[Xfce-bugs] [Bug 1885] New: Buffer-overflow in de keyboard plugin
bugzilla-daemon at xfce.org
bugzilla-daemon at xfce.org
Fri Jun 2 12:46:37 CEST 2006
Do NOT reply to this email. To make further comments on this bug, use
the URL below:
http://bugzilla.xfce.org/show_bug.cgi?id=1885
Summary: Buffer-overflow in de keyboard plugin
Product: Xfce
Version: unknown
Platform: Other
OS/Version: Linux
Status: NEW
Severity: critical
Priority: Medium
Component: xfce-mcs-plugins
AssignedTo: xfce-bugs at xfce.org
ReportedBy: nick at xfce.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3)
Gecko/20060503 Firefox/1.5.0.3 (Swiftfox)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3)
Gecko/20060503 Firefox/1.5.0.3 (Swiftfox)
There is a serious buffer overflow in the keyboard plugin. Here is the piece of
code we're talking about ^_^:
shortcuts_plugin.c @ 993:
shortcuts = g_strsplit (accelerator, "<", 0);
current_shortcut = shortcuts;
while (*current_shortcut)
{
if (strlen (*current_shortcut))
{
strcat (shortcut_string, *current_shortcut);
strcat (shortcut_string, "+");
}
*current_shortcut = *current_shortcut + 1;
}
I have no idea what this code needs todo, but i do know this doesn't fit in a
gchar[80] string. After some testing i discovered the length of the string was
about 51000 characters long (just before the crash) for only pressing the 'h'
button...
Anyway this needs to be fixed before 4.4b2 if possible, because it crashed my
laptop 1 time while debugging this leak (so probably also for other people).
gcc 4.1.1
glibc 2.4
gtk 2.8.18
glib2 2.10.3
Reproducible: Always
Steps to Reproduce:
1. Create new shortcut in the keyboard plugin
--
Configure bugmail: http://bugzilla.xfce.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the Xfce-bugs
mailing list