Issues in TextGapBuffer
|Reported by:||BNickName||Owned by:||zooey|
|Has a Patch:||no||Platform:||All|
There are a few issues with the TextGapBuffer. Stefano or me will probably fix it soon. but since one of them involves reading past buffers someone might want to fix this earlier.
(For an understanding of the text gap buffer see http://www.codeproject.com/KB/recipes/GenericGapBuffer.aspx#GapBufferWorks or "The Craft of Text Editing" http://www.finseth.com/craft/)
The first problem is that RemoveRange resizes the gap each time after removing content, to make sure the gap doesn't grow too big:
if (fGapCount > kTextGapBufferBlockSize)
In practice however, this means that every time a character is deleted, the buffer is being resized.
The bigger problem however is that SizeGapTo resizes the buffer (realloc) before moving the gap (memmove). This means that you lose the content of the buffer in case the gap is not at the end (the gap position depends on where the user is editing). As well as read beyond the reallocated space.
So each time the user deletes a character, there is a possibility that he loses text at the end of the buffer, in case the realloc would move the memory.