Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#9 crash bug in str_replace_tokens (with fix)

open
nobody
None
5
2010-05-05
2010-05-05
David Hull
No

Left-clicking on the xpad tray icon to get a list of buffers causes a crash on my system. The problem is a pointer returned from strchr is used after the string it is in has been realloced and thus potentially moved. Here is the output from valgrind:

==8329== Invalid read of size 1
==8329== at 0x4A075F8: memmove (mc_replace_strmem.c:629)
==8329== by 0x408CD8: str_replace_tokens (fio.c:67)
==8329== by 0x41B3AD: xpad_tray_popup_menu_cb (xpad-tray.c:155)
==8329== by 0x3ABAC0BA8D: g_closure_invoke (in /lib64/libgobject-2.0.so.0.2200.5)
==8329== by 0x3ABAC20EC2: ??? (in /lib64/libgobject-2.0.so.0.2200.5)
==8329== by 0x3ABAC2225E: g_signal_emit_valist (in /lib64/libgobject-2.0.so.0.2200.5)
==8329== by 0x3ABAC227A2: g_signal_emit (in /lib64/libgobject-2.0.so.0.2200.5)
==8329== by 0x3AC21D3DBA: ??? (in /usr/lib64/libgtk-x11-2.0.so.0.1800.9)
==8329== by 0x3AC2153AE2: ??? (in /usr/lib64/libgtk-x11-2.0.so.0.1800.9)
==8329== by 0x3ABAC0BA8D: g_closure_invoke (in /lib64/libgobject-2.0.so.0.2200.5)
==8329== by 0x3ABAC20EC2: ??? (in /lib64/libgobject-2.0.so.0.2200.5)
==8329== by 0x3ABAC220F9: g_signal_emit_valist (in /lib64/libgobject-2.0.so.0.2200.5)
==8329== Address 0xbfa1cc6 is 22 bytes inside a block of size 23 free'd
==8329== at 0x4A05255: realloc (vg_replace_malloc.c:476)
==8329== by 0x3ABA041870: g_realloc (in /lib64/libglib-2.0.so.0.2200.5)
==8329== by 0x408C99: str_replace_tokens (fio.c:66)
==8329== by 0x41B3AD: xpad_tray_popup_menu_cb (xpad-tray.c:155)
==8329== by 0x3ABAC0BA8D: g_closure_invoke (in /lib64/libgobject-2.0.so.0.2200.5)
==8329== by 0x3ABAC20EC2: ??? (in /lib64/libgobject-2.0.so.0.2200.5)
==8329== by 0x3ABAC2225E: g_signal_emit_valist (in /lib64/libgobject-2.0.so.0.2200.5)
==8329== by 0x3ABAC227A2: g_signal_emit (in /lib64/libgobject-2.0.so.0.2200.5)
==8329== by 0x3AC21D3DBA: ??? (in /usr/lib64/libgtk-x11-2.0.so.0.1800.9)
==8329== by 0x3AC2153AE2: ??? (in /usr/lib64/libgtk-x11-2.0.so.0.1800.9)
==8329== by 0x3ABAC0BA8D: g_closure_invoke (in /lib64/libgobject-2.0.so.0.2200.5)
==8329== by 0x3ABAC20EC2: ??? (in /lib64/libgobject-2.0.so.0.2200.5)

Discussion

  • David Hull
    David Hull
    2010-05-05

    patch for str_replace_tokens bug