Fix out-of-bounds read on truncated UTF-8 in wxUString The length-counting pass in assignFromUTF8() advances p by the lead byte's UTF-8 sequence length without checking those bytes are really there. A string ending in a truncated multibyte sequence (e.g. a lone 0xC3 before the NUL) skips p past the terminating NUL, so the while(*p) test then reads past the end of the buffer. The assignFromUTF8(str, n) overload below already guards this via utf8_pos + len > n; this just adds the equivalent check for the terminated form. Closes #26548. (cherry picked from commit 76991d2d13c6214f390331a1e2bee88f0658cfe8)
Fix rowspan/colspan integer overflow in wxHtmlTableCell::AddCell() AddCell() reads COLSPAN and ROWSPAN from the markup into ints with no upper bound, then uses r + rowspan and c + colspan to grow the cell table and to index ypos[] in Layout(). A value near INT_MAX, e.g. in the second row, overflows the addition so the r + rowspan > m_NumRows growth check is bypassed and Layout() writes past the end of ypos[]. Clamp colspan and rowspan to the limits from the HTML spec (1000 and 65534). See #26554. (cherry picked from commit 4309276ceff156cba65dc537c643995ed11d9697)
Update GitHub Actions to be Node v24 compatible Node v20 has gone EOL and will be removed from GitHub Actions soon. This migrates all the GitHub Actions to use versions that are Node 24 compatible. The only change of real substance is moving to the step-security fork of gha-setup-vsdevenv which seems probably better than wx maintaining its own fork. Also update a few other actions version in 3.2 branch to use the same versions as in master. (cherry picked from commit 39c73b42f5882fc0eef568eda077ee20385c7bbd)
Fix out-of-bounds read on trailing % in wxDateTime::Format() Omit the unit test added in master due to the changes in it between master and this branch. See #26543. (cherry picked from commit 53901b80d243b2b75e245768c0e4d66e0f030ae0)
Fix off-by-one in hostent/servent pointer list terminator The h_addr_list/h_aliases/s_aliases copy loops in deepCopyHostent() and deepCopyServent() reserve N pointer slots for N entries and then write the terminator with *++q, one slot too far, so the array isn't terminated right after the last entry and that slot holds copied address/alias bytes used as a pointer. Reserve a slot for the terminator and write it with *q. See #26553. (cherry picked from commit 48561fc632f7f12e0916a4651faa319f49baa0be)
Validate background colour index in wxGIFDecoder::LoadGIF() Don't set background colour to uninitialized memory contents, just ignore the invalid index. See #26582. (cherry picked from commit 7ee01fa850fd674d46aa2a4e136a6dec5375c685)
Avoid uninitialised palette read in wxXPMDecoder::ReadData() This function allocates the palette r/g/b arrays from the colour count given in the XPM header but fills them by walking the colour map, so a malformed file that reuses the same key on more than one colour line collapses those lines into a single map entry and leaves the tail of the arrays uninitialised. wxPalette() then copies that uninitialised memory into the palette later returned by GetPalette(), and in debug builds the wxASSERT(i == colors_cnt) at the end fires. Use the actual number of distinct colours in the map as the size for the arrays and the palette to fix this. Also add a test loading an XPM triggering this issue. See #26595. (cherry picked from commit 788b4581122ffda0ee5b7c51132d115e62aafd99)
Fix drawing of very large bitmaps with GTK3 Creating a Cairo "similar image" surface seems to use a lot of memory for very large images, resulting in what is probably an out-of-memory condition. Using a plain image surface allows sizes up to the Cairo limit of 32767x32767 to be handled. See #25656 (cherry picked from commit ecb37e81afcf47a3254f367c8fdafdd216b5ec82)
Update version to 3.2.11 Run ./misc/scripts/inc_release, bakefile and autoconf.
Add wxGrid::GetFrozenRowLabelWindow() and GetFrozenColLabelWindow() These accessors for the frozen row and column label sub-windows were missing from the public API even though the equivalent data cell windows (GetFrozenRowGridWindow/GetFrozenColGridWindow) are already public. Without them it is impossible to bind events (e.g. EVT_MOTION) to the frozen label strips from outside the wxGrid implementation. See #26617. (cherry picked from commit e069b7f4b9737b634bd727fe124854bdc3085514) Co-authored-by: Vadim Zeitlin <va...@wxwidgets.org>
Use wxVector<> instead of vector<> in wxSocket code Amend the changes of 644b99da6c (Make wxSocket::Peek() work with UDP too, 2023-06-03), see #23594, #23604.
Avoid buffer overflow when parsing AFM files Limit sscanf field widths to avoid overflowing fixed size buffers in wxPostScriptDC code. See #26645. (cherry picked from commit b0e297a0caab1d3b01dfa76f420529aa18c4a00d)
Fix wxPG macros when wxNO_IMPLICIT_WXSTRING_ENCODING is defined Use wide-char literal string instead of an ASCII one to fix compilation. See #26651. (cherry picked from commit aae2d7062c427b449c61e3d343be7c7aba45bfd6)
CMake: Always install common headers backport of d3cdfc8882d379e8e40e33a6be6ee82c341e5cfa
CMake: Install with relative symlinks backport of 24571ab89db0fda94a77fc56398b146af58f36c0
CMake: Add wxbase_only target backport of 62403ce1e04b4efa50dfb7a4c749a54fc23d09d9 Import install properties of static libraries backport of b17a03da7f8ada0433dac4bb80d867b1b1a7b4ce
CMake: Declare more build option dependencies backport of a967bead1a11321bab0e91ce126efc1e3eeec159 Get rid of macro to link sample libraries backport of 54bbd316def346c2b3f61ad0eb4310ed8bbd834c Enable MFC sample when MFC is available backport of f2ff34b6fb55ef7874577abb6cf3b73eec458557 Fix building wxBase under Android backport of c52190e3d14a5b12c0672aa66ef0e8f02da5703d
CMake: Miscellaneous backports Automatically update outdated WebView2 package backport of 210d1db7a74974504d7617fff0d728b1820deceb Don't use /MP option when not using MSVS CMake generator backport of 8ef84ab4fd706a9428b3285ab003883906697ff6 Set the wx-config RESCOMP value backport of 48092f29cbdc30397a00fafeaf6dbba94c85a06a Allow to override wx_option_auto backport of 764d775076f8c2b05c5b3d8cb64cae863ffd2368 Don't install release PDBs when stripped releases is enabled backport of 8c1ede66075ccfca8edfcfe87950e89ebc4c64d5 Slightly simplify and make more robust CMake version parsing backport of 8933626b22e714f43c01c75b40dd6e582d3f3c38 Build wxxml in non-GUI builds too backport of 8af1ec05eaad028e56d4fb4798240a5a0f132a94 change wxUSE_CONFIG_NATIVE setting logic in backport of 9377ec794e1610318fc39919723c225f4ed4b04d Add detection of SM library to CMake backport of f275d6f43578772f6596cf3b41cf8a2a4df08aef Re-enable wxUSE_DETECT_SM by default in CMake builds backport of cfb3856045fad30b6f30d3a5bfac355e8336d647 Improve checks for GTK3 on macOS backport of 92820ce8a9583ff3c0ccb39100539c13b6575489 Only enable wxUSE_HOTKEY on wxMSW and wxOSX backport of 32ca3660831c72f042d5cd86e18f2d0eb85670fb Disable wxUSE_FSVOLUME in the ports not supporting it backport of 6e8eac94ab9a4a9b15507b8aaa253efe661f77cd Backport RES_BUNDLE option
CMake: Generate appropriate expat_config.h for Expat backport of 57edf800b26b43187ba2996ecd10d44e3cce94b5 Skip some CMake checks that always fail under Windows partial backport of 94f53184f267aecbc48569bf8e66ef5c4ed1de96
CMake: Restructure wx_add_builtin_library Partial backport of cd201ad5f35014317f229a50440ab2ebc3e38c5d and 3d389bbbbfc592aa221f6cd3c4f11850626a6fa0
CMake: Refactor applying toolkit properties backport of 7f293e41943a6e13e11c513aa4d8e40f702f7318
Merge branch 'backport-cmake-2026-06' of github.com:MaartenBent/wxWidgets into 3.2 Backport some/most CMake improvements from master. See #26653.
Use "vc145" versioned suffix for MSVS 2026 compiler Use a distinct value for MSVS 2026 with wxMSVC_VERSION_AUTO. Note that vc144 should have been used for MSVS 2022 v17.14, see https://learn.microsoft.com/en-us/cpp/overview/compiler-versions but we didn't do it, so there is a hole between vc143 and vc145. (cherry picked from commit a0f5c92b964638b18c7be7bf48e3af0c03d11c79)
Update wxwidgets.props and common.bkl for VS 2026 This is in line with the changes in a0f5c92b964638b18c7be7bf48e3af0c03d11c79 and 3d88038d0175b50781cf250b0c21165cbfd9cb22 (cherry picked from commit f5cb9a66c0f4b6929379a10de02ecab454ddaf00)
Rebake makefiles for 3.2.11 Change WX_VERSION in all Makefile.in files.
Update comment for wxToolsetVersion (cherry picked from commit 9006641fb1988217fb1d4d1bb30362d269b2dfdf)
—
View it on GitLab.
You're receiving this email because of your account on gitlab.com. Manage all notifications · Help