Review Request 127470: kcodecs: Fix crash on invalid data
Boris Egorov
egorov at linux.com
Fri Mar 25 13:28:49 UTC 2016
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/127470/
-----------------------------------------------------------
(Updated March 25, 2016, 1:28 p.m.)
Review request for KDE Frameworks.
Changes
-------
Change bug to earlier one (aka original)
Bugs: 357341
https://bugs.kde.org/show_bug.cgi?id=357341
Repository: kcodecs
Description
-------
Warning: I do not fully understand what I'm doing, but I believe some
crashes will disappear after this patch.
There are a few problems here.
First, there is a call to `isprint` macro which does some magic using
ctype_data table. If buffer passed to KEncodingProber contains some
negative values, it will lead to an index out of bounds of a table here:
#define ctype_test(c, t) ((ctype_data[(unsigned short)c] & t) != 0)
And it will trigger segfault.
Second, `UnicodeGroupProber::HandleData` have a few static variables,
which prevents triggering a bug. If this function executes successfully
at least ones, it will not call isprint anymore. This is a much trickier
issue, and I'm not sure how to fix it properly.
Diffs
-----
autotests/kencodingprobertest.h e4edb06
autotests/kencodingprobertest.cpp 937bc13
src/probers/ctype_test_p.h 0421f99
Diff: https://git.reviewboard.kde.org/r/127470/diff/
Testing
-------
Build and run tests - all passes.
Crash in #360797 is gone.
Thanks,
Boris Egorov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20160325/11660e1e/attachment.html>
More information about the Kde-frameworks-devel
mailing list