https://bugs.kde.org/show_bug.cgi?id=444614
Bug ID: 444614
Summary: Potential Buffer overflow inside ki18n KCatalog
Product: krita
Version: nightly build (please specify the git hash!)
Platform: Microsoft Windows
OS: Microsoft Windows
Status: REPORTED
Severity: normal
Priority: NOR
Component: General
Assignee: krita-bugs-n...@kde.org
Reporter: al...@alvinhc.com
Target Milestone: ---
Created attachment 143007
--> https://bugs.kde.org/attachment.cgi?id=143007&action=edit
backtrace
When running Krita with Application Verifier enabled, I get a segfault from
within KCatalog::KCatalog [1]. (Note we also apply a patch [2] to it so the
line numbers are offset.)
Inspecting `langenv` shows that it is not null-terminated:
(gdb) p langenv
$4 = 0x35522fd0 "LANGUAGE=zh_TW:en_US:zh_TW:en_US:zh_TW:en_"<error: Cannot
access memory at address 0x35523000>
(gdb) p langenv[41]
$6 = 95 '_'
However, `langenv` was set using `qsnprintf`, which *should* ensure that the
output buffer string is null-terminated, so I don't know what's going on...
[1]:
https://invent.kde.org/frameworks/ki18n/-/blob/v5.64.0/src/kcatalog.cpp#L111
[2]:
https://invent.kde.org/graphics/krita/-/blob/b6a8e9dfb9d21696bef2ba9523646d954983cf7d/3rdparty/ext_frameworks/0001-ki18n-fix-loading-catalogs-with-patched-gettext.patch
--
You are receiving this mail because:
You are watching all bug changes.
