Opened 10 years ago
Closed 9 years ago
#11111 closed bug (fixed)
Division by zero in TabDecorator CID 1210846 (easy)
| Reported by: | kallisti5 | Owned by: | jscipione |
|---|---|---|---|
| Priority: | low | Milestone: | R1 |
| Component: | Add-Ons/Decorators/Default | Version: | R1/Development |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Platform: | All |
Description (last modified by )
Per CID 1210846, there is a potential division by zero...
http://cgit.haiku-os.org/haiku/tree/src/servers/app/decorator/TabDecorator.cpp#n431
In TabDecorator::_DistributeTabSize(float delta)
int32 nTabsWithMaxSize = 0;
.
.
for (int32 i = 0; i < fTabList.CountItems(); i++) {
(make nTabsWithMaxSize larger)
}
.
.
minus /= nTabsWithMaxSize;
I don't have the time to study the code and fix it, but it was a big enough issue I decided it needed a ticket. If fTabList.CountItems() is 0, the code will divide by 0
Attachments (3)
Change History (13)
comment:1 by , 10 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 10 years ago
comment:3 by , 10 years ago
I would initialize nTabsWithMaxSize to 1 instead of 0, and remove the assignment line 424.
comment:4 by , 10 years ago
| Keywords: | easy added |
|---|---|
| Milestone: | R1/alpha5 → R1 |
| Priority: | normal → low |
@jessicah Yeah, I saw the assertion check after opening this. However it's checking something other than what it's dividing. While that assertion checks the value in a round-about way, if anyone were to modify the code they could easily miss such a check.
Anyway, yeah... Since now it's more of a cosmetic thing, lowering the priority. I still think it is some low hanging fruit that could be corrected. @korli also had a good solution.
comment:5 by , 9 years ago
| Component: | - General → Servers/app_server |
|---|---|
| Keywords: | easy removed |
| Owner: | changed from to |
| Summary: | Division by zero in TabDecorator CID 1210846 → Division by zero in TabDecorator CID 1210846 (easy) |
by , 9 years ago
| Attachment: | 0001-Issue-11111-Initialize-nTabsWithMaxSize-to-1-instead.patch added |
|---|
comment:7 by , 9 years ago
| patch: | 0 → 1 |
|---|
comment:8 by , 9 years ago
This isn't a clean way to handle this. What I would do is:
- Store the value of CountTabs in a local variable (tabCount or so)
- ASSERT on the variable, then use it for the loop
This makes sure the assert and the loop use the same bound (it doesn't look like there is any locking, so in the current code a tab could be removed while the function runs?).
Then, I would also add a NULL check on the tab inside the loop (and skip the tab if it is NULL)
by , 9 years ago
| Attachment: | 0001-Issue-11111-Division-by-zero-in-TabDecorator.patch added |
|---|
by , 9 years ago
| Attachment: | 0001-Ticket-11111-Division-by-zero-in-TabDecorator.patch added |
|---|
comment:9 by , 9 years ago
| Component: | Servers/app_server → Add-Ons/Decorators/Stack And Tile |
|---|---|
| Owner: | changed from to |
| Status: | new → assigned |
Logically impossible for it to ever be 0. This is why it has an assert, rather than an if check. Adding an if check would hide a bug deeper in the code (and add an unnecessary branch). The CID should be set to not a bug.