To: lablgtk at kaba.or.jp
Subject: Re: strange data problems
References: <874r3aemtx.fsf at cs.cmu.edu>
	<16090.34885.62505.554832@karryall.dnsalias.org>
From: Michael Welsh Duggan <md5i at cs.cmu.edu>
Date: Sun, 01 Jun 2003 23:45:54 -0400
In-Reply-To: <16090.34885.62505.554832 at karryall.dnsalias.org> (Olivier
 Andrieu's message of "Mon, 2 Jun 2003 01:12:05 +0200")
Message-ID: <87smqti1l9.fsf at cs.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: Michael Welsh Duggan <md5i at md5i.dsl.telerama.com>

Olivier Andrieu <andrieu at ijm.jussieu.fr> writes:

>  Michael Welsh Duggan [Saturday 31 May 2003] :
>  >
>  > Using lablgtk2, the program at
>  > <URL:http://md5i.dsl.telerama.com:8000/timeagent/> fails under very
>  > strange circumstances.  Try compiling and running the program.  You
>  > should get a window that looks like
>  > <URL:http://md5i.dsl.telerama.com:8000/timeagent/ui1.png>.
>  > 
>  > Now, middle-click on the hex that is marked in 
>  > <URL:http://md5i.dsl.telerama.com:8000/timeagent/ui2.png>.  That
>  > should turn over the tile.  If you middle click on the tile again,
>  > the program segfaults.  I have been unable to determine why.  I am
>  > trying to create an isolated example, but I have not yet been able
>  > to.  
>
> OK I think it's a libgnomecanvas problem. 
>
> It's related to the way events for canvas items are handled. Canvas
> items are not widgets, so it's the canvas itself (a true GtkWidget)
> that intercepts events and forwards them to the appropriate items
> (according to the items hierarchy). On some occasions, the canvas
> itself synthetises ENTER/LEAVE notify events for canvas items but it
> does not initializes all the fields in the GdkEventCrossing structure,
> only the type, detail and subwindow fields (see
> gnome-canvas.c(pick_current_item) line 2693).
>
> That's what happening here. The bottom line is, some canvas item
> events are "faked" events and some of their fields are uninitialized
> (maybe because it wouldn't make any sense in the context of a canvas
> item ?). So access to these fields with lablgtk accessor fonctions is
> UB, just like in C.

I've considered that, and have poked around the libgnomecanvas code
myself under the debugger.  Unfortunately, I do not think that this
is what is happening in this circumstance.  For one,
pick_current_item does a very good job of filling the crossing event
data.  For another, the data is coming through is too corrupted.  I
could consider a badly faked or uninitialized data field if the data
field sent to ml_lookup_from_c was out of bounds, but in this case
the lookup_info pointer passed in is also bogus.  This looks to me to
be due to corruption at a much deeper level.

-- 
Michael Welsh Duggan
(md5i@cs.cmu.edu)