Uploaded image for project: 'Xerces-C++'
  1. Xerces-C++
  2. XERCESC-2085

Crash in PSVIWriter due to strrchr returning NULL

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4
    • Fix Version/s: 3.2.0
    • Component/s: Samples/Tests
    • Labels:
      None
    • Environment:
      Debian GNU/Linux amd64

      Description

      This was reported in Debian quite some time ago (I was not maintainer then). I have fixed it in Debian and am forwarding my patch.

      The original Debian bug report can be found at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715592

      PSVIWriter uses strrchr but does not properly handle a NULL return value, causing strcat to attempt to dereference a NULL pointer.

      My patch adds a check that the result of strrchr (for the '/' case) is not null before executing the strcat. The case for '
      ' is not affected because of the "greater than" check just prior.

        Attachments

        1. psviwriter_segfault.diff
          0.7 kB
          Bill Blough

          Activity

            People

            • Assignee:
              scantor Scott Cantor
              Reporter:
              billblough Bill Blough
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: