[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-pim
Subject:    [Kde-pim] Re: Review Request: memory overflow at
From:       "Torgny Nyblom" <kde () nyblom ! org>
Date:       2011-02-21 18:35:09
Message-ID: 20110221183509.28970.37190 () vidsolbach ! de
[Download RAW message or body]


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/100708/
-----------------------------------------------------------

(Updated Feb. 21, 2011, 6:35 p.m.)


Review request for KDEPIM.


Changes
-------

HEAD always points to the HEAD of the current branch so it could be any branch, so i \
changed it to master.


Summary
-------

In some circonstances, such as with the analyse of the attached pdf-file,
( Bug 264355 - nepomuk crashes by indexing a pdf-file )
bei the use of:
  /usr/local/bin/nepomukservicestub nepomukstrigiservice

the read buffer doesn't contain any "zero"-byte. It might happens that the
memory after the buffer hasn't also any "zero"-byte.
By looking for the string "<contactGroup" within the function:
  CtgEndAnalyzer::checkHeader( const char* header, qint32 headersize )
    ...
    return headersize >= 54 && strstr( header, "<contactGroup" );

we get a memory-overflow.

With gdb we can examine the buffer (which makes the trouble) "header"
  (gdb) p header
  $1 = 0x7fffd70a8010 "<?xpacket <some more data> ...
       ... <Address 0x7fffd70a9000 out of bounds>

because the strstr-function works with zero-ending strings.

To prevent the overflow, we have to prepare a zero-ending copy of "header".
Such a method is well used by:
  libstreamanalyzer/plugins/endplugins/ffmpegendanalyzer.cpp
I take it as example to do the same.

======
Some more details from the gdb bt-command: (little shortened for clarity)
(gdb) bt
#0  in memchr () from /lib/libc.so.6
#1  in strstr () from /lib/libc.so.6
#2  in strstr at /usr/include/string.h:337
#3  in CtgEndAnalyzer::checkHeader at \
kdepim/strigi-analyzer/ctg/ctgendanalyzer.cpp:62 #4  in \
Strigi::StreamAnalyzerPrivate::analyze at \
libstreamanalyzer/lib/streamanalyzer.cpp:445 #5  in Strigi::StreamAnalyzer::analyze \
at libstreamanalyzer/lib/streamanalyzer.cpp:361 #6  in \
Strigi::AnalysisResult::indexChild at libstreamanalyzer/lib/analysisresult.cpp:250 #7 \
in PdfEndAnalyzer::handle at libstreamanalyzer/lib/endanalyzers/pdfendanalyzer.cpp:45 \
#8  in PdfParser::handleSubStream at libstreamanalyzer/lib/pdf/pdfparser.cpp:666 #9  \
in PdfParser::handleSubStream at libstreamanalyzer/lib/pdf/pdfparser.cpp:640 #10 in \
PdfParser::parseDictionaryOrStream at libstreamanalyzer/lib/pdf/pdfparser.cpp:377 #11 \
in PdfParser::parseObjectStreamObject at libstreamanalyzer/lib/pdf/pdfparser.cpp:431 \
#12 in PdfParser::parseObjectStreamObjectDef at \
libstreamanalyzer/lib/pdf/pdfparser.cpp:557 #13 in PdfParser::parse at \
libstreamanalyzer/lib/pdf/pdfparser.cpp:585 #14 in PdfEndAnalyzer::analyze at \
libstreamanalyzer/lib/endanalyzers/pdfendanalyzer.cpp:62 #15 in \
Strigi::StreamAnalyzerPrivate::analyze at \
libstreamanalyzer/lib/streamanalyzer.cpp:447 #16 in Strigi::StreamAnalyzer::analyze \
at libstreamanalyzer/lib/streamanalyzer.cpp:361 #17 in Strigi::AnalysisResult::index \
at libstreamanalyzer/lib/analysisresult.cpp:233 #18 in Nepomuk::Indexer::indexFile at \
kdebase/runtime/nepomuk/services/strigi/nepomukindexer.cpp:131 #19 in \
Nepomuk::IndexScheduler::analyzeDir at \
kdebase/runtime/nepomuk/services/strigi/indexscheduler.cpp:450 #20 in \
Nepomuk::IndexScheduler::run at \
kdebase/runtime/nepomuk/services/strigi/indexscheduler.cpp:338 #21 in ?? () from \
/usr/lib/libQtCore.so.4 #22 in start_thread () from /lib/libpthread.so.0
#23 in clone () from /lib/libc.so.6
#24 in ?? ()


This addresses bug 264355.
    http://bugs.kde.org/show_bug.cgi?id=264355


Diffs
-----


Diff: http://git.reviewboard.kde.org/r/100708/diff


Testing
-------

with the pdf-file from the bug 264355 at comment #2
http://bugs.kde.org/attachment.cgi?id=56951


Thanks,

Guy

_______________________________________________
KDE PIM mailing list kde-pim@kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic