused -= len; /* wrap to the start if we're at the end */ if ((buf->outptr - buf->buffer) == buf->buflen) buf->outptr = buf->buffer; return TRUE; }