TRANLE@intellicorp.COM (Minh Tran-Le) (02/16/91)
I seem to have found a bug in the function _XtDoPhase2Destroy() in the file mit/lib/Xt/Destroy.c When a Phase2Destroy occurs at a dispatch level greater than 1, You may end up with corrupted memory because the bcopy call copy past the end of the destroy list. Here is the fix for that problem. Minh Tran-Le. --------------------------------------------------------------------------- --- Destroy.c.~1~ Fri Sep 28 22:59:26 1990 +++ Destroy.c Sat Feb 16 01:29:27 1991 @@ -212,35 +212,35 @@ } /* XtPhase2Destroy */ void _XtDoPhase2Destroy(app, dispatch_level) XtAppContext app; int dispatch_level; { /* Phase 2 must occur in fifo order. List is not necessarily * contiguous in dispatch_level. */ int i = 0; DestroyRec* dr = app->destroy_list; while (i < app->destroy_count) { if (dr->dispatch_level >= dispatch_level) { Widget w = dr->widget; - if (--app->destroy_count) + if (--app->destroy_count > i) bcopy( (char*)(dr+1), (char*)dr, - app->destroy_count*sizeof(DestroyRec) + (app->destroy_count - i)*sizeof(DestroyRec) ); XtPhase2Destroy(w); } else { i++; dr++; } } } void XtDestroyWidget (widget) Widget widget; { XtAppContext app = XtWidgetToApplicationContext(widget); -------