#437 focusWindowMS (macro.c) causes crash

release
closed-fixed
Program (402)
5
2004-11-05
2004-11-05
No

The call to NormalizePathname() overwrites its string
parameter with its result. In focusWindowMS(), in
macro.c, the string passed in is a string attached to a
macro data value. Now if NormalizePathname() attempts
to extend the string (which can happen quite easily for
a passed buffer name like "Untitled"), the string heap
becomes corrupt. The result is a crash in the garbage
collection.

To correct this bug, provide a big (presumably
MAXPATHLEN will be enough) buffer as
NormalizePathname()'s parameter, and copy the passed
string's value into that. Now you can call
NormalizePathname() without (too much) worry.

Discussion

  • Eddy De Greef

    Eddy De Greef - 2004-11-05
    • labels: --> Program
    • milestone: --> release
    • assigned_to: nobody --> edg
    • status: open --> closed-fixed
     
  • Eddy De Greef

    Eddy De Greef - 2004-11-05

    Logged In: YES
    user_id=73597

    Good catch!
    It's fixed in CVS now. Thanks.

     
  • Tony Balinski

    Tony Balinski - 2004-11-05

    Logged In: YES
    user_id=618141

    Pretty well what I've done locally, though I pulled the
    NormalizePathname() call in front of the loop. You only need
    to call it once!

    Any reason for writing
    strcpy(&normalizedString[0], string);
    rather than
    strcpy(normalizedString, string);
    That syntax seems a little Heath-Robinson...

    Tony

     
  • Tony Balinski

    Tony Balinski - 2005-01-06

    Logged In: YES
    user_id=618141

    Turns out the fixes don't work when the document has no
    stored paths (like an initial Untitled scratch document).
    I'll submit a fix.

     
  • Tony Balinski

    Tony Balinski - 2005-01-06

    Logged In: YES
    user_id=618141

    Patched in CVS (not very elegantly).

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks