[Kde-pim] Re: Review Request: memory overflow at kdepim/strigi-analyzer/ctg/CtgEndAnalyzer::checkHeader

Jos van den Oever jos at vandenoever.info
Thu Feb 24 20:14:26 GMT 2011


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/100708/#review1632
-----------------------------------------------------------


For this use case there is a class Strigi::KmpSearcher. This calls allows you so search fast and within a limited range. The search object can be static constant member of the particular analyzer, e.g.
  Strigi::KmpSearcher searcher;
that is initialized with the case sensitive text fragment.

Then the function call searcher.search(header, headerlength) can be used to find the result.

Examples can be found in libstreamanalyzer/lib/pdf/pdftest.cpp and libstreams/lib/stringterminatedsubstream.cpp.


- Jos


On Feb. 21, 2011, 6:35 p.m., Guy Maurel wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/100708/
> -----------------------------------------------------------
> 
> (Updated Feb. 21, 2011, 6:35 p.m.)
> 
> 
> Review request for KDEPIM.
> 
> 
> Summary
> -------
> 
> In some circonstances, such as with the analyse of the attached pdf-file,
> ( Bug 264355 - nepomuk crashes by indexing a pdf-file )
> bei the use of:
>   /usr/local/bin/nepomukservicestub nepomukstrigiservice
> 
> the read buffer doesn't contain any "zero"-byte. It might happens that the
> memory after the buffer hasn't also any "zero"-byte.
> By looking for the string "<contactGroup" within the function:
>   CtgEndAnalyzer::checkHeader( const char* header, qint32 headersize )
>     ...
>     return headersize >= 54 && strstr( header, "<contactGroup" );
> 
> we get a memory-overflow.
> 
> With gdb we can examine the buffer (which makes the trouble) "header"
>   (gdb) p header
>   $1 = 0x7fffd70a8010 "<?xpacket <some more data> ...
>        ... <Address 0x7fffd70a9000 out of bounds>
> 
> because the strstr-function works with zero-ending strings.
> 
> To prevent the overflow, we have to prepare a zero-ending copy of "header".
> Such a method is well used by:
>   libstreamanalyzer/plugins/endplugins/ffmpegendanalyzer.cpp
> I take it as example to do the same.
> 
> ======
> Some more details from the gdb bt-command: (little shortened for clarity)
> (gdb) bt
> #0  in memchr () from /lib/libc.so.6
> #1  in strstr () from /lib/libc.so.6
> #2  in strstr at /usr/include/string.h:337
> #3  in CtgEndAnalyzer::checkHeader at kdepim/strigi-analyzer/ctg/ctgendanalyzer.cpp:62
> #4  in Strigi::StreamAnalyzerPrivate::analyze at libstreamanalyzer/lib/streamanalyzer.cpp:445
> #5  in Strigi::StreamAnalyzer::analyze at libstreamanalyzer/lib/streamanalyzer.cpp:361
> #6  in Strigi::AnalysisResult::indexChild at libstreamanalyzer/lib/analysisresult.cpp:250
> #7  in PdfEndAnalyzer::handle at libstreamanalyzer/lib/endanalyzers/pdfendanalyzer.cpp:45
> #8  in PdfParser::handleSubStream at libstreamanalyzer/lib/pdf/pdfparser.cpp:666
> #9  in PdfParser::handleSubStream at libstreamanalyzer/lib/pdf/pdfparser.cpp:640
> #10 in PdfParser::parseDictionaryOrStream at libstreamanalyzer/lib/pdf/pdfparser.cpp:377
> #11 in PdfParser::parseObjectStreamObject at libstreamanalyzer/lib/pdf/pdfparser.cpp:431
> #12 in PdfParser::parseObjectStreamObjectDef at libstreamanalyzer/lib/pdf/pdfparser.cpp:557
> #13 in PdfParser::parse at libstreamanalyzer/lib/pdf/pdfparser.cpp:585
> #14 in PdfEndAnalyzer::analyze at libstreamanalyzer/lib/endanalyzers/pdfendanalyzer.cpp:62
> #15 in Strigi::StreamAnalyzerPrivate::analyze at libstreamanalyzer/lib/streamanalyzer.cpp:447
> #16 in Strigi::StreamAnalyzer::analyze at libstreamanalyzer/lib/streamanalyzer.cpp:361
> #17 in Strigi::AnalysisResult::index at libstreamanalyzer/lib/analysisresult.cpp:233
> #18 in Nepomuk::Indexer::indexFile at kdebase/runtime/nepomuk/services/strigi/nepomukindexer.cpp:131
> #19 in Nepomuk::IndexScheduler::analyzeDir at kdebase/runtime/nepomuk/services/strigi/indexscheduler.cpp:450
> #20 in Nepomuk::IndexScheduler::run at kdebase/runtime/nepomuk/services/strigi/indexscheduler.cpp:338
> #21 in ?? () from /usr/lib/libQtCore.so.4
> #22 in start_thread () from /lib/libpthread.so.0
> #23 in clone () from /lib/libc.so.6
> #24 in ?? ()
> 
> 
> This addresses bug 264355.
>     http://bugs.kde.org/show_bug.cgi?id=264355
> 
> 
> Diffs
> -----
> 
> 
> Diff: http://git.reviewboard.kde.org/r/100708/diff
> 
> 
> Testing
> -------
> 
> with the pdf-file from the bug 264355 at comment #2
> http://bugs.kde.org/attachment.cgi?id=56951
> 
> 
> Thanks,
> 
> Guy
> 
>

_______________________________________________
KDE PIM mailing list kde-pim at kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/



More information about the kde-pim mailing list