* Patch fixing buffer overflow in trunk
@ 2010-05-04 15:14 Bernhard Herzog
2010-05-04 16:03 ` Jan Djärv
0 siblings, 1 reply; 2+ messages in thread
From: Bernhard Herzog @ 2010-05-04 15:14 UTC (permalink / raw)
To: emacs-devel
[-- Attachment #1: Type: text/plain, Size: 1960 bytes --]
Hi,
since yesterday I've been running into crashes when starting emacs from
bzr trunk that seemed to depend on the current working directory.
E.g. starting from one particular directory would lead to a practically
immediate crash with the output:
*** glibc detected *** emacs: malloc(): memory corruption: 0x086c6c90 ***
======= Backtrace: =========
/lib/libc.so.6[0xb7505845]
Changing into another directory, e.g. the parent directory of the one
where it just failed, would solve the problem and emacs would start.
Investigating further, it seemed to depend on the length of the absolute
name of the current directory. And a little bisecting in the bzr
history showed that the defect was introduced in revision 100117 in the
following lines:
--- src/xsmfns.c 2010-02-10 09:29:28 +0000
+++ src/xsmfns.c 2010-05-02 18:44:04 +0000
@@ -246,7 +251,19 @@
props[props_idx]->vals[2].length = strlen (NOSPLASH_OPT);
props[props_idx]->vals[2].value = NOSPLASH_OPT;
- val_idx += 3;
+
+ cwd = get_current_dir_name ();
+ if (cwd)
+ {
+ chdir_opt = xmalloc (strlen (CHDIR_OPT) + strlen (client_id) + 1);
+ strcpy (chdir_opt, CHDIR_OPT);
+ strcat (chdir_opt, cwd);
+
+ props[props_idx]->vals[3].length = strlen (chdir_opt);
+ props[props_idx]->vals[3].value = chdir_opt;
+ }
+
+ val_idx += cwd ? 4 : 3;
++props_idx;
/* User id. */
Clearly, that strlen (client_id) should actually be strlen (cwd). The
patch below fixes this.
Bernhard
=== modified file 'src/xsmfns.c'
--- src/xsmfns.c 2010-05-02 18:44:04 +0000
+++ src/xsmfns.c 2010-05-04 14:33:08 +0000
@@ -255,7 +255,7 @@
cwd = get_current_dir_name ();
if (cwd)
{
- chdir_opt = xmalloc (strlen (CHDIR_OPT) + strlen (client_id) + 1);
+ chdir_opt = xmalloc (strlen (CHDIR_OPT) + strlen (cwd) + 1);
strcpy (chdir_opt, CHDIR_OPT);
strcat (chdir_opt, cwd);
[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Patch fixing buffer overflow in trunk
2010-05-04 15:14 Patch fixing buffer overflow in trunk Bernhard Herzog
@ 2010-05-04 16:03 ` Jan Djärv
0 siblings, 0 replies; 2+ messages in thread
From: Jan Djärv @ 2010-05-04 16:03 UTC (permalink / raw)
To: Bernhard Herzog; +Cc: emacs-devel
2010-05-04 17:14, Bernhard Herzog skrev:
>
> Clearly, that strlen (client_id) should actually be strlen (cwd). The
> patch below fixes this.
>
Applied, thanks.
Jan D.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-05-04 16:03 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-05-04 15:14 Patch fixing buffer overflow in trunk Bernhard Herzog
2010-05-04 16:03 ` Jan Djärv
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).