Created attachment 108763 [details] [review] patch to fix. fprintd-verify: segfault when used without -f arg. Attempt to free() static string "any". Patch provided.
Comment on attachment 108763 [details] [review] patch to fix. commit 0860ce0ed3c3a958d4733df914bc2c58bda72b08 Author: Volkau Siarhei <lis82@mail.by> Date: Sun Nov 2 06:47:12 2014 +0300 fprintd-verify: segfault when used without -f arg. Attempt to free() static string "any". diff --git a/tests/verify.c b/tests/verify.c index af953b0..4eba5f5 100644 --- a/tests/verify.c +++ b/tests/verify.c @@ -27,7 +27,7 @@ static DBusGProxy *manager = NULL; static DBusGConnection *connection = NULL; -static char *finger_name = "any"; +static char *finger_name = NULL; static gboolean g_fatal_warnings = FALSE; static char **usernames = NULL; @@ -99,7 +99,7 @@ static void find_finger(DBusGProxy *dev, const char *username) g_print(" - #%d: %s\n", i, fingers[i]); } - if (strcmp (finger_name, "any") == 0) { + if ( finger_name == NULL || strcmp (finger_name, "any") == 0) { g_free (finger_name); finger_name = g_strdup (fingers[0]); }
Right fix, but wrong root-cause. Thanks for the notice though. commit f7c51b0d585eb63702f0d005081e53f44325df86 Author: Volkau Siarhei <lis82@mail.by> Date: Sat Nov 1 15:28:00 2014 +0000 tests: Fix segfault in verify when used without -f We tried to use strcmp on a NULL string. https://bugs.freedesktop.org/show_bug.cgi?id=85736
My root-cause was right. Anyway, thanks to apply patch.
(In reply to lis82 from comment #3) > My root-cause was right. Anyway, thanks to apply patch. I don't see how, given that finger_name can only be set to "any" if it's passed as an option, and the option isn't a static string.
(In reply to Bastien Nocera from comment #4) > (In reply to lis82 from comment #3) > > My root-cause was right. Anyway, thanks to apply patch. > > I don't see how, given that finger_name can only be set to "any" if it's > passed as an option, and the option isn't a static string. I try to explain: 1: The `finger_name` set to "any" (constant ptr). 2: Option parser without option '-f' left `finger_name` unchanged. 3: Expression `strcmp (finger_name, "any") == 0` is true. 4. Call `g_free (finger_name)` cause a segfault, because `finger_name` contains constant ptr from first step above.
(In reply to lis82 from comment #5) > (In reply to Bastien Nocera from comment #4) > > (In reply to lis82 from comment #3) > > > My root-cause was right. Anyway, thanks to apply patch. > > > > I don't see how, given that finger_name can only be set to "any" if it's > > passed as an option, and the option isn't a static string. > > I try to explain: > > 1: The `finger_name` set to "any" (constant ptr). It's never set to "any" unless you pass "any" to "-f".
Look on code before patch( line: 30 ): <code>static char *finger_name = "any";</code>
(In reply to lis82 from comment #7) > Look on code before patch( line: 30 ): > > <code>static char *finger_name = "any";</code> Oh, duh. Thanks.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.