Bug in Lyx 1.3.4 ?

Enrico Forestieri forenr at lyx.org
Mon Feb 10 21:01:30 UTC 2020


On Mon, Feb 10, 2020 at 01:00:11PM +0100, Stephan Witt wrote:

> Am 07.02.2020 um 08:32 schrieb Enrico Forestieri <forenr at lyx.org>:
> > 
> > On Thu, Feb 06, 2020 at 10:36:30PM +0100, Stephan Witt wrote:
> >> But some cases I’d like to point out:
> >> 
> >> InsetMathSpace::doDispatch() calls createInsetMath_fromDialogStr()
> >> createInsetMath_fromDialogStr calls mathed_parse_cell()
> >> mathed_parse_cell() calls Parser() with NULL buffer
> >> 
> >> Similar is the call to createInsetMath_fromDialogStr in
> >> InsetMathRef::doDispatch() and InsetMathRef::changeTarget().
> >> 
> >> These look dangerous too, IMO. What do you think?
> >> Do you know how to trigger this pieces of code?
> > 
> > It is hard to tell how dangerous they are. As said, in most cases the
> > validity of the buffer member is checked before being used. So, having
> > a null there is not troublesome for most code paths. However, it can
> > bite in certain cases. In the case at hand, the buffer has always been
> > null but, not being used in certain code paths, it has never been a
> > problem.
> 
> I see a problem in Parser::parse1(). 
> (The line numbers are in master as of today b8546139c8)
> 
> The code block below line 1983 uses the buffer member. 
> At line 1986 and 1990 there is a NULL pointer check but at line 2086
> the check is missing. This has to be corrected IMO.

Done at 536d476d.

> BTW, the value assigned to num_tokens in line 2092 is not used
> because it’s defined local at line 2055 and used only in else block
> at line 2105.

Those assignments were added at 1a6c5999 and I agree that they are
superfluous. Removed at 926c846a.

-- 
Enrico


More information about the lyx-devel mailing list