Using desktop-file-validate on the attached file will cause an out of bounds memory read. This can be seen by compiling with address sanitizer (CFLAGS="-fsanitize=address") or with valgrind. Here's the content of the file: [Desktop Entry] Exec=\ Seems the parsing of the backslash doesn't consider the case when the line or file ends. This is the relevant part of the output of address sanitizer: ==3905==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000ee92 at pc 0x0000004ea227 bp 0x7ffd88d0cc50 sp 0x7ffd88d0cc48 READ of size 1 at 0x60200000ee92 thread T0 #0 0x4ea226 in handle_exec_key /mnt/ram/desktop-file-utils-0.22/src/validate.c:1229:10 #1 0x4e4c06 in handle_desktop_exec_key /mnt/ram/desktop-file-utils-0.22/src/validate.c:1397:10 #2 0x4ed190 in validate_known_key /mnt/ram/desktop-file-utils-0.22/src/validate.c:2248:12 #3 0x4ec80c in validate_action_key /mnt/ram/desktop-file-utils-0.22/src/validate.c:2284:10 #4 0x4ec80c in validate_keys_for_current_group /mnt/ram/desktop-file-utils-0.22/src/validate.c:2376 #5 0x4e19cb in validate_flush_parse_buffer /mnt/ram/desktop-file-utils-0.22/src/validate.c:2945:5 #6 0x4e19cb in validate_parse_from_fd /mnt/ram/desktop-file-utils-0.22/src/validate.c:2993 #7 0x4e19cb in validate_load_and_parse /mnt/ram/desktop-file-utils-0.22/src/validate.c:3011 #8 0x4e19cb in desktop_file_validate /mnt/ram/desktop-file-utils-0.22/src/validate.c:3078 #9 0x4ee9da in main /mnt/ram/desktop-file-utils-0.22/src/validator.c:81:17 #10 0x7ff2f5906f9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f) #11 0x4379d6 in _start (/mnt/ram/desktop-file-utils-0.22/src/desktop-file-validate+0x4379d6) I'll attach the full output. This issue was found with the fuzzing tool american fuzzy lop.
Created attachment 116174 [details] .desktop file triggering out of bounds read
Created attachment 116175 [details] full address sanitizer debugging output
Sorry for the noise, reassigning to new maintainer.
*** Bug 90783 has been marked as a duplicate of this bug. ***
Thank you, Hanno -- I didn't realize you'd already filed this, so I followed up in bug 94303 instead, of which I will now mark this as a duplicate. *** This bug has been marked as a duplicate of bug 94303 ***
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.