From owner-freebsd-gnome@FreeBSD.ORG Sun Oct 24 18:03:23 2004 Return-Path: Delivered-To: freebsd-gnome@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1013816A4CE; Sun, 24 Oct 2004 18:03:23 +0000 (GMT) Received: from brain.cc.rsu.ru (brain.cc.rsu.ru [195.208.252.154]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E8C843D31; Sun, 24 Oct 2004 18:03:22 +0000 (GMT) (envelope-from os@brain.cc.rsu.ru) Received: from brain.cc.rsu.ru (localhost [127.0.0.1]) by brain.cc.rsu.ru (8.13.1/8.12.9) with ESMTP id i9OI3KiJ011119; Sun, 24 Oct 2004 22:03:20 +0400 (MSD) (envelope-from os@brain.cc.rsu.ru) Received: (from os@localhost) by brain.cc.rsu.ru (8.13.1/8.12.9/Submit) id i9OI3JNq011118; Sun, 24 Oct 2004 22:03:19 +0400 (MSD) (envelope-from os) Date: Sun, 24 Oct 2004 22:03:19 +0400 (MSD) Message-Id: <200410241803.i9OI3JNq011118@brain.cc.rsu.ru> To: FreeBSD-gnats-submit@freebsd.org From: Oleg Sharoiko X-send-pr-version: 3.113 X-GNATS-Notify: cc: ports@freebsd.org cc: gnome@freebsd.org cc: bushman@rsu.ru cc: and@rsu.ru cc: bork@rsu.ru Subject: [patch] libxklavier returns pointer to static memory where dynamic is expected X-BeenThere: freebsd-gnome@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Oleg Sharoiko List-Id: GNOME for FreeBSD -- porting and maintaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Oct 2004 18:03:23 -0000 >Submitter-Id: current-users >Originator: Oleg Sharoiko >Organization: Computer Center of Rostov State University >Confidential: no >Synopsis: [patch] libxklavier returns pointer to static memory where dynamic is expected >Severity: serious >Priority: medium >Category: ports >Class: sw-bug >Release: FreeBSD 5.3-STABLE i386 >Environment: System: FreeBSD brain.cc.rsu.ru 5.3-STABLE FreeBSD 5.3-STABLE #0: Tue Oct 19 13:59:02 MSD 2004 os@brain.cc.rsu.ru:/usr/obj/usr/src/sys/brain.athlon-xp.RELENG_5.2004-10-19 i386 >Description: Function _XklLocaleFromUtf8() is used internaly by libxklavier. This function usually returns pointer to dynamicly allocated memory. But in some rare cases it may reach the last line which is return converted; where converted is static char converted[XKL_MAX_CI_DESC_LENGTH]; This may result in a following error: gnome-keyboard-properties in free(): error: junk pointer, too high to make sense >How-To-Repeat: It looks like last line of _XklLocaleFromUtf8 is reached only in some rare cases depending on some external condtions (files or something else). Unfortunately I can not provide exact instruction on how to repeat this error. But I suppose looking at _XklLocaleFromUtf8 code is enough to see this bug, as _XklLocaleFromUtf8 everywhere but on the last line returns results of strdup. >Fix: It looks like changing return converted; to return strdup(converted); would be enough. I've submitted the PR to libxklavier SF page. Not sure though if they check it often enough. http://sourceforge.net/tracker/index.php?func=detail&aid=1052700&group_id=319&atid=300319