The code in errmsg.c, function quvi_errmsg(), expects msg to be a null-terminated array. This code line checks for the end of the array: for (i=1; msg[i] != NULL; ++i);
However msg is not null-terminated, thus this code will lead to an invalid memory read which can be seen by testing the code with address sanitizer. This patch will add a null value to the msg array. Please apply. Signed-off-by: Hanno Böck <[email protected]> diff --git a/src/api/errmsg.c b/src/api/errmsg.c index f59895a..77bfbc8 100644 --- a/src/api/errmsg.c +++ b/src/api/errmsg.c @@ -44,7 +44,8 @@ static const gchar *msg[] = N_("libgcrypt version mismatch"), N_("Initialization of libproxy failed"), N_("Initialization of libcurl failed"), - N_("Initialization of liblua failed") + N_("Initialization of liblua failed"), + NULL }; static const gchar *inv_code_msg = N_("An invalid error code");
pgpkgnzWW0lOG.pgp
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________ quvi-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/quvi-devel
