File: | src/Destroy.c |
Location: | line 342, column 9 |
Description: | Access to field 'in_phase2_destroy' results in a dereference of a null pointer (loaded from variable 'app') |
1 | /*********************************************************** | |||
2 | Copyright (c) 1993, Oracle and/or its affiliates. All rights reserved. | |||
3 | ||||
4 | Permission is hereby granted, free of charge, to any person obtaining a | |||
5 | copy of this software and associated documentation files (the "Software"), | |||
6 | to deal in the Software without restriction, including without limitation | |||
7 | the rights to use, copy, modify, merge, publish, distribute, sublicense, | |||
8 | and/or sell copies of the Software, and to permit persons to whom the | |||
9 | Software is furnished to do so, subject to the following conditions: | |||
10 | ||||
11 | The above copyright notice and this permission notice (including the next | |||
12 | paragraph) shall be included in all copies or substantial portions of the | |||
13 | Software. | |||
14 | ||||
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |||
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |||
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL | |||
18 | THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |||
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING | |||
20 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER | |||
21 | DEALINGS IN THE SOFTWARE. | |||
22 | ||||
23 | Copyright 1987, 1988 by Digital Equipment Corporation, Maynard, Massachusetts. | |||
24 | ||||
25 | All Rights Reserved | |||
26 | ||||
27 | Permission to use, copy, modify, and distribute this software and its | |||
28 | documentation for any purpose and without fee is hereby granted, | |||
29 | provided that the above copyright notice appear in all copies and that | |||
30 | both that copyright notice and this permission notice appear in | |||
31 | supporting documentation, and that the name of Digital not be | |||
32 | used in advertising or publicity pertaining to distribution of the | |||
33 | software without specific, written prior permission. | |||
34 | ||||
35 | DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING | |||
36 | ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL | |||
37 | DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR | |||
38 | ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, | |||
39 | WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, | |||
40 | ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS | |||
41 | SOFTWARE. | |||
42 | ||||
43 | ******************************************************************/ | |||
44 | ||||
45 | /* | |||
46 | ||||
47 | Copyright 1987, 1988, 1994, 1998 The Open Group | |||
48 | ||||
49 | Permission to use, copy, modify, distribute, and sell this software and its | |||
50 | documentation for any purpose is hereby granted without fee, provided that | |||
51 | the above copyright notice appear in all copies and that both that | |||
52 | copyright notice and this permission notice appear in supporting | |||
53 | documentation. | |||
54 | ||||
55 | The above copyright notice and this permission notice shall be included in | |||
56 | all copies or substantial portions of the Software. | |||
57 | ||||
58 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |||
59 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |||
60 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |||
61 | OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN | |||
62 | AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN | |||
63 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | |||
64 | ||||
65 | Except as contained in this notice, the name of The Open Group shall not be | |||
66 | used in advertising or otherwise to promote the sale, use or other dealings | |||
67 | in this Software without prior written authorization from The Open Group. | |||
68 | ||||
69 | */ | |||
70 | ||||
71 | #ifdef HAVE_CONFIG_H1 | |||
72 | #include <config.h> | |||
73 | #endif | |||
74 | #include "IntrinsicI.h" | |||
75 | ||||
76 | struct _DestroyRec { | |||
77 | int dispatch_level; | |||
78 | Widget widget; | |||
79 | }; | |||
80 | ||||
81 | static void Recursive(Widget widget, XtWidgetProc proc) | |||
82 | { | |||
83 | register Cardinal i; | |||
84 | CompositePart *cwp; | |||
85 | ||||
86 | /* Recurse down normal children */ | |||
87 | if (XtIsComposite(widget)(((Object)(widget))->object.widget_class->core_class.class_inited & 0x08)) { | |||
88 | cwp = &(((CompositeWidget) widget)->composite); | |||
89 | for (i = 0; i < cwp->num_children; i++) { | |||
90 | Recursive(cwp->children[i], proc); | |||
91 | } | |||
92 | } | |||
93 | ||||
94 | /* Recurse down popup children */ | |||
95 | if (XtIsWidget(widget)(((Object)(widget))->object.widget_class->core_class.class_inited & 0x04)) { | |||
96 | for (i = 0; i < widget->core.num_popups; i++) { | |||
97 | Recursive(widget->core.popup_list[i], proc); | |||
98 | } | |||
99 | } | |||
100 | ||||
101 | /* Finally, apply procedure to this widget */ | |||
102 | (*proc) (widget); | |||
103 | } /* Recursive */ | |||
104 | ||||
105 | static void Phase1Destroy (Widget widget) | |||
106 | { | |||
107 | Widget hookobj = XtHooksOfDisplay(XtDisplayOfObject(widget)((((Object)(widget))->object.widget_class->core_class.class_inited & 0x04) ? (widget)->core.screen->display : _XtIsHookObject (widget) ? ((HookObject)(widget))->hooks.screen->display : _XtWindowedAncestor(widget)->core.screen->display)); | |||
108 | ||||
109 | widget->core.being_destroyed = TRUE1; | |||
110 | if (XtHasCallbacks(hookobj, XtNdestroyHook((char*)&XtStrings[2099])) == XtCallbackHasSome) { | |||
111 | XtDestroyHookDataRec call_data; | |||
112 | ||||
113 | call_data.type = XtHdestroy((char*)&XtStrings[2639]); | |||
114 | call_data.widget = widget; | |||
115 | XtCallCallbackList(hookobj, | |||
116 | ((HookObject)hookobj)->hooks.destroyhook_callbacks, | |||
117 | (XtPointer) &call_data); | |||
118 | } | |||
119 | } /* Phase1Destroy */ | |||
120 | ||||
121 | static void Phase2Callbacks(Widget widget) | |||
122 | { | |||
123 | if (widget->core.destroy_callbacks != NULL((void*)0)) { | |||
124 | XtCallCallbackList(widget, | |||
125 | widget->core.destroy_callbacks, (XtPointer) NULL((void*)0)); | |||
126 | } | |||
127 | } /* Phase2Callbacks */ | |||
128 | ||||
129 | static void Phase2Destroy(register Widget widget) | |||
130 | { | |||
131 | register WidgetClass class; | |||
132 | register ConstraintWidgetClass cwClass; | |||
133 | ObjectClassExtension ext; | |||
134 | ||||
135 | /* Call constraint destroy procedures */ | |||
136 | if (XtParent(widget)((widget)->core.parent) != NULL((void*)0) && !XtIsShell(widget)(((Object)(widget))->object.widget_class->core_class.class_inited & 0x20) && XtIsConstraint(XtParent(widget))(((Object)(((widget)->core.parent)))->object.widget_class ->core_class.class_inited & 0x10)) { | |||
137 | LOCK_PROCESSif(_XtProcessLock)(*_XtProcessLock)(); | |||
138 | cwClass = (ConstraintWidgetClass)XtParent(widget)((widget)->core.parent)->core.widget_class; | |||
139 | UNLOCK_PROCESSif(_XtProcessUnlock)(*_XtProcessUnlock)(); | |||
140 | for (;;) { | |||
141 | XtWidgetProc destroy; | |||
142 | ||||
143 | LOCK_PROCESSif(_XtProcessLock)(*_XtProcessLock)(); | |||
144 | destroy = cwClass->constraint_class.destroy; | |||
145 | UNLOCK_PROCESSif(_XtProcessUnlock)(*_XtProcessUnlock)(); | |||
146 | if (destroy) | |||
147 | (*destroy) (widget); | |||
148 | if (cwClass == (ConstraintWidgetClass)constraintWidgetClass) break; | |||
149 | LOCK_PROCESSif(_XtProcessLock)(*_XtProcessLock)(); | |||
150 | cwClass = (ConstraintWidgetClass) cwClass->core_class.superclass; | |||
151 | UNLOCK_PROCESSif(_XtProcessUnlock)(*_XtProcessUnlock)(); | |||
152 | } | |||
153 | } | |||
154 | ||||
155 | /* Call widget destroy procedures */ | |||
156 | LOCK_PROCESSif(_XtProcessLock)(*_XtProcessLock)(); | |||
157 | for (class = widget->core.widget_class; | |||
158 | class != NULL((void*)0); | |||
159 | class = class->core_class.superclass) { | |||
160 | XtWidgetProc destroy; | |||
161 | ||||
162 | destroy = class->core_class.destroy; | |||
163 | UNLOCK_PROCESSif(_XtProcessUnlock)(*_XtProcessUnlock)(); | |||
164 | if (destroy) | |||
165 | (*destroy) (widget); | |||
166 | LOCK_PROCESSif(_XtProcessLock)(*_XtProcessLock)(); | |||
167 | } | |||
168 | ||||
169 | /* Call widget deallocate procedure */ | |||
170 | ext = (ObjectClassExtension) | |||
171 | XtGetClassExtension(widget->core.widget_class, | |||
172 | XtOffsetOf(CoreClassPart, extension)__builtin_offsetof(CoreClassPart, extension), | |||
173 | NULLQUARK((XrmQuark) 0), XtObjectExtensionVersion1L, | |||
174 | sizeof(ObjectClassExtensionRec)); | |||
175 | if (ext && ext->deallocate) { | |||
176 | XtDeallocateProc deallocate; | |||
177 | deallocate = ext->deallocate; | |||
178 | UNLOCK_PROCESSif(_XtProcessUnlock)(*_XtProcessUnlock)(); | |||
179 | (*deallocate)(widget, NULL((void*)0)); | |||
180 | } else { | |||
181 | UNLOCK_PROCESSif(_XtProcessUnlock)(*_XtProcessUnlock)(); | |||
182 | XtFree((char *)widget); | |||
183 | } | |||
184 | } /* Phase2Destroy */ | |||
185 | ||||
186 | static Boolean IsDescendant(Widget widget, Widget root) | |||
187 | { | |||
188 | while ((widget = XtParent(widget)((widget)->core.parent)) != root) { | |||
189 | if (widget == NULL((void*)0)) return False0; | |||
190 | } | |||
191 | return True1; | |||
192 | } | |||
193 | ||||
194 | static void XtPhase2Destroy (Widget widget) | |||
195 | { | |||
196 | Display *display = NULL((void*)0); | |||
197 | Window window; | |||
198 | Widget parent; | |||
199 | XtAppContext app = XtWidgetToApplicationContext(widget); | |||
200 | Widget outerInPhase2Destroy = app->in_phase2_destroy; | |||
201 | int starting_count = app->destroy_count; | |||
202 | Boolean isPopup = False0; | |||
203 | ||||
204 | /* invalidate focus trace cache for this display */ | |||
205 | _XtGetPerDisplay(XtDisplayOfObject(widget)((((Object)(widget))->object.widget_class->core_class.class_inited & 0x04) ? (widget)->core.screen->display : _XtIsHookObject (widget) ? ((HookObject)(widget))->hooks.screen->display : _XtWindowedAncestor(widget)->core.screen->display))->pdi.traceDepth = 0; | |||
206 | ||||
207 | parent = widget->core.parent; | |||
208 | ||||
209 | if (parent && XtIsWidget(parent)(((Object)(parent))->object.widget_class->core_class.class_inited & 0x04) && parent->core.num_popups) { | |||
210 | Cardinal i; | |||
211 | for (i = 0; i < parent->core.num_popups; i++) { | |||
212 | if (parent->core.popup_list[i] == widget) { | |||
213 | isPopup = True1; | |||
214 | break; | |||
215 | } | |||
216 | } | |||
217 | } | |||
218 | ||||
219 | if (!isPopup && parent && XtIsComposite(parent)(((Object)(parent))->object.widget_class->core_class.class_inited & 0x08)) { | |||
220 | XtWidgetProc delete_child; | |||
221 | ||||
222 | LOCK_PROCESSif(_XtProcessLock)(*_XtProcessLock)(); | |||
223 | delete_child = | |||
224 | ((CompositeWidgetClass) parent->core.widget_class)-> | |||
225 | composite_class.delete_child; | |||
226 | UNLOCK_PROCESSif(_XtProcessUnlock)(*_XtProcessUnlock)(); | |||
227 | if (XtIsRectObj(widget)(((Object)(widget))->object.widget_class->core_class.class_inited & 0x02)) { | |||
228 | XtUnmanageChild(widget); | |||
229 | } | |||
230 | if (delete_child == NULL((void*)0)) { | |||
231 | String param; | |||
232 | Cardinal num_params = 1; | |||
233 | ||||
234 | LOCK_PROCESSif(_XtProcessLock)(*_XtProcessLock)(); | |||
235 | param = parent->core.widget_class->core_class.class_name; | |||
236 | UNLOCK_PROCESSif(_XtProcessUnlock)(*_XtProcessUnlock)(); | |||
237 | XtAppWarningMsg(XtWidgetToApplicationContext(widget), | |||
238 | "invalidProcedure","deleteChild",XtCXtToolkitError, | |||
239 | "null delete_child procedure for class %s in XtDestroy", | |||
240 | ¶m, &num_params); | |||
241 | } else { | |||
242 | (*delete_child) (widget); | |||
243 | } | |||
244 | } | |||
245 | ||||
246 | /* widget is freed in Phase2Destroy, so retrieve window now. | |||
247 | * Shells destroy their own windows, to prevent window leaks in | |||
248 | * popups; this test is practical only when XtIsShell() is cheap. | |||
249 | */ | |||
250 | if (XtIsShell(widget)(((Object)(widget))->object.widget_class->core_class.class_inited & 0x20) || !XtIsWidget(widget)(((Object)(widget))->object.widget_class->core_class.class_inited & 0x04)) { | |||
251 | window = 0; | |||
252 | } | |||
253 | else { | |||
254 | display = XtDisplay(widget)(((widget)->core.screen)->display); | |||
255 | window = widget->core.window; | |||
256 | } | |||
257 | ||||
258 | Recursive(widget, Phase2Callbacks); | |||
259 | if (app->destroy_count > starting_count) { | |||
260 | int i = starting_count; | |||
261 | while (i < app->destroy_count) { | |||
262 | ||||
263 | DestroyRec * dr = app->destroy_list + i; | |||
264 | if (IsDescendant(dr->widget, widget)) { | |||
265 | Widget descendant = dr->widget; | |||
266 | register int j; | |||
267 | app->destroy_count--; | |||
268 | for (j = app->destroy_count - i; --j >= 0; dr++) | |||
269 | *dr = *(dr + 1); | |||
270 | XtPhase2Destroy(descendant); | |||
271 | } | |||
272 | else i++; | |||
273 | } | |||
274 | } | |||
275 | ||||
276 | app->in_phase2_destroy = widget; | |||
277 | Recursive(widget, Phase2Destroy); | |||
278 | app->in_phase2_destroy = outerInPhase2Destroy; | |||
279 | ||||
280 | if (isPopup) { | |||
281 | Cardinal i; | |||
282 | for (i = 0; i < parent->core.num_popups; i++) | |||
283 | if (parent->core.popup_list[i] == widget) { | |||
284 | parent->core.num_popups--; | |||
285 | while (i < parent->core.num_popups) { | |||
286 | parent->core.popup_list[i] = parent->core.popup_list[i+1]; | |||
287 | i++; | |||
288 | } | |||
289 | break; | |||
290 | } | |||
291 | } | |||
292 | ||||
293 | /* %%% the following parent test hides a more serious problem, | |||
294 | but it avoids breaking those who depended on the old bug | |||
295 | until we have time to fix it properly. */ | |||
296 | ||||
297 | if (window && (parent == NULL((void*)0) || !parent->core.being_destroyed)) | |||
298 | XDestroyWindow(display, window); | |||
299 | } /* XtPhase2Destroy */ | |||
300 | ||||
301 | ||||
302 | void _XtDoPhase2Destroy(XtAppContext app, int dispatch_level) | |||
303 | { | |||
304 | /* Phase 2 must occur in fifo order. List is not necessarily | |||
305 | * contiguous in dispatch_level. | |||
306 | */ | |||
307 | ||||
308 | int i = 0; | |||
309 | while (i < app->destroy_count) { | |||
310 | ||||
311 | /* XtPhase2Destroy can result in calls to XtDestroyWidget, | |||
312 | * and these could cause app->destroy_list to be reallocated. | |||
313 | */ | |||
314 | ||||
315 | DestroyRec* dr = app->destroy_list + i; | |||
316 | if (dr->dispatch_level >= dispatch_level) { | |||
317 | Widget w = dr->widget; | |||
318 | register int j; | |||
319 | app->destroy_count--; | |||
320 | for (j = app->destroy_count - i; --j >=0; dr++) | |||
321 | *dr = *(dr + 1); | |||
322 | XtPhase2Destroy(w); | |||
323 | } | |||
324 | else i++; | |||
325 | } | |||
326 | } | |||
327 | ||||
328 | ||||
329 | void XtDestroyWidget (Widget widget) | |||
330 | { | |||
331 | XtAppContext app; | |||
332 | DestroyRec *dr, *dr2; | |||
333 | ||||
334 | app = XtWidgetToApplicationContext(widget); | |||
| ||||
335 | LOCK_APP(app)if(app && app->lock)(*app->lock)(app); | |||
336 | if (widget->core.being_destroyed) { | |||
337 | UNLOCK_APP(app)if(app && app->unlock)(*app->unlock)(app); | |||
338 | return; | |||
339 | } | |||
340 | Recursive(widget, Phase1Destroy); | |||
341 | ||||
342 | if (app->in_phase2_destroy && | |||
| ||||
343 | IsDescendant(widget, app->in_phase2_destroy)) | |||
344 | { | |||
345 | XtPhase2Destroy(widget); | |||
346 | UNLOCK_APP(app)if(app && app->unlock)(*app->unlock)(app); | |||
347 | return; | |||
348 | } | |||
349 | ||||
350 | if (app->destroy_count == app->destroy_list_size) { | |||
351 | app->destroy_list_size += 10; | |||
352 | app->destroy_list = (DestroyRec*) | |||
353 | XtRealloc( (char*)app->destroy_list, | |||
354 | (unsigned)sizeof(DestroyRec)*app->destroy_list_size | |||
355 | ); | |||
356 | } | |||
357 | dr = app->destroy_list + app->destroy_count++; | |||
358 | dr->dispatch_level = app->dispatch_level; | |||
359 | dr->widget = widget; | |||
360 | ||||
361 | if (app->dispatch_level > 1) { | |||
362 | int i; | |||
363 | for (i = app->destroy_count - 1; i;) { | |||
364 | /* this handles only one case of nesting difficulties */ | |||
365 | dr = app->destroy_list + (--i); | |||
366 | if (dr->dispatch_level < app->dispatch_level && | |||
367 | IsDescendant(dr->widget, widget)) { | |||
368 | dr2 = app->destroy_list + (app->destroy_count-1); | |||
369 | dr2->dispatch_level = dr->dispatch_level; | |||
370 | break; | |||
371 | } | |||
372 | } | |||
373 | } | |||
374 | ||||
375 | if (_XtSafeToDestroy(app)((app)->dispatch_level == 0)) { | |||
376 | app->dispatch_level = 1; /* avoid nested _XtDoPhase2Destroy */ | |||
377 | _XtDoPhase2Destroy(app, 0); | |||
378 | app->dispatch_level = 0; | |||
379 | } | |||
380 | UNLOCK_APP(app)if(app && app->unlock)(*app->unlock)(app); | |||
381 | ||||
382 | } /* XtDestroyWidget */ |