After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 735657 - parse_name_field(): SIGSEGV, dereference NULL pointer in name_field
parse_name_field(): SIGSEGV, dereference NULL pointer in name_field
Status: RESOLVED FIXED
Product: file-roller
Classification: Applications
Component: general
3.13.x
Other Linux
: Normal critical
: ---
Assigned To: Paolo Bacchilega
file-roller-maint
Depends on:
Blocks:
 
 
Reported: 2014-08-29 09:26 UTC by Igor Gnatenko
Modified: 2014-09-01 18:11 UTC
See Also:
GNOME target: ---
GNOME version: 3.13/3.14

Attachments
fr-command-rar: check for NULL in name_field (1.04 KB, patch)
2014-08-29 09:29 UTC, Igor Gnatenko 		none Details | Review

Description Igor Gnatenko 2014-08-29 09:26:27 UTC 
got some crashes when tried to open rar archive from dead floppy disk.

+ Trace 234020

Thread 4 (Thread 0x7f2813fff700 (LWP 5698))

  • #0 syscall
    at ../sysdeps/unix/sysv/linux/x86_64/syscall.S line 38
  • #1 g_cond_wait_until
    at gthread-posix.c line 1437
  • #2 g_async_queue_pop_intern_unlocked
    at gasyncqueue.c line 422
  • #3 g_async_queue_timeout_pop
    at gasyncqueue.c line 543
  • #4 g_thread_pool_thread_proxy
    at gthreadpool.c line 167
  • #5 g_thread_pool_thread_proxy
    at gthreadpool.c line 364
  • #6 g_thread_proxy
    at gthread.c line 764
  • #7 start_thread
    at pthread_create.c line 310
  • #8 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 109

Thread 1 (Thread 0x7f2824c94980 (LWP 5693))

  • #0 parse_name_field
    at fr-command-rar.c line 149
  • #1 process_line
    at fr-command-rar.c line 213
  • #2 fr_channel_data_read
    at fr-process.c line 141
  • #3 check_child
    at fr-process.c line 799
  • #4 g_timeout_dispatch
    at gmain.c line 4473
  • #5 g_main_context_dispatch
    at gmain.c line 3064
  • #6 g_main_context_dispatch
    at gmain.c line 3663
  • #7 g_main_context_iterate
    at gmain.c line 3734
  • #8 g_main_context_iteration
    at gmain.c line 3795
  • #9 g_application_run
    at gapplication.c line 2219
  • #10 main
    at main.c line 38 






Comment 1


Igor Gnatenko





          2014-08-29 09:29:38 UTC
        



Created attachment 284796 [details] [review]
fr-command-rar: check for NULL in name_field

When I tried to open rar archive from floppy disk (floppy corrupted), I
got crash.
149		if (*name_field == '/') {
(gdb) p name_field
$3 = 0x0
Sure, it can't be dereferenced.

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1135409
Reference: https://bugzilla.gnome.org/show_bug.cgi?id=735657
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>






Comment 2


Paolo Bacchilega





          2014-09-01 18:11:38 UTC
        



Patch pushed to master and gnome-3-12, thank you.