GNOME Bugzilla – Bug 493751
unsafe code
Last modified: 2007-11-07 19:27:40 UTC
yelp-search-parser.c:1075 ptr = g_strrstr (container->base_filename, "/"); path = g_strndup (container->base_filename, ptr - container->base_filename); will crash if the base_filename does not contain a '/'. Better make that if (ptr) /* do as before */ else path = g_strdup (container->base_filename); This was filed as causing crashes here: https://bugzilla.redhat.com/show_bug.cgi?id=361041
container->base_filename is typically the contents of the "url" field of this item from the OMF file: <identifier url="file:///usr/share/gnome/help/..." /> In some cases (e.g. the current virt-manager package in Fedora) we end up with something like: <identifier url="" /> Which, obviously, contains no slashes. So the code needs to check for *empty* base_filename as well - or the function further up the stack needs to not pass empty strings. Obviously the OMF file is incorrect but yelp shouldn't crash on malformed input.
Fixed in SVN Head: 2007-11-07 Don Scorgie <dscorgie@svn.gnome.org> * src/yelp-search-parser.c: Fix NULL-checking of URI in slow search (bug #493751)
*** Bug 480876 has been marked as a duplicate of this bug. ***