Ticket #217 (Fixed)Tue Jul 21 15:26:44 UTC 2009
Text area gadgets left with stale pointers after expanding RMA block containing handles for sliding heap
| Reported by: | Christopher Bazley (288) | Severity: | Major |
| Part: | RISC OS: Module | Release: | |
| Milestone: | Status | Fixed |
Details by Christopher Bazley (288):
The TextGadgets module maintains a dynamic array in an RMA block, where each element gives the base address and size of a block within its sliding heap (also the number of bytes free at the end of each block). Such elements are typed as ‘Handle’.
If every element of this array is in use then the RMA block containing it will be extended using OS_Module 13. That will change the base address of the block and thus invalidate all the ‘Handle’ pointers previously output by the ‘create_block’ function. Data aborts are likely to ensue because every pre-existing TextArea gadget will have been left with a stale pointer to part of the RMA that is liable to be overwritten by other data.
Changelog:
Modified by Jeffrey Lee (213) Sat, June 25 2011 - 22:44:38 GMT
- Status changed from Open to Fixed
This should now be fixed in TextGadgets 0.32.
