Bug in Lyx 1.3.4 ?
Stephan Witt
st.witt at gmx.net
Mon Feb 10 12:00:11 UTC 2020
Am 07.02.2020 um 08:32 schrieb Enrico Forestieri <forenr at lyx.org>:
>
> On Thu, Feb 06, 2020 at 10:36:30PM +0100, Stephan Witt wrote:
>> But some cases I’d like to point out:
>>
>> InsetMathSpace::doDispatch() calls createInsetMath_fromDialogStr()
>> createInsetMath_fromDialogStr calls mathed_parse_cell()
>> mathed_parse_cell() calls Parser() with NULL buffer
>>
>> Similar is the call to createInsetMath_fromDialogStr in
>> InsetMathRef::doDispatch() and InsetMathRef::changeTarget().
>>
>> These look dangerous too, IMO. What do you think?
>> Do you know how to trigger this pieces of code?
>
> It is hard to tell how dangerous they are. As said, in most cases the
> validity of the buffer member is checked before being used. So, having
> a null there is not troublesome for most code paths. However, it can
> bite in certain cases. In the case at hand, the buffer has always been
> null but, not being used in certain code paths, it has never been a
> problem.
I see a problem in Parser::parse1().
(The line numbers are in master as of today b8546139c8)
The code block below line 1983 uses the buffer member.
At line 1986 and 1990 there is a NULL pointer check but at line 2086
the check is missing. This has to be corrected IMO.
BTW, the value assigned to num_tokens in line 2092 is not used
because it’s defined local at line 2055 and used only in else block
at line 2105.
Stephan
More information about the lyx-devel
mailing list