Summary: | kpager crash when you try to move windows | ||
---|---|---|---|
Product: | [Unmaintained] kpager | Reporter: | Pierre Habouzit <madcoder> |
Component: | general | Assignee: | Antonio Larrosa <larrosa> |
Status: | RESOLVED FIXED | ||
Severity: | crash | CC: | vfiend |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Debian testing | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: |
Description
Pierre Habouzit
2006-06-05 10:08:22 UTC
SVN commit 548508 by chrsmrtn: Fix double-free in kpager. This was caused by a fix to an apparent memory leak. It appears that QByteArray does free up the memory it is assigned. Then when 'tmp' goes out of scope, the memory is freed again, hence the crash. I doubt that there was a problem to begin with - at least in the 3.5 branch. A similar fix was checked into HEAD, but QByteArray behaves differently in Qt4, so perhaps things are now correct there; I'm not equipped to test that situation. BUG: 128663 M +4 -4 windowdrag.cpp --- branches/KDE/3.5/kdebase/kpager/windowdrag.cpp #548507:548508 @@ -28,10 +28,10 @@ PagerWindowDrag::PagerWindowDrag(WId w,int deltax,int deltay, int origdesk,QWidget *parent) : QStoredDrag("application/x-kpager",parent,"windowdrag") { - QString tmp; - tmp.sprintf("%d %d %d %d", static_cast<int>(w), deltax, deltay, origdesk); - QByteArray data(tmp.length()+1); - data.assign(tmp.latin1(),tmp.length()+1); + QString *tmp = new QString(); + tmp->sprintf("%d %d %d %d", static_cast<int>(w), deltax, deltay, origdesk); + QByteArray data(tmp->length()+1); + data.assign(tmp->latin1(),tmp->length()+1); setEncodedData(data); } *** Bug 128805 has been marked as a duplicate of this bug. *** |