[Kde-pim] Re: Review Request: memory overflow at kdepim/strigi-analyzer/ctg/CtgEndAnalyzer::checkHeader
Jos van den Oever
jos at vandenoever.info
Thu Feb 24 20:14:26 GMT 2011
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/100708/#review1632
-----------------------------------------------------------
For this use case there is a class Strigi::KmpSearcher. This calls allows you so search fast and within a limited range. The search object can be static constant member of the particular analyzer, e.g.
Strigi::KmpSearcher searcher;
that is initialized with the case sensitive text fragment.
Then the function call searcher.search(header, headerlength) can be used to find the result.
Examples can be found in libstreamanalyzer/lib/pdf/pdftest.cpp and libstreams/lib/stringterminatedsubstream.cpp.
- Jos
On Feb. 21, 2011, 6:35 p.m., Guy Maurel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/100708/
> -----------------------------------------------------------
>
> (Updated Feb. 21, 2011, 6:35 p.m.)
>
>
> Review request for KDEPIM.
>
>
> Summary
> -------
>
> In some circonstances, such as with the analyse of the attached pdf-file,
> ( Bug 264355 - nepomuk crashes by indexing a pdf-file )
> bei the use of:
> /usr/local/bin/nepomukservicestub nepomukstrigiservice
>
> the read buffer doesn't contain any "zero"-byte. It might happens that the
> memory after the buffer hasn't also any "zero"-byte.
> By looking for the string "<contactGroup" within the function:
> CtgEndAnalyzer::checkHeader( const char* header, qint32 headersize )
> ...
> return headersize >= 54 && strstr( header, "<contactGroup" );
>
> we get a memory-overflow.
>
> With gdb we can examine the buffer (which makes the trouble) "header"
> (gdb) p header
> $1 = 0x7fffd70a8010 "<?xpacket <some more data> ...
> ... <Address 0x7fffd70a9000 out of bounds>
>
> because the strstr-function works with zero-ending strings.
>
> To prevent the overflow, we have to prepare a zero-ending copy of "header".
> Such a method is well used by:
> libstreamanalyzer/plugins/endplugins/ffmpegendanalyzer.cpp
> I take it as example to do the same.
>
> ======
> Some more details from the gdb bt-command: (little shortened for clarity)
> (gdb) bt
> #0 in memchr () from /lib/libc.so.6
> #1 in strstr () from /lib/libc.so.6
> #2 in strstr at /usr/include/string.h:337
> #3 in CtgEndAnalyzer::checkHeader at kdepim/strigi-analyzer/ctg/ctgendanalyzer.cpp:62
> #4 in Strigi::StreamAnalyzerPrivate::analyze at libstreamanalyzer/lib/streamanalyzer.cpp:445
> #5 in Strigi::StreamAnalyzer::analyze at libstreamanalyzer/lib/streamanalyzer.cpp:361
> #6 in Strigi::AnalysisResult::indexChild at libstreamanalyzer/lib/analysisresult.cpp:250
> #7 in PdfEndAnalyzer::handle at libstreamanalyzer/lib/endanalyzers/pdfendanalyzer.cpp:45
> #8 in PdfParser::handleSubStream at libstreamanalyzer/lib/pdf/pdfparser.cpp:666
> #9 in PdfParser::handleSubStream at libstreamanalyzer/lib/pdf/pdfparser.cpp:640
> #10 in PdfParser::parseDictionaryOrStream at libstreamanalyzer/lib/pdf/pdfparser.cpp:377
> #11 in PdfParser::parseObjectStreamObject at libstreamanalyzer/lib/pdf/pdfparser.cpp:431
> #12 in PdfParser::parseObjectStreamObjectDef at libstreamanalyzer/lib/pdf/pdfparser.cpp:557
> #13 in PdfParser::parse at libstreamanalyzer/lib/pdf/pdfparser.cpp:585
> #14 in PdfEndAnalyzer::analyze at libstreamanalyzer/lib/endanalyzers/pdfendanalyzer.cpp:62
> #15 in Strigi::StreamAnalyzerPrivate::analyze at libstreamanalyzer/lib/streamanalyzer.cpp:447
> #16 in Strigi::StreamAnalyzer::analyze at libstreamanalyzer/lib/streamanalyzer.cpp:361
> #17 in Strigi::AnalysisResult::index at libstreamanalyzer/lib/analysisresult.cpp:233
> #18 in Nepomuk::Indexer::indexFile at kdebase/runtime/nepomuk/services/strigi/nepomukindexer.cpp:131
> #19 in Nepomuk::IndexScheduler::analyzeDir at kdebase/runtime/nepomuk/services/strigi/indexscheduler.cpp:450
> #20 in Nepomuk::IndexScheduler::run at kdebase/runtime/nepomuk/services/strigi/indexscheduler.cpp:338
> #21 in ?? () from /usr/lib/libQtCore.so.4
> #22 in start_thread () from /lib/libpthread.so.0
> #23 in clone () from /lib/libc.so.6
> #24 in ?? ()
>
>
> This addresses bug 264355.
> http://bugs.kde.org/show_bug.cgi?id=264355
>
>
> Diffs
> -----
>
>
> Diff: http://git.reviewboard.kde.org/r/100708/diff
>
>
> Testing
> -------
>
> with the pdf-file from the bug 264355 at comment #2
> http://bugs.kde.org/attachment.cgi?id=56951
>
>
> Thanks,
>
> Guy
>
>
_______________________________________________
KDE PIM mailing list kde-pim at kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/
More information about the kde-pim
mailing list