[Xfce-bugs] [Bug 1885] New: Buffer-overflow in de keyboard plugin

bugzilla-daemon at xfce.org bugzilla-daemon at xfce.org
Fri Jun 2 12:46:37 CEST 2006

Do NOT reply to this email.  To make further comments on this bug, use
the URL below:

           Summary: Buffer-overflow in de keyboard plugin
           Product: Xfce
           Version: unknown
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: critical
          Priority: Medium
         Component: xfce-mcs-plugins
        AssignedTo: xfce-bugs at xfce.org
        ReportedBy: nick at xfce.org

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:
Gecko/20060503 Firefox/ (Swiftfox)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:
Gecko/20060503 Firefox/ (Swiftfox)

There is a serious buffer overflow in the keyboard plugin. Here is the piece of
code we're talking about ^_^:

shortcuts_plugin.c @ 993:
    shortcuts = g_strsplit (accelerator, "<", 0);
    current_shortcut = shortcuts;

    while (*current_shortcut)
        if (strlen (*current_shortcut))
            strcat (shortcut_string, *current_shortcut);
            strcat (shortcut_string, "+");
        *current_shortcut = *current_shortcut + 1;

I have no idea what this code needs todo, but i do know this doesn't fit in a
gchar[80] string. After some testing i discovered the length of the string was
about 51000 characters long (just before the crash) for only pressing the 'h'
Anyway this needs to be fixed before 4.4b2 if possible, because it crashed my
laptop 1 time while debugging this leak (so probably also for other people).

gcc 4.1.1
glibc 2.4
gtk 2.8.18
glib2 2.10.3

Reproducible: Always

Steps to Reproduce:
1. Create new shortcut in the keyboard plugin

Configure bugmail: http://bugzilla.xfce.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the Xfce-bugs mailing list