After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 652526 - segfault in escape_byte_string() in gio/gfileattribute.c
segfault in escape_byte_string() in gio/gfileattribute.c
Status: RESOLVED NOTABUG
Product: glib
Classification: Platform
Component: gio
2.28.x
Other Linux
: Normal critical
: ---
Assigned To: gtkdev
gtkdev
Depends on:
Blocks:
 
 
Reported: 2011-06-14 07:40 UTC by Alexandre Rostovtsev
Modified: 2012-07-06 01:43 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Patch to prevent the segfault (1.18 KB, patch)
2011-06-14 07:43 UTC, Alexandre Rostovtsev 		none Details | Review

Description Alexandre Rostovtsev 2011-06-14 07:40:59 UTC 
escape_byte_string() in gfileattribute.c calls strlen (str) without verifying that str is not NULL. This leads to segmentation faults in code such as the following example:

#include <gio/gio.h>

void main ()
{
  GFileInfo *info;

  g_type_init ();
  info = g_file_info_new ();
  g_file_info_set_attribute (info,
    G_FILE_ATTRIBUTE_STANDARD_SYMLINK_TARGET,
    G_FILE_ATTRIBUTE_TYPE_BYTE_STRING, NULL);
  g_file_info_get_attribute_as_string (info,
    G_FILE_ATTRIBUTE_STANDARD_SYMLINK_TARGET);
}
Comment 1 Alexandre Rostovtsev 2011-06-14 07:43:10 UTC 
Created attachment 189873 [details] [review]
Patch to prevent the segfault
Comment 2 Matthias Clasen 2011-06-17 00:05:44 UTC 
I don't think NULL is a valid bytestring, tbh.
Comment 3 Alexandre Rostovtsev 2011-06-17 04:03:30 UTC 
(In reply to comment #2)
> I don't think NULL is a valid bytestring, tbh.

In that case, the API needs to ensure that a bytestring GFileAttributeValue's value cannot be NULL.
Comment 4 Matthias Clasen 2012-07-06 01:43:21 UTC 
No, it is the responsibility of the caller to pass valid arguments. NULL is not a valid bytestring, unless to documentation explicitly states that you may pass NULL.