Bug 166609 – Crash at parsing command line

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 166609 - Crash at parsing command line


Summary:	Crash at parsing command line


Status:	RESOLVED FIXED

Product:	glib
Classification:	Platform
Component:	general
Version:	2.6.x
Hardware:	Other All

Importance:	High critical
Target Milestone:	---
Assigned To:	gtkdev
QA Contact:	gtkdev

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2005-02-07 22:00 UTC by Nicolas LAURENT
Modified:	2005-02-08 15:15 UTC

See Also:
GNOME target:	---
GNOME version:	2.7/2.8

Description Nicolas LAURENT 2005-02-07 22:00:20 UTC

Steps to reproduce:
1. Just compile this:  

#include <gtk/gtk.h>

int main (int argc, char *argv[])
{
        gtk_init (&argc, &argv);

        return(0);
}

2. run it as:
 % ./gtk_bug -1234567890123456789012345678

3. you should get "Segmentation Fault"

Stack trace:
gdb says :

+ Trace 55428

#0 mallopt
from /lib/tls/i686/cmov/libc.so.6
#1 calloc
from /lib/tls/i686/cmov/libc.so.6
#2 g_malloc0
from /usr/lib/libglib-2.0.so.0
#3 g_option_context_add_main_entries
from /usr/lib/libglib-2.0.so.0
#4 g_option_context_parse
from /usr/lib/libglib-2.0.so.0
#5 gtk_parse_args
from /usr/lib/libgtk-x11-2.0.so.0
#6 gtk_init_check
from /usr/lib/libgtk-x11-2.0.so.0
#7 gtk_init
from /usr/lib/libgtk-x11-2.0.so.0
#8 main



but valgrind is more verbose:

==29250== Invalid read of size 1
==29250==    at 0x1B9047C4: strcpy (mac_replace_strmem.c:198)
==29250==    by 0x1BD8327C: (within /usr/lib/libglib-2.0.so.0.600.2)
==29250==    by 0x1BD83442: g_option_context_parse (in
/usr/lib/libglib-2.0.so.0.600.2)
==29250==    by 0x1BA3A78D: gtk_parse_args (in /usr/lib/libgtk-x11-2.0.so.0.600.2)
==29250==  Address 0x1C14C02C is 0 bytes after a block of size 28 alloc'd
==29250==    at 0x1B904EDD: malloc (vg_replace_malloc.c:131)
==29250==    by 0x1BD7CA36: g_malloc (in /usr/lib/libglib-2.0.so.0.600.2)
==29250==    by 0x1BD83798: g_option_context_parse (in
/usr/lib/libglib-2.0.so.0.600.2)
==29250==    by 0x1BA3A78D: gtk_parse_args (in /usr/lib/libgtk-x11-2.0.so.0.600.2)


Other information:
I think there's a missing "+1" at malloc line in g_option_context_parse? isn't it?

Have a nice day!

Comment 1 Matthias Clasen 2005-02-08 15:15:23 UTC

2005-02-08  Matthias Clasen  <mclasen@redhat.com>

	* glib/gkeyfile.c (g_key_file_parse_value_as_string): Don't
	write out of bounds.

	* glib/goption.c (g_option_context_parse): Fix a 
	one-too-short memory allocation.  (#166609, Nicolas Laurent)

	* tests/Makefile.am (TESTS_ENVIRONMENT): Add tests with
	MALLOC_CHECK_.

	* tests/option-test.c: Add a test for unkown short options.