[Kde-pim] Re: Review Request: memory overflow at kdepim/strigi-analyzer/ctg/CtgEndAnalyzer::checkHeader
Guy Maurel
guy-kde at maurel.de
Fri Feb 25 18:36:23 GMT 2011
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/100708/
-----------------------------------------------------------
(Updated Feb. 25, 2011, 6:36 p.m.)
Review request for KDEPIM.
Summary
-------
In some circonstances, such as with the analyse of the attached pdf-file,
( Bug 264355 - nepomuk crashes by indexing a pdf-file )
bei the use of:
/usr/local/bin/nepomukservicestub nepomukstrigiservice
the read buffer doesn't contain any "zero"-byte. It might happens that the
memory after the buffer hasn't also any "zero"-byte.
By looking for the string "<contactGroup" within the function:
CtgEndAnalyzer::checkHeader( const char* header, qint32 headersize )
...
return headersize >= 54 && strstr( header, "<contactGroup" );
we get a memory-overflow.
With gdb we can examine the buffer (which makes the trouble) "header"
(gdb) p header
$1 = 0x7fffd70a8010 "<?xpacket <some more data> ...
... <Address 0x7fffd70a9000 out of bounds>
because the strstr-function works with zero-ending strings.
To prevent the overflow, we have to prepare a zero-ending copy of "header".
Such a method is well used by:
libstreamanalyzer/plugins/endplugins/ffmpegendanalyzer.cpp
I take it as example to do the same.
======
Some more details from the gdb bt-command: (little shortened for clarity)
(gdb) bt
#0 in memchr () from /lib/libc.so.6
#1 in strstr () from /lib/libc.so.6
#2 in strstr at /usr/include/string.h:337
#3 in CtgEndAnalyzer::checkHeader at kdepim/strigi-analyzer/ctg/ctgendanalyzer.cpp:62
#4 in Strigi::StreamAnalyzerPrivate::analyze at libstreamanalyzer/lib/streamanalyzer.cpp:445
#5 in Strigi::StreamAnalyzer::analyze at libstreamanalyzer/lib/streamanalyzer.cpp:361
#6 in Strigi::AnalysisResult::indexChild at libstreamanalyzer/lib/analysisresult.cpp:250
#7 in PdfEndAnalyzer::handle at libstreamanalyzer/lib/endanalyzers/pdfendanalyzer.cpp:45
#8 in PdfParser::handleSubStream at libstreamanalyzer/lib/pdf/pdfparser.cpp:666
#9 in PdfParser::handleSubStream at libstreamanalyzer/lib/pdf/pdfparser.cpp:640
#10 in PdfParser::parseDictionaryOrStream at libstreamanalyzer/lib/pdf/pdfparser.cpp:377
#11 in PdfParser::parseObjectStreamObject at libstreamanalyzer/lib/pdf/pdfparser.cpp:431
#12 in PdfParser::parseObjectStreamObjectDef at libstreamanalyzer/lib/pdf/pdfparser.cpp:557
#13 in PdfParser::parse at libstreamanalyzer/lib/pdf/pdfparser.cpp:585
#14 in PdfEndAnalyzer::analyze at libstreamanalyzer/lib/endanalyzers/pdfendanalyzer.cpp:62
#15 in Strigi::StreamAnalyzerPrivate::analyze at libstreamanalyzer/lib/streamanalyzer.cpp:447
#16 in Strigi::StreamAnalyzer::analyze at libstreamanalyzer/lib/streamanalyzer.cpp:361
#17 in Strigi::AnalysisResult::index at libstreamanalyzer/lib/analysisresult.cpp:233
#18 in Nepomuk::Indexer::indexFile at kdebase/runtime/nepomuk/services/strigi/nepomukindexer.cpp:131
#19 in Nepomuk::IndexScheduler::analyzeDir at kdebase/runtime/nepomuk/services/strigi/indexscheduler.cpp:450
#20 in Nepomuk::IndexScheduler::run at kdebase/runtime/nepomuk/services/strigi/indexscheduler.cpp:338
#21 in ?? () from /usr/lib/libQtCore.so.4
#22 in start_thread () from /lib/libpthread.so.0
#23 in clone () from /lib/libc.so.6
#24 in ?? ()
This addresses bug 264355.
http://bugs.kde.org/show_bug.cgi?id=264355
Diffs (updated)
-----
strigi-analyzer/ctg/ctgendanalyzer.cpp ff03d8a
Diff: http://git.reviewboard.kde.org/r/100708/diff
Testing
-------
with the pdf-file from the bug 264355 at comment #2
http://bugs.kde.org/attachment.cgi?id=56951
Thanks,
Guy
_______________________________________________
KDE PIM mailing list kde-pim at kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/
More information about the kde-pim
mailing list