Details
[Home]
Issue of the Implementation # D0022
Brief
Invocation of the interface "g_utf8_strreverse" crashes for certain input values
Detailed Description
Invocation of the interface g_utf8_strreverse with 0<len<sizeof(str)-1 results in corruption of memory, due to incorrect while() loop condition.
Problem location(s) in the standard
Linux Standard Base Desktop Specification 3.1, Chapter 12. Libraries, 12.2 Interfaces for libglib-2.0; http://www.gtk.org/api/2.6/glib/glib-Unicode-Manipulation.html#g-utf8-strreverse
Example
#include <glib.h>
int main()
{
gchar str[] = "Internet";
gchar* retValue = g_utf8_strreverse(str,5);
g_free(retValue);
return 0;
}
Possible solutions
The following modification is proposed in the file "gutf8.c":
--- glib-2.14.0/glib/utf8.c
+++ glib-2.14.0-fixed/glib/utf8.c
@@ -1795,7 +1795,7 @@
result = g_new (gchar, len + 1);
r = result + len;
p = str;
- while (*p)
+ while (r>result)
{
skip = g_utf8_skip[*(guchar*)p];
r -= skip;
Component
gtk-glib 2.6.2 or later
Accepted
Gnome Bugzilla 476840
Status
Fixed in gtk-glib - 2.14.1
[Home]
»