[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[XForms] malloc pointers (ab)use?
|
From: |
ЭлектроРысь |
|
Subject: |
[XForms] malloc pointers (ab)use? |
|
Date: |
Mon, 6 Mar 2017 00:05:09 +0700 |
|
User-agent: |
Lynx/2.7 |
Hello,
I write small private security software which relies on a XForms malloc
pointers feature which I'd used to redefine malloc/free/realloc/calloc
to safely erase all sensitive data away from memory.
However I discovered that my program crashes sometimes. This is due to
fact that XForms tries to free the data not allocated by me. I use
structure header with a pointer and integer, and sometimes they are zero
or contain nonsense.
I found that somewhere through the code, XForms still use plain strdup()
call instead of proper fl_strdup() which redirects to fl_malloc()
properly. This patch fixes this problem.
It's right and supported by XForms that an application can redefine
malloc pointers to it's own?
P.S. There is also a problem with vasprintf which is called separately
and ignores application redefined malloc pointers, but I can ignore that
safely. I did hit it with fl_wintitle_f() function, so I switched to
fl_wintitle() instead.
--- xforms-1.3.16.o/image/image_postscript.c
+++ xforms-1.3.16/image/image_postscript.c
@@ -230,7 +230,7 @@
fli_snprintf( prefix, sizeof prefix,
"gs_%s_%d", file_tail( im->infile ), ( int )
fli_getpid( ) );
- sp->prefix = strdup( prefix );
+ sp->prefix = fl_strdup( prefix );
if ( sp->verbose )
M_err( "LoadPS", "prefix=%s", sp->prefix );
--- xforms-1.3.16.o/lib/font_utils.cx
+++ xforms-1.3.16/lib/font_utils.cx
@@ -408,7 +408,7 @@
if ( FcResultMatch == FcPatternGetString( f->pattern, FC_FAMILY, 0,
&fam ) )
*family = fl_strdup( ( char * ) fam );
else
- *family = strdup( *family );
+ *family = fl_strdup( *family );
if ( FcResultMatch != FcPatternGetInteger( f->pattern, FC_SLANT, 0,
slant ) )
*slant = FL_SLANT_ROMAN;
--- xforms-1.3.16.o/lib/menu.c
+++ xforms-1.3.16/lib/menu.c
@@ -633,7 +633,7 @@
fl_free( sp->items[ numb ] );
sp->cb[ numb ] = NULL;
- s = strdup( str );
+ s = fl_strdup( str );
if ( ( p = strstr( s, "%f" ) ) )
{
--- xforms-1.3.16.o/lib/tbox.c
+++ xforms-1.3.16/lib/tbox.c
@@ -271,7 +271,7 @@
/* Make a copy of the text of the line */
- p = text = strdup( new_text );
+ p = text = fl_strdup( new_text );
/* Get memory for one more line */
--- xforms-1.3.16.o/lib/xyplot.c
+++ xforms-1.3.16/lib/xyplot.c
@@ -2161,9 +2161,9 @@
allocate_spec( sp, FLI_MAX_XYPLOTOVERLAY );
- sp->title = strdup( "" );
- sp->xlabel = strdup( "" );
- sp->ylabel = strdup( "" );
+ sp->title = fl_strdup( "" );
+ sp->xlabel = fl_strdup( "" );
+ sp->ylabel = fl_strdup( "" );
sp->xscale = sp->yscale = FL_LINEAR;
sp->xbase = sp->ybase = 10.0;
sp->lxbase = sp->lybase = 1.0;
--
494 lives.
xforms-1.3.16_fl_strdup.patch
Description: Text document
- [XForms] malloc pointers (ab)use?,
ЭлектроРысь <=