From: SourceForge.net <no...@so...> - 2005-02-01 03:49:12
|
Patches item #1042094, was opened at 2004-10-07 05:10 Message generated for change (Comment added) made by thekingant You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=300235&aid=1042094&group_id=235 Category: None Group: None >Status: Closed >Resolution: Accepted Priority: 5 Submitted By: Evan Schoenberg (evands) Assigned to: Mark Doliner (thekingant) Summary: g_strdup_vprintf / _g_gnulib_vasnprintf safety Initial Comment: I've been seeing some odd occasional crashes in printf()-style calls. 3 examples follow: ------- 0 libSystem.B.dylib 0x90006e40 strlen + 0x20 1 Libgaim 0x04b9759c _g_gnulib_vasnprintf + 0x9ac 2 Libgaim 0x04b932c8 _g_gnulib_vsnprintf + 0x4c 3 Libgaim 0x04b60590 g_vsnprintf + 0xf0 4 Libgaim 0x04b6021c g_snprintf + 0x60 5 Libgaim 0x04ad34e8 gaim_normalize + 0x26c 6 Libgaim 0x04a801a4 gaim_parse_oncoming + 0x33c 7 Libgaim 0x04a63a58 buddychange + 0xb8 8 Libgaim 0x04a63b5c snachandler + 0xb4 9 Libgaim 0x04a901f8 consumesnac + 0x170 10 Libgaim 0x04a90e00 aim_rxdispatch + 0xe8 11 Libgaim 0x04a7bc2c oscar_callback + 0x1a8 -or- 0 libSystem.B.dylib 0x90006e40 strlen + 0x20 1 Libgaim 0x051975b4 _g_gnulib_vasnprintf + 0x9ac 2 Libgaim 0x051932e0 _g_gnulib_vsnprintf + 0x4c 3 Libgaim 0x051605a8 g_vsnprintf + 0xf0 4 Libgaim 0x05160234 g_snprintf + 0x60 5 Libgaim 0x050d3500 gaim_normalize + 0x26c 6 Libgaim 0x0501bdd4 gaim_find_buddies + 0x148 7 Libgaim 0x050202f4 gaim_buddy_icon_destroy + 0xfc 8 Libgaim 0x05020f5c gaim_buddy_icons_set_for_user + 0x104 9 Libgaim 0x05081b44 incomingim_chan2 + 0x754 10 Libgaim 0x05083268 gaim_parse_incoming_im + 0x13c 11 Libgaim 0x05071f4c incomingim_ch2 + 0x7dc 12 Libgaim 0x050722b4 incomingim + 0x168 13 Libgaim 0x050731ac snachandler + 0xd4 14 Libgaim 0x05090210 consumesnac + 0x170 15 Libgaim 0x05090e18 aim_rxdispatch + 0xe8 16 Libgaim 0x0507bc44 oscar_callback + 0x1a8 -or- 0 libSystem.B.dylib 0x90006e40 strlen + 0x20 1 Libgaim 0x04dd55b4 _g_gnulib_vasnprintf + 0x9ac 2 Libgaim 0x04dd13cc _g_gnulib_vasprintf + 0x44 3 Libgaim 0x04d9e65c g_vasprintf + 0x94 4 Libgaim 0x04da148c g_strdup_vprintf + 0x44 5 Libgaim 0x04da1500 g_strdup_printf + 0x58 6 Libgaim 0x04d45a20 plain_msg + 0x130 7 Libgaim 0x04d47cd8 msn_cmdproc_process_msg + 0xd0 8 Libgaim 0x04d45708 msg_cmd_post + 0x80 9 Libgaim 0x04d47bf4 msn_cmdproc_process_payload + 0xdc 10 Libgaim 0x04d3bf00 read_cb + 0x340 --------- I can reproduce the traceback by sending a NULL argument to g_snprintf() like so... static char buf[10]; g_snprintf(buf, sizeof(buf), "%s", NULL); ...which leads me to think that these crashes are coming from NULL arguments in unexpected locations. Attached is patch which should guard against this possibility in 3 places in oscar.c and 1 place in jabber's buddy.c - the 4 most common places I've seen this crash. They certainly shouldn't hurt anything... I'd definitely appreciate the thoughts of anyone who can concoct a better explanation. I'm using the latest stable release of GLib, GLib -2.4.6. ---------------------------------------------------------------------- >Comment By: Mark Doliner (thekingant) Date: 2005-01-31 22:49 Message: Logged In: YES user_id=20979 I made changes similar to those in the oscar half of this a few weeks ago. ---------------------------------------------------------------------- Comment By: Nathan Walp (faceprint) Date: 2005-01-02 20:58 Message: Logged In: YES user_id=17471 If the jabber portion of this actually does any real-life good, then there's something horribly wrong which really needs to be fixed. Mark, have fun with the rest of this. ---------------------------------------------------------------------- Comment By: Luke Schierer (lschiere) Date: 2004-10-07 08:02 Message: Logged In: YES user_id=28833 Nathan, most of this patch is in oscar, but Mark is out of town. can you look at this? (part of it is jabber). ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=300235&aid=1042094&group_id=235 |