Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 24 Oct 2004 22:03:19 +0400 (MSD)
From:      Oleg Sharoiko <os@rsu.ru>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        bork@rsu.ru
Subject:   ports/73089: [patch] libxklavier returns pointer to static memory where dynamic is expected
Message-ID:  <200410241803.i9OI3JNq011118@brain.cc.rsu.ru>
Resent-Message-ID: <200410241810.i9OIAMNm046265@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         73089
>Category:       ports
>Synopsis:       [patch] libxklavier returns pointer to static memory where dynamic is expected
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 24 18:10:22 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Oleg Sharoiko
>Release:        FreeBSD 5.3-STABLE i386
>Organization:
Computer Center of Rostov State University
>Environment:
System: FreeBSD brain.cc.rsu.ru 5.3-STABLE FreeBSD 5.3-STABLE #0: Tue Oct 19 13:59:02 MSD 2004 os@brain.cc.rsu.ru:/usr/obj/usr/src/sys/brain.athlon-xp.RELENG_5.2004-10-19 i386


	
>Description:
	Function _XklLocaleFromUtf8() is used internaly by libxklavier.
This function usually returns pointer to dynamicly allocated memory.
But in some rare cases it may reach the last line which is

return converted;

where converted is

static char converted[XKL_MAX_CI_DESC_LENGTH];

This may result in a following error:

gnome-keyboard-properties in free(): error: junk pointer, too high to make sense

>How-To-Repeat:
	It looks like last line of _XklLocaleFromUtf8 is reached only in some rare cases depending on some external condtions (files or something else). Unfortunately I can not provide exact instruction on how to repeat this error. But I suppose looking at _XklLocaleFromUtf8 code is enough to see this bug, as _XklLocaleFromUtf8 everywhere but on the last line returns results of strdup.

>Fix:
	It looks like changing

return converted;

to

return strdup(converted);

would be enough.

I've submitted the PR to libxklavier SF page. Not sure though if they check it often enough. http://sourceforge.net/tracker/index.php?func=detail&aid=1052700&group_id=319&atid=300319

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410241803.i9OI3JNq011118>