Re: [E-devel] [EGIT] [core/efl] master 01/02: address non nul terminated string due to strncpy

[Daniel Juyung Seo]

This just broke all my elm apps.

Program received signal SIGSEGV, Segmentation fault.
0xb7b01aea in _evas_bidi_unicode_to_fribidichar (dest=0x80435000 <Address
0x80435000 out of bounds>,
    src=0x80434ff0 L"\x800\x800\x800́" <Address 0x80435000 out of bounds>)
at lib/evas/common/language/evas_bidi_utils.c:66
66         while (*src) *dest++ = *src++;
(gdb) bt
#0  0xb7b01aea in _evas_bidi_unicode_to_fribidichar (dest=0x80435000
<Address 0x80435000 out of bounds>,
    src=0x80434ff0 L"\x800\x800\x800́" <Address 0x80435000 out of bounds>)
at lib/evas/common/language/evas_bidi_utils.c:66
#1  0xb7b01ea9 in evas_bidi_paragraph_props_get (
    eina_ustr=0x80422d20
L"\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800
\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800
\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800
\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800
\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800
\x800\x800́\x800\x800\x800́"..., len=190, segment_idxs=0x0) at
lib/evas/common/language/evas_bidi_utils.c:251
#2  0xb7a4d388 in _evas_object_text_layout (eo_obj=0x8000f079,
o=0x802b0258,
    text=0x80422d20
L"\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800
\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800
\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800
\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800
\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800
\x800́\x800\x800\x800́"...) at lib/evas/canvas/evas_object_text.c:706
#3  0xb7a529ae in _evas_object_text_recalc (eo_obj=0x8000f079,
    text=0x80422d20
L"\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800
\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800
\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800
\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800
\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800\x800́\x800\x800
\x800́\x800\x800\x800́"...) at lib/evas/canvas/evas_object_text.c:2234
#4  0xb7a4e0bb in _evas_text_text_set (eo_obj=0x8000f079, o=0x802b0258,
_text=0xb792ab46 "") at lib/evas/canvas/evas_object_text.c:989
#5  0xb7a5417e in evas_obj_text_set (text=0xb792ab46 "") at
../src/lib/evas/canvas/evas_text.eo.c:44
#6  0xb790c9ed in _edje_text_recalc_apply (ed=0x8029d9e0, ep=0x801f0c58,
params=0x801f0c64, chosen_desc=0x802c4680, calc_only=1 '\001')
    at lib/edje/edje_text.c:474
#7  0xb787853a in _edje_part_recalc_single_text (sc=1, ed=0x8029d9e0,
ep=0x801f0c58, desc=0x802c4680, chosen_desc=0x802c4680, params=0x801f0c64,
    minw=0xbfffe7a0, minh=0xbfffe7a4, maxw=0xbfffe7a8, maxh=0xbfffe7ac) at
lib/edje/edje_calc.c:1488
#8  0xb787a43b in _edje_part_recalc_single (ed=0x8029d9e0, ep=0x801f0c58,
desc=0x802c4680, chosen_desc=0x802c4680, center=0x0, light=0x0, persp=0x0,
    rel1_to_x=0x801f0a38, rel1_to_y=0x0, rel2_to_x=0x801efa48,
rel2_to_y=0x0, confine_to=0x0, threshold=0x0, params=0x801f0c64, set=0x0,
mmw=0, mmh=0, pos=0)
    at lib/edje/edje_calc.c:2394
#9  0xb787d617 in _edje_part_recalc (ed=0x8029d9e0, ep=0x801f0c58, flags=3,
state=0x0) at lib/edje/edje_calc.c:3390
#10 0xb787638e in _edje_recalc_do (ed=0x8029d9e0) at
lib/edje/edje_calc.c:690
#11 0xb79150b4 in _edje_object_size_min_restricted_calc (obj=0x8000b059,
ed=0x8029d9e0, minw=0xbfffebe4, minh=0xbfffebe8, restrictedw=5,
restrictedh=5)
    at lib/edje/edje_util.c:2991
#12 0xb790535c in edje_obj_size_min_restricted_calc (minw=0xbfffebe4,
minh=0xbfffebe8, restrictedw=5, restrictedh=5) at
lib/edje/edje_object.eo.c:472
#13 0xb790a744 in edje_object_size_min_restricted_calc (obj=0x8000b059,
minw=0xbfffebe4, minh=0xbfffebe8, restrictedw=5, restrictedh=5)
    at lib/edje/edje_object.eo.c:1462
#14 0xb7d442b6 in _elm_check_elm_layout_sizing_eval (obj=0x8000ae58,
_pd=0x8029d8a8) at elm_check.c:169
#15 0xb7e0d861 in elm_obj_layout_sizing_eval () at elm_layout.eo.c:66
#16 0xb7e07ac5 in _visuals_refresh (obj=0x8000ae58, sd=0x8029d888) at
elm_layout.c:287
#17 0xb7e07ea8 in _elm_layout_theme_internal (obj=0x8000ae58,
sd=0x8029d888) at elm_layout.c:350
#18 0xb7e07fea in _elm_layout_elm_widget_theme_apply (obj=0x8000ae58,
sd=0x8029d888) at elm_layout.c:370
#19 0xb7ec8b9a in elm_obj_widget_theme_apply () at elm_widget.eo.c:443
#20 0xb7d44482 in _elm_check_elm_widget_theme_apply (obj=0x8000ae58,
sd=0x8029d8a8) at elm_check.c:205
#21 0xb7ec8b9a in elm_obj_widget_theme_apply () at elm_widget.eo.c:443
#22 0xb7eb33e7 in elm_widget_theme (obj=0x8000ae58) at elm_widget.c:883
#23 0xb7eb9bda in _elm_widget_style_set (obj=0x8000ae58, sd=0x8029d7e0,
style=0x800b0cfa "toggle") at elm_widget.c:3428
#24 0xb7ec2a26 in elm_obj_widget_style_set (style=0x800b0cfa "toggle") at
elm_widget.eo.c:84
#25 0xb7ec9fc0 in elm_widget_style_set (obj=0x8000ae58, style=0x800b0cfa
"toggle") at elm_widget.eo.c:798
#26 0xb7e1ee13 in elm_object_style_set (obj=0x8000ae58, style=0x800b0cfa
"toggle") at elm_main.c:1255
#27 0x80014715 in my_win_main (autorun=0x0, test_win_only=0 '\000') at
test.c:466
#28 0x80017c97 in elm_main (argc=1, argv=0xbffff0b4) at test.c:921
#29 0x80017d49 in main (argc=1, argv=0xbffff0b4) at test.c:934

Daniel Juyung Seo (SeoZ)


On Wed, Aug 13, 2014 at 9:15 AM, Carsten Haitzler <ras...@rasterman.com>
wrote:

> raster pushed a commit to branch master.
>
>
> http://git.enlightenment.org/core/efl.git/commit/?id=d539152156e50e81e18c3eb226db8095f83bd7d1
>
> commit d539152156e50e81e18c3eb226db8095f83bd7d1
> Author: Carsten Haitzler (Rasterman) <ras...@rasterman.com>
> Date:   Wed Aug 13 09:03:02 2014 +0900
>
>     address non nul terminated string due to strncpy
>
>     this addresses CID 1230994. as such  eina_unicode_unicode_to_utf8()
>     always returns a nul terminated string. so it's guaranteed. but yes -
>     if string is 7 bytes or longer it will not put a nul byte on the
>     destination. as such for a single unicode char this can never happen
>     as in utf8 it's 6 bytes. but since eina_unicode_unicode_to_utf8()
>     safely returns a nul terminated string at all times - we can just use
>     strcpy safely. no need for strncpy. also handle null return from
>     eina_unicode_unicode_to_utf8()
> ---
>  src/lib/evas/canvas/evas_object_textblock.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/src/lib/evas/canvas/evas_object_textblock.c
> b/src/lib/evas/canvas/evas_object_textblock.c
> index 930c94b..ae1466c 100644
> --- a/src/lib/evas/canvas/evas_object_textblock.c
> +++ b/src/lib/evas/canvas/evas_object_textblock.c
> @@ -6137,8 +6137,13 @@ _escaped_char_get(const char *s, const char *s_end)
>            return NULL;
>
>          utf8_char = eina_unicode_unicode_to_utf8(uchar, NULL);
> -        strncpy(utf8_escape, utf8_char, sizeof(utf8_escape));
> -        free(utf8_char);
> +        // eina_unicode_unicode_to_utf8() always creates a string that
> +        // is nul terminated - guaranteed
> +        if (utf8_char)
> +          {
> +             strcpy(utf8_escape, utf8_char);
> +             free(utf8_char);
> +          }
>
>          return utf8_escape;
>       }
>
> --
>
>
>
------------------------------------------------------------------------------
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel