[Users] [Bug 3201] New: Patch to fix memory corruption in sc_html_read_line()
noreply at thewildbeast.co.uk
noreply at thewildbeast.co.uk
Sun Jun 1 14:21:20 CEST 2014
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3201
Bug ID: 3201
Summary: Patch to fix memory corruption in sc_html_read_line()
Classification: Unclassified
Product: Claws Mail
Version: 3.10.0
Hardware: All
OS: FreeBSD
Status: NEW
Severity: normal
Priority: P3
Component: Other
Assignee: users at lists.claws-mail.org
Reporter: fk at fabiankeil.de
Created attachment 1375
-->
http://www.thewildbeast.co.uk/claws-mail/bugzilla/attachment.cgi?id=1375&action=edit
Patch to fix memory corruption in sc_html_read_line()
The attached patch fixes crashes like this:
(gdb) r
Starting program: /usr/local/bin/claws-mail
[New LWP 101445]
[New Thread 80b006400 (LWP 101445)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 80b006400 (LWP 101445)]
0x00000000004c1c71 in sc_html_read_line (parser=0x80b1dda00) at html.c:466
466 index = parser->bufp - parser->buf->str;
(gdb) p *parser
$1 = {fp = 0x80b14d5e0, conv = 0x8056e1f50, symbol_table = 0x8056e1f00
<g_idle_funcs>, alt_symbol_table = 0x1, str = 0x80b0546c0, buf = 0x10000006c,
bufp = 0x1f5 <Address 0x1f5 out of bounds>,
state = SC_HTML_NORMAL, href = 0x0, newline = 0, empty_line = 0, space = 0,
pre = 0}
(gdb) where
#0 0x00000000004c1c71 in sc_html_read_line (parser=0x80b1dda00) at html.c:466
#1 0x00000000004c1960 in sc_html_parse (parser=0x80b1ddac0) at html.c:395
#2 0x00000000005e538a in textview_show_html (textview=0x80b19dcc0,
fp=0x806feb580, conv=0x80b14d5c0) at textview.c:1214
#3 0x00000000005e26f8 in textview_write_body (textview=0x80b19dcc0,
mimeinfo=0x80b08a780) at textview.c:1067
[...]
Note that parser's last byte got overwritten in #0.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Users
mailing list