Bug 85736 - fprintd-verify: segfault when used without -f arg.
Summary: fprintd-verify: segfault when used without -f arg.
Status: RESOLVED FIXED
Alias: None
Product: libfprint
Classification: Unclassified
Component: fprintd (show other bugs)
Version: unspecified
Hardware: x86-64 (AMD64) Linux (All)
: medium trivial
Assignee: libfprint-bugs
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-11-01 15:28 UTC by lis82
Modified: 2014-11-03 08:05 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Attachments
patch to fix. (960 bytes, patch)
2014-11-01 15:28 UTC, lis82
Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description lis82 2014-11-01 15:28:47 UTC
Created attachment 108763 [details] [review]
patch to fix.

fprintd-verify: segfault when used without -f arg. 

Attempt to free() static string "any".

Patch provided.
Comment 1 lis82 2014-11-02 03:51:16 UTC
Comment on attachment 108763 [details] [review]
patch to fix.

commit 0860ce0ed3c3a958d4733df914bc2c58bda72b08
Author: Volkau Siarhei <lis82@mail.by>
Date:   Sun Nov 2 06:47:12 2014 +0300

    fprintd-verify: segfault when used without -f arg. Attempt to free() static string "any".

diff --git a/tests/verify.c b/tests/verify.c
index af953b0..4eba5f5 100644
--- a/tests/verify.c
+++ b/tests/verify.c
@@ -27,7 +27,7 @@
 
 static DBusGProxy *manager = NULL;
 static DBusGConnection *connection = NULL;
-static char *finger_name = "any";
+static char *finger_name = NULL;
 static gboolean g_fatal_warnings = FALSE;
 static char **usernames = NULL;
 
@@ -99,7 +99,7 @@ static void find_finger(DBusGProxy *dev, const char *username)
 		g_print(" - #%d: %s\n", i, fingers[i]);
 	}
 
-	if (strcmp (finger_name, "any") == 0) {
+	if ( finger_name == NULL || strcmp (finger_name, "any") == 0) {
 		g_free (finger_name);
 		finger_name = g_strdup (fingers[0]);
 	}
Comment 2 Bastien Nocera 2014-11-02 15:35:53 UTC
Right fix, but wrong root-cause. Thanks for the notice though.

commit f7c51b0d585eb63702f0d005081e53f44325df86
Author: Volkau Siarhei <lis82@mail.by>
Date:   Sat Nov 1 15:28:00 2014 +0000

    tests: Fix segfault in verify when used without -f
    
    We tried to use strcmp on a NULL string.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=85736
Comment 3 lis82 2014-11-03 04:09:42 UTC
My root-cause was right. Anyway, thanks to apply patch.
Comment 4 Bastien Nocera 2014-11-03 07:12:44 UTC
(In reply to lis82 from comment #3)
> My root-cause was right. Anyway, thanks to apply patch.

I don't see how, given that finger_name can only be set to "any" if it's passed as an option, and the option isn't a static string.
Comment 5 lis82 2014-11-03 07:38:26 UTC
(In reply to Bastien Nocera from comment #4)
> (In reply to lis82 from comment #3)
> > My root-cause was right. Anyway, thanks to apply patch.
> 
> I don't see how, given that finger_name can only be set to "any" if it's
> passed as an option, and the option isn't a static string.

I try to explain:

1: The `finger_name` set to "any" (constant ptr).

2: Option parser without option '-f' left `finger_name` unchanged.

3: Expression `strcmp (finger_name, "any") == 0` is true. 

4. Call `g_free (finger_name)` cause a segfault, because `finger_name` contains constant ptr from first step above.
Comment 6 Bastien Nocera 2014-11-03 07:42:35 UTC
(In reply to lis82 from comment #5)
> (In reply to Bastien Nocera from comment #4)
> > (In reply to lis82 from comment #3)
> > > My root-cause was right. Anyway, thanks to apply patch.
> > 
> > I don't see how, given that finger_name can only be set to "any" if it's
> > passed as an option, and the option isn't a static string.
> 
> I try to explain:
> 
> 1: The `finger_name` set to "any" (constant ptr).

It's never set to "any" unless you pass "any" to "-f".
Comment 7 lis82 2014-11-03 07:56:54 UTC
Look on code before patch( line: 30 ):

<code>static char *finger_name = "any";</code>
Comment 8 Bastien Nocera 2014-11-03 08:05:23 UTC
(In reply to lis82 from comment #7)
> Look on code before patch( line: 30 ):
> 
> <code>static char *finger_name = "any";</code>

Oh, duh. Thanks.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.