Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#2 Rejoystick crashes on startup due to memory corruption bug

open
nobody
None
5
2011-03-08
2011-03-08
Winter Knight
No

Rejoystick crashes at startup with error messages such as "No protocol specified" and "error occured (sic): Failed to init sdl with joystick. Exiting..."

This is caused by the following code:
home = (char*)getenv("HOME");
keyfile = KEYFILE;
filename = strcat(home, keyfile);

The spec for getenv says that you should never modify the string that is returned. strcat does just that, it appends 14 chars from keyfile to the end of home, and causes memory corruption.

Sourceforge has a bogus error message when I try to upload a patch, except for when it just fails silently. So I'm submitting the patch inline.

--- main.c-old 2008-03-23 07:38:22.000000000 -0700
+++ main.c 2011-03-07 21:57:05.898488585 -0800
@@ -137,12 +137,9 @@

pthread_t sdl_thread;

- char* home;
- char* keyfile;
-
- home = (char*)getenv("HOME");
- keyfile = KEYFILE;
- filename = strcat(home, keyfile);
+ const char * home = getenv("HOME");
+ filename = malloc(strlen(home) + strlen(KEYFILE) + 1);
+ sprintf(filename, "%s%s", home, KEYFILE);

global_argv = argv;

Discussion