[Gtk-gnutella-devel] Crash bug patch

Sat, 10 Jan 2004 12:25:09 -0800 

Hi,

I managed to track down the bug that made the current GtkG version
crash on my system (FreeBSD 4.7, GTK1). It was a simple buffer
overflow in search_gui.c.


Here is a patch to fix it:

diff -c -r1.75 search_gui.c
*** search_gui.c        4 Jan 2004 12:04:19 -0000       1.75
--- search_gui.c        10 Jan 2004 19:09:57 -0000
***************
*** 675,681 ****
        search_t *sch, record_t *rc, GString *vinfo, GdkColor *fg,
GdkColor *bg)
  {
        GString *info = g_string_sized_new(80);
!       gchar *titles[5];
        gint count;
        gpointer key = NULL;
        gboolean is_parent = FALSE;
--- 675,681 ----
        search_t *sch, record_t *rc, GString *vinfo, GdkColor *fg,
GdkColor *bg)
  {
        GString *info = g_string_sized_new(80);
!       gchar *titles[7];
        gint count;
        gpointer key = NULL;
        gboolean is_parent = FALSE;


It's easy to see that the "titles" array was too small, because 7
elements (0-6) of it are written to according to the enums of gui.h.

search_gui.c:723-737:

---

        titles[c_sr_filename] = (NULL != rc->name) ?
                atom_str_get(rc->name) : atom_str_get("");
        titles[c_sr_info] = (NULL != rc->info) ?
                atom_str_get(rc->info) : atom_str_get("");
        titles[c_sr_sha1] = (NULL != rc->sha1) ?
                atom_str_get(sha1_base32(rc->sha1)) : atom_str_get("");
        titles[c_sr_size] = atom_str_get("");
        titles[c_sr_count] = atom_str_get("");

        titles[c_sr_host] = (NULL == rs->hostname) ?
                atom_str_get(ip_port_to_gchar(rs->ip, rs->port)) :
                atom_str_get(hostname_port_to_gchar(rs->hostname, rs->port));

        gm_snprintf(tmpstr, sizeof(tmpstr), "%u", rs->speed);
        titles[c_sr_speed] = atom_str_get(tmpstr);

---


After fixing this, GtkG ran fine on my system. For GTK2 the bug
probably had no effect.


Greetings,
Thomas.       http://www.gif-galerie.de


-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Gtk-gnutella-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/gtk-gnutella-devel

Reply via email to