Package: ebview
Version: 0.3.6.2-1.3
Tags: patch
There's an off-by-one error in ebview which is causing occasional
crashes for me when doing full-text searches (specifically, when
the search strings consist entirely of ascii characters):
The function euc2jis() in src/eb.c doesn't allocate enough space
for its output.
It malloc's (strlen((gchar *) euc_p)*2) bytes, initialises the pointer
jis_p to point to the beginning of the buffer, and then in the
following while loop jis_p is advanced twice each iteration. If the
input string (inbuf) consists entirely of ascii characters, jis_p be
advanced (strlen((gchar *) euc_p)*2) times, and will point past the
end of the buffer; writing the terminating NUL character causes an
out-of-bounds write in this case.
The following patch fixes this:
--- a/src/eb.c
+++ b/src/eb.c
@@ -811,7 +811,7 @@ static gchar *euc2jis(gchar *inbuf){
guchar *jis_p;
euc_p = (guchar *) inbuf;
- jis_p = jisbuf = malloc(strlen((gchar *) euc_p)*2);
+ jis_p = jisbuf = malloc(strlen((gchar *) euc_p)*2+1);
while(*euc_p != '\0'){
if(( 0x20 <= *euc_p) && (*euc_p <= 0x7e) &&
(ascii_to_jisx2080_table[*euc_p] != 0x00)){
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
