Bug 12818 fixed: Segfault with invalid property name on figure handle 93/12293/4
Calixte DENIZET [Mon, 19 Aug 2013 10:29:17 +0000 (12:29 +0200)]
Change-Id: I93c3f86b169f624f3fe3e8a3f7c9592ac9c7db29

scilab/CHANGES_5.5.X
scilab/modules/graphics/sci_gateway/c/sci_set.c
scilab/modules/graphics/tests/nonreg_tests/bug_12818.dia.ref [new file with mode: 0644]
scilab/modules/graphics/tests/nonreg_tests/bug_12818.tst [new file with mode: 0644]

index 6ddb59c..0161c49 100644 (file)
@@ -590,6 +590,8 @@ Bug fixes
 
 * Bug #12816 fixed - Numbers pasted in editvar were not parsed according to locale.
 
+* Bug #12818 fixed - Segfault in set function with invalid property values dimension.
+
 * Bug #12823 fixed - In help generation (toolbox) links were not correctly handled.
 
 * Bug #12827 fixed - Cacsd doc: noisgen() improved.
index 477bda2..9f7b23b 100644 (file)
@@ -172,7 +172,11 @@ int sci_set(char *fname, unsigned long fname_len)
                                     strcmp(pstProperty, "text") != 0 && stricmp(pstProperty, "string") != 0 &&
                                     stricmp(pstProperty, "tooltipstring") != 0) /* Added for uicontrols */
                             {
-                                getAllocatedSingleString(pvApiCtx, piAddr3, (char**)&_pvData);
+                                if (getAllocatedSingleString(pvApiCtx, piAddr3, (char**)&_pvData))
+                                {
+                                    Scierror(999, _("%s: Wrong size for input argument #%d: A single string expected.\n"), fname, 3);
+                                    return 1;
+                                }
                                 iRows3 = (int)strlen((char*)_pvData);
                                 iCols3 = 1;
                             }
@@ -302,12 +306,12 @@ int sci_set(char *fname, unsigned long fname_len)
             /* 'figure_style' for compatibility but do nothing */
             /* others values must return a error */
             char *propertiesSupported[NB_PROPERTIES_SUPPORTED] = { "current_entity",
-                    "hdl",
-                    "current_figure",
-                    "current_axes",
-                    "figure_style",
-                    "default_values",
-                    "auto_clear"
+                                                                   "hdl",
+                                                                   "current_figure",
+                                                                   "current_axes",
+                                                                   "figure_style",
+                                                                   "default_values",
+                                                                   "auto_clear"
                                                                  };
 
             int i = 0;
diff --git a/scilab/modules/graphics/tests/nonreg_tests/bug_12818.dia.ref b/scilab/modules/graphics/tests/nonreg_tests/bug_12818.dia.ref
new file mode 100644 (file)
index 0000000..9bcbcb3
--- /dev/null
@@ -0,0 +1,20 @@
+// =============================================================================
+// Scilab ( http://www.scilab.org/ ) - This file is part of Scilab
+// Copyright (C) 2013 - Scilab Enterprises
+//
+//  This file is distributed under the same license as the Scilab package.
+// =============================================================================
+// <-- TEST WITH GRAPHIC -->
+// <-- Non-regression test for bug 12818 -->
+//
+// <-- Bugzilla URL -->
+// http://bugzilla.scilab.org/show_bug.cgi?id=12818
+//
+// <-- Short Description -->
+// Segfault in set function with invalid property values dimension.
+f = gcf();
+err = execstr("f.closerequestfcn = [""resizeMe()"" ""resizeMe()""]", "errcatch");
+assert_checktrue(err <> 0);
+err = execstr("set(f, ""closerequestfcn"", [""resizeMe()"" ""resizeMe()""])", "errcatch");
+assert_checktrue(err <> 0);
+delete(f);
diff --git a/scilab/modules/graphics/tests/nonreg_tests/bug_12818.tst b/scilab/modules/graphics/tests/nonreg_tests/bug_12818.tst
new file mode 100644 (file)
index 0000000..072edd8
--- /dev/null
@@ -0,0 +1,24 @@
+// =============================================================================
+// Scilab ( http://www.scilab.org/ ) - This file is part of Scilab
+// Copyright (C) 2013 - Scilab Enterprises
+//
+//  This file is distributed under the same license as the Scilab package.
+// =============================================================================
+
+// <-- TEST WITH GRAPHIC -->
+
+// <-- Non-regression test for bug 12818 -->
+//
+// <-- Bugzilla URL -->
+// http://bugzilla.scilab.org/show_bug.cgi?id=12818
+//
+// <-- Short Description -->
+// Segfault in set function with invalid property values dimension.
+
+f = gcf();
+err = execstr("f.closerequestfcn = [""resizeMe()"" ""resizeMe()""]", "errcatch");
+assert_checktrue(err <> 0);
+
+err = execstr("set(f, ""closerequestfcn"", [""resizeMe()"" ""resizeMe()""])", "errcatch");
+assert_checktrue(err <> 0);
+delete(f);
\ No newline at end of file