[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#54252] [PATCH] gnu: lemonbar: Update to 1.4.
From: |
Maxime Devos |
Subject: |
[bug#54252] [PATCH] gnu: lemonbar: Update to 1.4. |
Date: |
Sat, 05 Mar 2022 16:32:11 +0100 |
User-agent: |
Evolution 3.38.3-1 |
[Please keep 54252@debbugs.gnu.org in CC or To, such that other people
can respond as well, such that discussion is not lost even if the
original reviewers disappear, for transparancy reasons, etc.]
Jai Vetrivelan schreef op za 05-03-2022 om 18:32 [+0530]:
> Hello Maxime,
>
> On 2022-03-05, 10:59 +0100, Maxime Devos <maximedevos@telenet.be> wrote:
>
> > At least in the 'master' branch (and presumably also in v1.4), there
> > are a few bugs. At line 789, the return value of 'malloc' is not
> > checked, potentially causing a null-pointer dereference (and hence, a
> > segfault) at line 790 (in lemonbar.c).
>
> Do you mean something like this?
>
> ┌────
> │ diff --git a/lemonbar.c b/lemonbar.c
> │ index 4da59ee..93fcb20 100644
> │ --- a/lemonbar.c
> │ +++ b/lemonbar.c
> │ @@ -785,8 +785,8 @@ font_load (const char *pattern)
> │
> │ // Copy over the width lut as it's part of font_info
> │ int lut_size = sizeof(xcb_charinfo_t) *
> xcb_query_font_char_infos_length(font_info);
> │ - if (lut_size) {
> │ - ret->width_lut = malloc(lut_size);
> │ + ret->width_lut = malloc(lut_size);
> │ + if (lut_size && ret->width_lut) {
> │ memcpy(ret->width_lut, xcb_query_font_char_infos(font_info),
> lut_size);
> │ }
> └────
That just ignores the allocation failure, even though possibly the code
will use ret->width_lut later, expecting it to be non-NULL (or maybe it
actually handles NULL, I don't know). Probably the allocation failure
needs to be reported (printf + exit, or return NULL, or something
else). The exact mechanism used in C for handling allocation failures
depends on the application.
> > Could this be fixed?
>
> I am not familiar with the C programming language, so I might not be
> able to fix this.
Ideally, things would be fixed upstream (it's on GitHub so you could
try submitting a pull request). For Guix though, I believe simply
reporting the potential issue upstream (at
<https://github.com/LemonBoy/bar/issues>) would be sufficient.
Greetings,
Maxime.
signature.asc
Description: This is a digitally signed message part
- [bug#54252] [PATCH] gnu: lemonbar: Update to 1.4., Jai Vetrivelan, 2022/03/05
- [bug#54252] [PATCH] gnu: lemonbar: Update to 1.4., Maxime Devos, 2022/03/05
- bug#54252: [PATCH] gnu: lemonbar: Update to 1.4., Nicolas Goaziou, 2022/03/10
- [bug#54252] [PATCH] gnu: lemonbar: Update to 1.4., Maxime Devos, 2022/03/11
- [bug#54252] [PATCH] gnu: lemonbar: Update to 1.4., Nicolas Goaziou, 2022/03/11
- [bug#54252] [PATCH] gnu: lemonbar: Update to 1.4., Maxim Cournoyer, 2022/03/11
- [bug#54252] [PATCH] gnu: lemonbar: Update to 1.4., Nicolas Goaziou, 2022/03/11
- [bug#54252] [PATCH] gnu: lemonbar: Update to 1.4., Maxime Devos, 2022/03/11
- [bug#54252] [PATCH] gnu: lemonbar: Update to 1.4., Nicolas Goaziou, 2022/03/11
- [bug#54252] [PATCH] gnu: lemonbar: Update to 1.4., Maxime Devos, 2022/03/11