#218 lxpanel 0.5.5 crashes when task with too long title is run

closed-fixed
martyj19
lxpanel (233)
5
2010-05-09
2010-05-08
Anonymous
No

When i open a task with very long title, lxpanel 0.5.5 crashes with the following in /var/log/messages

kernel: [ 4551.010628] lxpanel[5301]: segfault at 1ea1000 ip 00007f1f2cb77590 sp 00007fffd8d91720 error 4 in libglib-2.0.so.0.2200.4[7f1f2cb38000+e3000]

I.e. i run firefox and open there a lots of tabs, one of which has very long title with lots of national (russian) characters and some tricky chars like []/" and so on. When i switch to this tab, lxpanel crashes. If i restart it - it crashes right on start until i close this tab in firefox or jump to another one with shorter title.

System is 2.6.31-gentoo-r6 #10 SMP PREEMPT Sat Apr 24 00:56:01 MSD 2010 x86_64

Discussion

  • Interesting buffer overflow. Is it exploitable?

    I tried to reproduce the effect on Slitaz 3.0. I made me a HTML-file with 100 000 characters between "<title>" and "</title>", then loaded that into the Midori browser. After switching between Midori and some other program once or twice, lxpanel's popups and right-click context menus (for everything!) became useless, showing small squares instead of letters. The effect persisted after closing Midori. I could however not crash lxpanel.

     
  • martyj19
    martyj19
    2010-05-09

    • assigned_to: nobody --> martyj19
    • status: open --> closed-fixed
     
  • martyj19
    martyj19
    2010-05-09

    Fixed in git cd93c810d7c7ac2bafa53950e012f80ddaacf80a.