Here is what valgrind have spit http://pastebin.com/qscKUNt8
How to reproduce:
1. build
2. cd src && ./update
3. cd devel && export LD_LIBRARY_PATH=`pwd`
4. valgrind ./codeblocks -p debug
5. open codeblocks-unix.cbp
I'm not too familiar with the wxString's implementation, but the function mentioned in the reports is full of constructs that look suspicious.
Examples:
while (*ptr <= ParserConsts::space_chr)
++ptr;
...
while (*(ptr+1) == ParserConsts::ptr_chr)
{
baseArgs << *ptr; // append one more '*' to baseArgs
ptr++; // next char
}
...
// skip white spaces and increase pointer
while ( *ptr != ParserConsts::null
&& *(ptr+1) == ParserConsts::space_chr )
{
++ptr; // next char
}
I'm not familiar with this code, so it will be good if someone could look this up.
Ok, besides the potential issue about wxString in 2.9.x+, I found that the issue reported is definitely related to an unsafe pointer access.
Look at the code snippet:
bool ParserThread::GetBaseArgs(const wxString& args, wxString& baseArgs)
{
const wxChar* ptr = args; // pointer to current char in args string
wxString word; // compiled word of last arg
bool skip = false; // skip the next char (do not add to stripped args)
bool sym = false; // current char symbol
bool one = true; // only one argument
TRACE(_T("GetBaseArgs() : args='%s'."), args.wx_str());
baseArgs.Alloc(args.Len() + 1);
// Verify ptr is valid (still within the range of the string)
while (*ptr != ParserConsts::null)
{
switch (*ptr)
{
case ParserConsts::eol_chr:
while (*ptr <= ParserConsts::space_chr) // this the the line parserthread.cpp:2859 reported by valgrind
++ptr;
break;
case ParserConsts::space_chr:
...
You see, when we meet an "eol_chr", we are going to run a loop:
while (*ptr <= ParserConsts::space_chr) // this the the line parserthread.cpp:2859 reported by valgrind
++ptr;
You see, we don't check whether we have meet a "ParserConsts::null" in the loop, so I think the simple fix is adding this check. Any ideas?
src/plugins/codecompletion/parser/parserthread.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/plugins/codecompletion/parser/parserthread.cpp b/src/plugins/codecompletion/parser/parserthread.cpp
index b614aca..221b548 100644
--- a/src/plugins/codecompletion/parser/parserthread.cpp
+++ b/src/plugins/codecompletion/parser/parserthread.cpp
@@ -2856,7 +2856,7 @@ bool ParserThread::GetBaseArgs(const wxString& args, wxString& baseArgs)
switch (*ptr)
{
case ParserConsts::eol_chr:
- while (*ptr <= ParserConsts::space_chr)
+ while (*ptr != ParserConsts::null && *ptr <= ParserConsts::space_chr)
++ptr;
break;
case ParserConsts::space_chr:
@@ -2876,7 +2876,7 @@ bool ParserThread::GetBaseArgs(const wxString& args, wxString& baseArgs)
case ParserConsts::ptr_chr: // handle pointer args
// handle multiple pointer like in: main (int argc, void** argv)
// or ((int *, char ***))
- while (*(ptr+1) == ParserConsts::ptr_chr)
+ while (*(ptr+1) != ParserConsts::null && *(ptr+1) == ParserConsts::ptr_chr)
{
baseArgs << *ptr; // append one more '*' to baseArgs
ptr++; // next char
Does the patch above fix the issue reported by valgrind? (I just add some null check when accessing by pointer de-reference)
Thanks.