xforms-development
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XForms] malloc pointers (ab)use?

From: ЭлектроРысь
Subject: Re: [XForms] malloc pointers (ab)use?
Date: Fri, 17 Mar 2017 19:05:34 +0700
User-agent: Lynx/2.7 
Any thoughts about this?

On 06.03.2017 00:05, ЭлектроРысь wrote:

Hello,

I write small private security software which relies on a XForms malloc
pointers feature which I'd used to redefine malloc/free/realloc/calloc
to safely erase all sensitive data away from memory.

However I discovered that my program crashes sometimes. This is due to
fact that XForms tries to free the data not allocated by me. I use
structure header with a pointer and integer, and sometimes they are zero
or contain nonsense.

I found that somewhere through the code, XForms still use plain strdup()
call instead of proper fl_strdup() which redirects to fl_malloc()
properly. This patch fixes this problem.

It's right and supported by XForms that an application can redefine
malloc pointers to it's own?

P.S. There is also a problem with vasprintf which is called separately
and ignores application redefined malloc pointers, but I can ignore that
safely. I did hit it with fl_wintitle_f() function, so I switched to
fl_wintitle() instead.

--- xforms-1.3.16.o/image/image_postscript.c
+++ xforms-1.3.16/image/image_postscript.c
@@ -230,7 +230,7 @@
     fli_snprintf( prefix, sizeof prefix,
                   "gs_%s_%d", file_tail( im->infile ), ( int )
fli_getpid( ) );

-    sp->prefix = strdup( prefix );
+    sp->prefix = fl_strdup( prefix );

     if ( sp->verbose )
         M_err( "LoadPS", "prefix=%s", sp->prefix );
--- xforms-1.3.16.o/lib/font_utils.cx
+++ xforms-1.3.16/lib/font_utils.cx
@@ -408,7 +408,7 @@
     if ( FcResultMatch == FcPatternGetString( f->pattern, FC_FAMILY, 0,
&fam ) )
         *family = fl_strdup( ( char * ) fam );
     else
-        *family = strdup( *family );
+        *family = fl_strdup( *family );

     if ( FcResultMatch != FcPatternGetInteger( f->pattern, FC_SLANT, 0,
slant ) )
         *slant = FL_SLANT_ROMAN;
--- xforms-1.3.16.o/lib/menu.c
+++ xforms-1.3.16/lib/menu.c
@@ -633,7 +633,7 @@
         fl_free( sp->items[ numb ] );
     sp->cb[ numb ] = NULL;

-    s = strdup( str );
+    s = fl_strdup( str );

     if ( ( p = strstr( s, "%f" ) ) )
     {
--- xforms-1.3.16.o/lib/tbox.c
+++ xforms-1.3.16/lib/tbox.c
@@ -271,7 +271,7 @@

     /* Make a copy of the text of the line */

-    p = text = strdup( new_text );
+    p = text = fl_strdup( new_text );

     /* Get memory for one more line */

--- xforms-1.3.16.o/lib/xyplot.c
+++ xforms-1.3.16/lib/xyplot.c
@@ -2161,9 +2161,9 @@

     allocate_spec( sp, FLI_MAX_XYPLOTOVERLAY );

-    sp->title          = strdup( "" );
-    sp->xlabel         = strdup( "" );
-    sp->ylabel         = strdup( "" );
+    sp->title          = fl_strdup( "" );
+    sp->xlabel         = fl_strdup( "" );
+    sp->ylabel         = fl_strdup( "" );
     sp->xscale         = sp->yscale = FL_LINEAR;
     sp->xbase          = sp->ybase = 10.0;
     sp->lxbase         = sp->lybase = 1.0;



--
494 lives.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]