Review Request 127470: kcodecs: Fix crash on invalid data

Boris Egorov egorov at linux.com
Fri Mar 25 13:28:49 UTC 2016


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/127470/
-----------------------------------------------------------

(Updated March 25, 2016, 1:28 p.m.)


Review request for KDE Frameworks.


Changes
-------

Change bug to earlier one (aka original)


Bugs: 357341
    https://bugs.kde.org/show_bug.cgi?id=357341


Repository: kcodecs


Description
-------

Warning: I do not fully understand what I'm doing, but I believe some
crashes will disappear after this patch.
    
There are a few problems here.
    
First, there is a call to `isprint` macro which does some magic using
ctype_data table. If buffer passed to KEncodingProber contains some
negative values, it will lead to an index out of bounds of a table here:
    
    #define ctype_test(c, t) ((ctype_data[(unsigned short)c] & t) != 0)
    
And it will trigger segfault.
    
Second, `UnicodeGroupProber::HandleData` have a few static variables,
which prevents triggering a bug. If this function executes successfully
at least ones, it will not call isprint anymore. This is a much trickier
issue, and I'm not sure how to fix it properly.


Diffs
-----

  autotests/kencodingprobertest.h e4edb06 
  autotests/kencodingprobertest.cpp 937bc13 
  src/probers/ctype_test_p.h 0421f99 

Diff: https://git.reviewboard.kde.org/r/127470/diff/


Testing
-------

Build and run tests - all passes.
Crash in #360797 is gone.


Thanks,

Boris Egorov

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20160325/11660e1e/attachment.html>


More information about the Kde-frameworks-devel mailing list