[libXt:PATCH] XtAsprintf: Fix memory corruption.
Cyril Brulebois
kibi at debian.org
Tue Mar 8 07:09:49 PST 2011
Don't write the null terminator to a random place, this can trigger some
segfault in XtOpenDisplay() and other annoyances.
Debian Bug #617208 <http://bugs.debian.org/617208>
Signed-off-by: Cyril Brulebois <kibi at debian.org>
---
src/Alloc.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Alan Coopersmith wrote:
> I can't see why that would make XtAsprintf operate any differently though.
Apparently, having HOME=/ makes the memory corruption hit XtOpenDisplay()'s
%esi register, where app happens to be stored. And right after writing the
null terminator at the wrong place, %esi becomes 0 in XtOpenDisplay()'s
frame. Kaboom.
diff --git a/src/Alloc.c b/src/Alloc.c
index 67413ab..be643a8 100644
--- a/src/Alloc.c
+++ b/src/Alloc.c
@@ -147,7 +147,7 @@ Cardinal XtAsprintf(
if (len < sizeof(buf))
{
strncpy(*new_string, buf, len);
- new_string[len] = '\0';
+ (*new_string)[len] = '\0';
}
else
{
--
1.7.4.1
More information about the xorg-devel
mailing list