After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 762493 - out of bounds read in function g_unichar_iswide_bsearch(), guniprop.c
out of bounds read in function g_unichar_iswide_bsearch(), guniprop.c
Status: RESOLVED DUPLICATE of bug 766211
Product: glib
Classification: Platform
Component: general
unspecified
Other Linux
: Normal normal
: ---
Assigned To: gtkdev
gtkdev
Depends on:
Blocks:
 
 
Reported: 2016-02-22 21:45 UTC by Hanno Böck
Modified: 2016-05-11 15:56 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Patch / Fix for out of bounds (425 bytes, patch)
2016-02-22 21:45 UTC, Hanno Böck 		none Details | Review
address sanitizer error / stack trace (2.77 KB, text/plain)
2016-02-22 21:46 UTC, Hanno Böck 		  Details

Description Hanno Böck 2016-02-22 21:45:42 UTC 
Created attachment 321902 [details] [review]
Patch / Fix for out of bounds

The function g_unichar_iswide_bsearch() can read out of bounds. This can be tested by running the test suite with address sanitizer enabled.

The bug is in this line:
  int upper = G_N_ELEMENTS (g_unicode_width_table_wide) + 1;

This should point to the highest element in the array g_unicode_width_table_wide. However to do that it must be number of elements minus one, not plus one. The correct code is:
  int upper = G_N_ELEMENTS (g_unicode_width_table_wide) - 1;

Patch attached, please apply
Comment 1 Hanno Böck 2016-02-22 21:46:02 UTC 
Created attachment 321903 [details]
address sanitizer error / stack trace
Comment 2 Christian Persch 2016-05-11 15:56:08 UTC 

*** This bug has been marked as a duplicate of bug 766211 ***