Re: [gnotepad-users] PATCH (1.3.0pre1): "Help"->"About" crashes
Brought to you by:
ackahn
Menu
▾
▴
Re: [gnotepad-users] PATCH (1.3.0pre1): "Help"->"About" crashes
|
From: Andy K. <ac...@ne...> - 2000-03-28 00:31:23
|
> This bug does not occur here. Built with --disable-docunload on Linux > (Slackware 7) You've just been lucky. Here's why it's really a bug (skip the rest of this message if you're not interested). The original line of code looks like this: copyright = g_strdup_printf(copyright, "(C) 1998-2000 by %s", APP_AUTHOR_NAME); g_strdup_printf() is supposed to function like printf, except that it returns a newly allocated buffer which contains the (formatted) printed contents. However, although the above is syntactically correct, semantically it is not. The actual format of the arguments provided above is intended for sprintf(), or a variant thereof, not for printf(). The first argument is a character string, which should will be scanned by g_strdup_printf() to look for print formatters. In order to do the scan, the format string must be null terminated. Clearly, since the variable "copyright" is uninitialized, whatever null-termination it may have along with whatever print formatters it may have will certainly be wrong. Hence, the likelihood of g_strdup_printf() overwriting memory to fill in print formatters is pretty high. regards, --andy |
