Created attachment 162801 [details]
in the archive: 'fav-apps.bkp' - file before processing by gcmd; 'fav-apps' - file after processing by gcmd

i have gcmd 1.2.8.5 installed from the repo for Ubuntu 10.04

i couldn't add a fav_app, because the program crashes every time i try (this should be another report), so i looked at the source, and edited the $HOME/.gnome-commander/fav_apps file by hand

i tried to add the file-roller add/extract functionality (according to the tips on the website), because the plugin for it lacks the options normally offered by file-roller on these operations

in normal cases it worked, but i found, that when i set the precise file-type filters for all the types file-roller supports, i end up with a 300+ chars-long string and after "URI-encoding" it, it gets even longer (in this case exactly 376 chars)
now, the problem is, that as it can be seen at http://git.gnome.org/browse/gnome-commander/tree/src/gnome-cmd-data.cc#n663 , for now gcmd supports only 256-char-long strings, and the even bigger problem is, that upon exceeding this limit, the tail gets written to other memory -> in my case, the end part of pattern_string got written in the icon_path variable (probably pattern_string got allocated directly before icon_path) and overwriting the icon_path value by doing so
probably testing or handling input-buffer overflow would be a good idea - the first idea that comes to my mind is to read max. 256 chars if that's the length of the buffer, than to discard the tail (e.g. by reading on but not saving), and in the end checking the read string (e.g. if the buffer is full, it was probably truncated, so discard everything after the last semi-colon, it included - and we have a correct (but partial) pattern, which does not break other things - and something similar could be useful for other input vars..)
also, maybe the crash on adding/modifying a fav_app is connected to this problem

but i would appreciate a longer pattern string, too (for the above mentioned reasons)

for reference, my would-be pattern_string for file-roller --extract and --extract-here (according to their website at the moment)...

...without "URI-encoding":
*.7z;*.ace;*.alz;*.ar;*.arj;*.cab;*.cpio;*.deb;*.iso;*.jar;*.ear;*.war;*.lzh;*.lha;*.rar;*.cbr;*.rpm;*.bin;*.sit;*.tar;*.tar.gz;*.tgz;*.tar.bz;*.tbz;*.tar.bz2;*.tbz2;*.tar.Z;*.taz;*.tar.lz;*.tlz;*.tar.lzo;*.tzo;*.tar.7z;*.tar.xz;*.zip;*.cbz;*.zoo;*.gz;*.bz;*.bz2;*.Z;*.lz;*.lzo;*.rz;*.xz

...with "URI-encoding":
*.7z%3B*.ace%3B*.alz%3B*.ar%3B*.arj%3B*.cab%3B*.cpio%3B*.deb%3B*.iso%3B*.jar%3B*.ear%3B*.war%3B*.lzh%3B*.lha%3B*.rar%3B*.cbr%3B*.rpm%3B*.bin%3B*.sit%3B*.tar%3B*.tar.gz%3B*.tgz%3B*.tar.bz%3B*.tbz%3B*.tar.bz2%3B*.tbz2%3B*.tar.Z%3B*.taz%3B*.tar.lz%3B*.tlz%3B*.tar.lzo%3B*.tzo%3B*.tar.7z%3B*.tar.xz%3B*.zip%3B*.cbz%3B*.zoo%3B*.gz%3B*.bz%3B*.bz2%3B*.Z%3B*.lz%3B*.lzo%3B*.rz%3B*.xz