Menu
▾
▴
[Mlterm-dev-en] Can't Load im-uim: Dangling Pointer Dereference in im_uim.c
|
From: Jun I. <jun...@gm...> - 2008-11-23 01:20:43
|
I had problems using uim with mlterm, and I tracked the problem down to an incorrect usage of uim_get_default_im_name() in inputmethod/uim/im_uim.c. The return value of uim_get_default_im_name(), assigned to a variable named "engine", is being used as being indefinitely valid. But every call to a uim API can potentially free the buffer that uim_get_default_im_name() returned, overwriting it with garbage. The attached patch solves this problem by duplicating the string. Since the duplication uses alloca(), I moved the invocation of uim_get_default_im_name() back to im_uim_new(), where the copied string is also needed. Subseqent usage in uim_create_context() should be fine, since this API copies (rather, interns) this argument. 2008-11-22 Jun Inoue <jun...@gm...> * inputmethod/uim/im_uim.c: fix dangling pointer dereference that can cause initialization to fail. |
