Closed Bug 236010 Opened 20 years ago Closed 20 years ago

INI parser reads memory beyond EOF

Categories

(SeaMonkey :: Installer, defect)

x86
Linux
defect
Not set
major

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: ajschult784, Assigned: ajschult784)

Details

Attachments

(1 file)

valgrind spews a lot of these:
 strchr (mac_replace_strmem.c:113)
 nsINIParser::FindKey(char*, char*, char*, int*) (nsINIParser.cpp:245)
 nsINIParser::GetString(char*, char*, char*, int*) (nsINIParser.cpp:108)
 nsINIParser::GetStringAlloc(char*, char*, char**, int*) (nsINIParser.cpp:122)
Address 0x58EE18A is 0 bytes after a block of size 3238 alloc'd
 malloc (vg_replace_malloc.c:160)
 nsINIParser::nsINIParser(char*) (nsINIParser.cpp:59)
 nsXIContext::LoadResources() (nsXIContext.cpp:137)
 nsXInstaller::ParseConfig() (nsXInstaller.cpp:95)

the file is read into a buffer just big enough for its contents.  There is no
room for NULL termination.
Attached patch patchSplinter Review
allocate (eofpos+1) chars, and null-terminate mFileBuf.
Attachment #142581 - Flags: review?(bsmedberg)
Attachment #142581 - Flags: review?(bsmedberg) → review+
Attachment #142581 - Flags: superreview?(dveditz+bmo)
Comment on attachment 142581 [details] [diff] [review]
patch

sr=dveditz
Attachment #142581 - Flags: superreview?(dveditz+bmo) → superreview+
checked in by mconner
marking FIXED
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: