Re: [cdesktopenv-devel] [PATCH] dtcreate: fix exit with TT_ERR_PTYPE and fix several sprintf related segfaults.

Sat, 11 Aug 2012 11:56:22 -0700

I also found a double free error in parser.c that caused me some grief. Attached are both the original patch and the parser.c patch for dtcreate. 
>From 7f64a9c4e8f8108021f5f65e9210bdc994232e40 Mon Sep 17 00:00:00 2001
From: William Schaub <wsch...@genesi-tech.com>
Date: Sat, 11 Aug 2012 04:02:17 -0400
Subject: [PATCH 1/2] dtcreate: fix exit with TT_ERR_PTYPE and fix several sprintf related segfaults.

---
 cde/programs/dtcreate/AddFiletype.c          |    6 ++++--
 cde/programs/dtcreate/CreateActionAppShell.c |    7 ++++---
 cde/programs/dtcreate/ca_aux.c               |   19 ++++++++++++-------
 cde/programs/dtcreate/main.c                 |    3 +++
 4 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/cde/programs/dtcreate/AddFiletype.c b/cde/programs/dtcreate/AddFiletype.c
index 8d70b2a..7df5bb2 100644
--- a/cde/programs/dtcreate/AddFiletype.c
+++ b/cde/programs/dtcreate/AddFiletype.c
@@ -261,6 +261,7 @@ static Widget   _Uxbuild_AddFiletype(void)
 	char		     *pre, *suf, *title;
 
 	XmString	      emptyString;
+    size_t len;
 
 #define TIGHTNESS             20
 #define ICON_MIN_HEIGHT       83
@@ -276,8 +277,9 @@ static Widget   _Uxbuild_AddFiletype(void)
 
         pre = GETMESSAGE(3, 10, "Create Action");
         suf = GETMESSAGE(7, 10, "Add Datatype");
-        title = XtMalloc(strlen(pre) + strlen(suf) + 2);
-        sprintf(title, "%s - %s", pre, suf);
+        len = strlen(pre) + strlen(suf) + 4;
+        title = XtMalloc(len);
+        snprintf(title,len - 1, "%s - %s", pre, suf);
 
         _UxParent = XtVaCreatePopupShell( "AddFiletype_shell",
                         xmDialogShellWidgetClass, _UxParent,
diff --git a/cde/programs/dtcreate/CreateActionAppShell.c b/cde/programs/dtcreate/CreateActionAppShell.c
index 5396a8c..8558ba5 100644
--- a/cde/programs/dtcreate/CreateActionAppShell.c
+++ b/cde/programs/dtcreate/CreateActionAppShell.c
@@ -345,6 +345,7 @@ static  void    activateCB_CA_FiletypesDelete( Widget UxWidget,
   int           cnt;
   Boolean       bFound;
   char          *msgPtr1, *msgPtr2, *fmtPtr, *errPtr;
+  size_t        len;
 
   /**************************************************************************/
   /* Determine the filetypes to delete and delete them.                     */
@@ -411,9 +412,9 @@ static  void    activateCB_CA_FiletypesDelete( Widget UxWidget,
      msgPtr2 = XtNewString(GETMESSAGE(5, 125,
 		  "Please select the Datatype you would like to Delete."));
      fmtPtr = "%s\n%s";
-     errPtr = XtMalloc((strlen(msgPtr1) + strlen(msgPtr2) +
-			strlen(fmtPtr) + 1) * sizeof(char));
-     sprintf(errPtr, fmtPtr, msgPtr1, msgPtr2);
+     len = (strlen(msgPtr1) + strlen(msgPtr2) + strlen(fmtPtr) + 2);
+     errPtr = XtMalloc(len);
+     snprintf(errPtr,len - 1, fmtPtr, msgPtr1, msgPtr2);
      XtFree(msgPtr2);
      XtFree(msgPtr1);
      display_error_message(CreateActionAppShell, errPtr);
diff --git a/cde/programs/dtcreate/ca_aux.c b/cde/programs/dtcreate/ca_aux.c
index afd105a..74f08e1 100644
--- a/cde/programs/dtcreate/ca_aux.c
+++ b/cde/programs/dtcreate/ca_aux.c
@@ -849,6 +849,7 @@ void activateCB_add_filetype (Widget wid, XtPointer client_data,
   char         *ptr;
   char          tmpbuf[50];
   char	       *pre, *suf, *title;
+  size_t       len;
 
   if (!CreateActionAppShellCheckFields()) {
 
@@ -893,8 +894,9 @@ void activateCB_add_filetype (Widget wid, XtPointer client_data,
 
     pre = GETMESSAGE(3, 10, "Create Action");
     suf = GETMESSAGE(7, 10, "Add Datatype");
-    title = XtMalloc(strlen(pre) + strlen(suf) + 2);
-    sprintf(title, "%s - %s", pre, suf);
+    len = strlen(pre) + strlen(suf) + 4;
+    title = XtMalloc(len);
+    snprintf(title,len - 1,"%s - %s", pre, suf);
 
     XtVaSetValues (AddFiletype,
                    RES_CONVERT (XmNdialogTitle, title ),
@@ -924,11 +926,13 @@ void activateCB_edit_filetype (Widget wid, XtPointer client_data,
   int          selecteditem;
   char         *msgPtr1, *msgPtr2, *fmtPtr, *errPtr;
   char	       *pre, *suf, *title;
+  size_t len;
 
   pre = GETMESSAGE(3, 10, "Create Action");
   suf = GETMESSAGE(7, 11, "Edit Datatype");
-  title = XtMalloc(strlen(pre) + strlen(suf) + 2);
-  sprintf(title, "%s - %s", pre, suf);
+  len = strlen(pre) + strlen(suf) + 4;
+  title = XtMalloc(len);
+  snprintf(title,len - 1, "%s - %s", pre, suf);
 
   /**************************************************************************/
   /* Determine the selected list item.                                      */
@@ -959,9 +963,10 @@ void activateCB_edit_filetype (Widget wid, XtPointer client_data,
      msgPtr2 = XtNewString(GETMESSAGE(5, 130,
 		  "Please select the Datatype you would like to Edit."));
      fmtPtr = "%s\n%s";
-     errPtr = XtMalloc((strlen(msgPtr1) + strlen(msgPtr2) +
-			strlen(fmtPtr) + 1) * sizeof(char));
-     sprintf(errPtr, fmtPtr, msgPtr1, msgPtr2);
+     len = (strlen(msgPtr1) + strlen(msgPtr2) +
+             strlen(fmtPtr) + 3);
+     errPtr = XtMalloc(len);
+     snprintf(errPtr,len - 1, fmtPtr, msgPtr1, msgPtr2);
      XtFree(msgPtr2);
      XtFree(msgPtr1);
      display_error_message(CreateActionAppShell, errPtr);
diff --git a/cde/programs/dtcreate/main.c b/cde/programs/dtcreate/main.c
index 168cd88..1b56e3f 100644
--- a/cde/programs/dtcreate/main.c
+++ b/cde/programs/dtcreate/main.c
@@ -548,6 +548,9 @@ DieFromToolTalkError(Widget parent, char *errfmt, Tt_status status)
     if (! tt_is_err(status)) return;
 
     statmsg = tt_status_message(status);
+    /* Solaris dtcreate ignores this so we should too */
+    if(!strncmp("TT_ERR_PTYPE",statmsg,12))
+            return;
     errmsg = XtMalloc(strlen(errfmt) + strlen(statmsg) + 2);
     sprintf(errmsg, errfmt, statmsg);
 
-- 
1.7.2.5


>From 763b8b029205dc37a0c8f416712a33189c979074 Mon Sep 17 00:00:00 2001
From: William Schaub <wsch...@genesi-tech.com>
Date: Sat, 11 Aug 2012 14:46:35 -0400
Subject: [PATCH 2/2] dtcreate: Fix double free inside ProcessExecString()

---
 cde/programs/dtcreate/parser.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/cde/programs/dtcreate/parser.c b/cde/programs/dtcreate/parser.c
index 7886e08..a62476a 100644
--- a/cde/programs/dtcreate/parser.c
+++ b/cde/programs/dtcreate/parser.c
@@ -851,7 +851,7 @@ int  done=FALSE, argfound=FALSE,promptfound=FALSE;
                                              covers the complete string
                                              between %'s
                                             */
-                      if(argbuf) free(argbuf);
+                      if(argbuf) { free(argbuf); argbuf = NULL; }
                       if(s2)
                       {
                          argbuf = (char *)calloc(1,(s2-s1)+2);
@@ -877,7 +877,7 @@ int  done=FALSE, argfound=FALSE,promptfound=FALSE;
                 else if (s1 && *s1)
                 {
                      strcat(exec_args[0],s1);
-                     if(argbuf)   free(argbuf);
+                     if(argbuf)   { free(argbuf); argbuf = NULL; }
                      done = TRUE;
                      continue;
                 }
@@ -934,7 +934,7 @@ int  done=FALSE, argfound=FALSE,promptfound=FALSE;
                 argfound = FALSE;
                 s1=s2;
          }
-         if(argbuf) free(argbuf);
+         if(argbuf) { free(argbuf); argbuf = NULL; }
    return exec_args;
 }
 
-- 
1.7.2.5


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
cdesktopenv-devel mailing list
cdesktopenv-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel

Reply via email to