GNOME Bugzilla – Bug 153759
egg_desktop_entries_get_locale_country has severe pointer arithmetic problems
Last modified: 2004-12-22 21:47:04 UTC
(Component picked at random because bugzilla made me do it.) The function egg_desktop_entries_get_locale_country, found in libegg/libegg/desktopentries/eggdesktopentries.c, contains the following: q = strstr (p, "."); if (!q) q = strstr (p, "@"); if (!q) *** ERROR *** country_len = q - p; else country_len = strlen (p); The marked line needs to be changed to "if (q)", otherwise the g_new/strndup combination below will end up allocating and commiting fun amounts of RAM in the multi-gigabyte ranges. Not understanding what exactly this function is trying to do, my proposed fix may be wrong.
Reassigning to the eggdesktopentries author.
Thanks for spotting this. It should be fixed now: 2004-09-27 Ray Strode <rstrode@redhat.com> * libegg/desktopentries/eggdesktopentries.c (egg_desktop_entries_get_locale_country): Swap if and else clauses to prevent misallocating gigabytes of memory (Spotted by Nicholas Miell, bug #153759).
Well, I managed to thrash my box to death again, and in looking at eggdesktopentries.c, I found a similar error in egg_desktop_entries_get_locale_encoding. After checking every other instance of g_new, I'm pretty sure there aren't any others.
ugh. Thanks again. Should be fixed in CVS.