Opened 9 months ago

Closed 9 months ago

#15616 closed defect (fixed)

wxCharBuffer crashes if memory allocation fails

Reported by: ZaneUJi Owned by:
Priority: normal Milestone:
Component: base Version: 3.0.0-rc1
Keywords: Cc:
Blocked By: Blocking:
Patch: no

Description

When using wxCharBuffer to allocate a large amount of memory, the program may crash.

Attachments (1)

stctest.diff download (591 bytes) - added by ZaneUJi 9 months ago.
Test case

Download all attachments as: .zip

Change History (5)

Changed 9 months ago by ZaneUJi

Test case

comment:1 Changed 9 months ago by vadz

  • Resolution set to invalid
  • Status changed from new to closed

You need to check for the pointer returned by data() not being NULL.

comment:2 Changed 9 months ago by ZaneUJi

I would if I could. The crash is caused by ctor of wxCharBuffer. It means that the program crashed before wxCharBuffer is constructed.

Program received signal SIGSEGV, Segmentation fault.
0x008b6966 in wxCharTypeBuffer<char>::wxCharTypeBuffer (this=0x22fc2c,
    len=2147483648) at ./../../include/wx/buffer.h:273
273             this->m_data->Get()[len] = (CharType)0;
(gdb) bt
#0  0x008b6966 in wxCharTypeBuffer<char>::wxCharTypeBuffer (this=0x22fc2c,
    len=2147483648) at ./../../include/wx/buffer.h:273
#1  0x008967e1 in wxCharBuffer::wxCharBuffer (this=0x22fc2c, len=2147483648)
    at ./../../include/wx/buffer.h:359
#2  0x00401d23 in AppFrame::AppFrame (this=0x4b52ea8, title=...)
    at stctest.cpp:305
#3  0x00401836 in App::OnInit (this=0x4b46d98) at stctest.cpp:223
#4  0x008b6052 in wxAppConsoleBase::CallOnInit (this=0x4b46d98)
    at ./../../include/wx/app.h:93
#5  0x00686ed2 in wxEntryReal (argc=@0xa7ba3c: 1, argv=0x4b46cc0)
    at ../../src/common/init.cpp:479
#6  0x0065d3d8 in wxEntry (argc=@0xa7ba3c: 1, argv=0x4b46cc0)
    at ../../src/msw/main.cpp:197
#7  0x004cb9d3 in wxEntry (hInstance=0x400000, nCmdShow=10)
    at ../../src/msw/main.cpp:415
#8  0x004015a7 in WinMain@16 (hInstance=0x400000, hPrevInstance=0x0,
    nCmdShow=10) at stctest.cpp:193
#9  0x00954b7d in main ()
(gdb)

comment:3 Changed 9 months ago by vadz

  • Resolution invalid deleted
  • Status changed from closed to reopened
  • Summary changed from wxCharBuffer crashes to wxCharBuffer crashes if memory allocation fails

Ah, thanks for the extra information, I didn't realize it crashed here. This should indeed be fixed.

comment:4 Changed 9 months ago by VZ

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [75092]) Fix crash in wxCharBuffer if memory allocation fails.

Handle memory allocation failure gracefully in wxCharTypeBuffer ctor.

Closes #15616.

Note: See TracTickets for help on using tickets.