[Bug 212176] x11/xfce4-taskmanager segfault

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212176

Guido Falsi <madpilot at FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|maintainer-feedback?(xfce at F |maintainer-feedback+
                   |reeBSD.org)                 |
                 CC|                            |madpilot at FreeBSD.org

--- Comment #9 from Guido Falsi <madpilot at FreeBSD.org> ---
(In reply to Ivan from comment #6)
> Created attachment 174716 [details]
> patch
> 
> Problem is here
> g_strlcpy (text, p, g_utf8_strlen (text, -1));
> 
> To utf-8 unaware function number of chars are passed instead of bytes, so
> it's possible for 2 bytes chars it will split in half leading to incorrect
> unicode sequence.
> 
> Attached patch resolves the issue, however crash still can occur if p >=
> text, however as p is substring of text, the situation is expected to never
> happen in normal conditions.
> 
> I found no safe analog in gtk functions for strlcpy, only strncpy which is
> not considered safe. The alternative is switch to icu, however this is
> another story.

Hi,

The fix looks simple enough, but I'm not sure that using non utf aware
functions is better that using g_utf8_strncpy(), which would warrant utf8
conforming results.

also, looking at the g_utf8_strncpy() sources here:

https://github.com/GNOME/glib/blob/9c8c6094fdb3b7bff35c0f36a68e1da3fd2e8ff7/glib/gutf8.c#L413

it would be quite easy to cook up a g_utf8_strlcpy() (or any other name) using
the safer system provided strlcpy() call.

I'd like your opinion before proceeding though.

Any patch we prepare should be created accounting for upstreaming it if
possible.

-- 
You are receiving this mail because:
You are the assignee for the bug.