[Geany-devel] Bug on utils_string_replace()?
Thomas Martitz
thomas.martitz at xxxxx
Sun Sep 25 17:36:55 UTC 2011
Am 25.09.2011 19:20, schrieb Frank Lanitz:
> Hi folks,
>
> I found a possible issue with changes done on utils_string_replace-*
> functions i've added a workaround to geanysendmail with svn r2214.
>
> I was digging a bit and I guess I found the smoking gun. Unfortunately
> I'm not 100 sure how to fix it without breaking anything.
>
> This is what I found:
>
> /* Replaces @len characters from offset @a pos.
> * len can be -1 for str->len.
> * returns: pos + strlen(replace). */
> gint utils_string_replace(GString *str, gint pos, gint len, const gchar *replace)
> {
> g_string_erase(str, pos, len);
> g_string_insert(str, pos, replace);
>
> return pos + strlen(replace);
> }
>
> is not checking whether replace is != NULL so its failing with a
> segfault. I was able to reproduce it on geanysendmail with this
> backtrace:
>
> #0 0x00000000004b9bd4 in utils_string_replace (str=0x31518c0, pos=117, len=2,
> replace=0x0) at ../src/utils.c:1561
> #1 0x00000000004b9c6b in utils_string_replace_all (haystack=0x31518c0,
> needle=0x7fffe7b3e68c "%r", replace=0x0) at ../src/utils.c:1588
> #2 0x00007fffe7b3d619 in send_as_attachment (menuitem=0xb692c0, gdata=0x0)
> at ../geanysendmail/src/geanysendmail.c:152
> #3 0x00007ffff5d1de7e in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
> #4 0x00007ffff5d2f8d7 in ?? () from /usr/lib/libgobject-2.0.so.0
> #5 0x00007ffff5d38d05 in g_signal_emit_valist ()
> from /usr/lib/libgobject-2.0.so.0
> #6 0x00007ffff5d38ed3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
>
> However. I'd add a g_return_val_if_fail (replace != NULL, pos); but not
> sure whether this will break anything. Opinions?
>
> Cheers,
> Frank
The caller should be fixed, passing NULL makes no sense at all.
Best regards.
More information about the Devel
mailing list