GNOME Bugzilla – Bug 742644
oauth: Implicit declaration of rest_proxy_call_get_url leads to memory error
Last modified: 2015-03-04 12:28:16 UTC
The librest build has this warning which is not as harmless as it might appear: CC librest_0.7_la-oauth-proxy-call.lo oauth-proxy-call.c: In function 'sign_hmac': oauth-proxy-call.c:130:3: warning: implicit declaration of function 'rest_proxy_call_get_url' [-Wimplicit-function-declaration] url_str = rest_proxy_call_get_url (call); ^ oauth-proxy-call.c:130:11: warning: assignment makes pointer from integer without a cast url_str = rest_proxy_call_get_url (call); ^ The compiler assumes int as the return type, but in reality it returns a pointer. Using the function without a prototype will lead to memory errors when the size of an int is not the same as a pointer. You can trigger a crash by running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account. Program received signal SIGSEGV, Segmentation fault.
+ Trace 234534
Thread 139771272640256 (LWP 10550)
124 GHashTable *all_params; 125 RestParamsIter params_iter; 126 RestParam *param; 127 gboolean encode_query_params = TRUE; 128 129 priv = PROXY_GET_PRIVATE (proxy); 130 url_str = rest_proxy_call_get_url (call); 131 132 text = g_string_new (NULL); 133 g_string_append (text, rest_proxy_call_get_method (REST_PROXY_CALL (call))); (gdb) 134 g_string_append_c (text, '&'); 135 if (priv->oauth_echo) { 136 g_string_append_uri_escaped (text, priv->service_url, NULL, FALSE); 137 } else if (priv->signature_host != NULL) { 138 SoupURI *url = soup_uri_new (url_str); 139 gchar *signing_url; 140 141 soup_uri_set_host (url, priv->signature_host); 142 signing_url = soup_uri_to_string (url, FALSE); 143 (gdb) 144 g_string_append_uri_escaped (text, signing_url, NULL, FALSE); 145 146 soup_uri_free (url); 147 g_free (signing_url); 148 } else { 149 g_string_append_uri_escaped (text, url_str, NULL, FALSE); 150 } 151 g_string_append_c (text, '&'); 152 153 (gdb) print url_str $1 = 0xffffffffe831ba70 <error: Cannot access memory at address 0xffffffffe831ba70> (gdb) print *call $2 = {parent = {g_type_instance = {g_class = 0x7f1ee8552400}, ref_count = 1, qdata = 0x0}, priv = 0x7f1edc00e310} (gdb) print *(call->priv) $3 = {method = 0x7f1ee82ea960 "GET", function = 0x0, headers = 0x7f1ee84f15e0, params = 0x7f1ee84f1640, url = 0x7f1ee831ba70 "https://api.flickr.com/services/rest", response_headers = 0x7f1eec058400, length = 0, payload = 0x0, status_code = 0, status_message = 0x0, cancellable = 0x0, cancel_sig = 0, proxy = 0x6bf6e0 [OAuthProxy], cur_call_closure = 0x0} (gdb)
Created attachment 294156 [details] [review] oauth: Fix a memory error due to -Wimplicit-function-declaration
Ah, never mind. This is already fixed in master: commit b50ace7738ea03817acdad87fb2b338a86018329 Author: Christophe Fergeau <cfergeau@redhat.com> Date: Wed Sep 3 11:31:49 2014 +0200 oauth: Add missing include This fixes a compilation warning about a missing prototype. I should have checked before doing a 'git checkout 0.7.92'. Sorry.
CVE assignment request: http://www.openwall.com/lists/oss-security/2015/03/04/6