After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 771610 - number: do not access text_out beyond its bounds in bitwise function
number: do not access text_out beyond its bounds in bitwise function
Status: RESOLVED FIXED
Product: gnome-calculator
Classification: Core
Component: general
git master
Other Linux
: Normal normal
: ---
Assigned To: gcalctool maintainers
gcalctool maintainers
Depends on:
Blocks:
 
 
Reported: 2016-09-18 05:10 UTC by Tobias Mueller
Modified: 2016-09-25 01:15 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
patch (5.33 KB, patch)
2016-09-18 05:10 UTC, Tobias Mueller
none Details | Review
patch (5.31 KB, patch)
2016-09-18 05:40 UTC, Tobias Mueller
committed Details | Review

Description Tobias Mueller 2016-09-18 05:10:51 UTC
Created attachment 335791 [details] [review]
patch

The text_out buffer has just been created as a char array with
offset_out + 1 elements. So we can access element 0 to offset_out.
offset_out+1 is beyond the bounds.
Comment 1 Tobias Mueller 2016-09-18 05:40:25 UTC
Created attachment 335792 [details] [review]
patch

the other patch didn't null-terminate the string.
Now we simply increase the size of the out buffer.
Comment 2 Robert Roth 2016-09-18 06:41:00 UTC
Review of attachment 335792 [details] [review]:

Looks fine, and I'm not sure if there's a better way to fix this "index out of bounds", although I did not see any visible signs of the problem, but it is indeed a problem. We're in hard code freeze, but I would say this can go in the stable (3.22.1) after the freeze.
Comment 3 Robert Roth 2016-09-25 01:15:06 UTC
Thanks, pushed to master.