[gnome-print] Access off beginning of array causes FPE on Alpha
- From: Christian Marillat <marillat free fr>
- To: gnome-print miling list <gnome-print ximian com>
- Subject: [gnome-print] Access off beginning of array causes FPE on Alpha
- Date: Tue, 26 Mar 2002 16:00:50 +0100 (MET)
Hi,
Two patchs follows from a Debian user.
Christian
From: Doug Larrick <doug@jekyl.ddts.net>
Subject: Bug#139618: libgnomeprint15: Access off beginning of array causes
FPE on Alpha
To: Debian Bug Tracking System <submit@bugs.debian.org>
Date: Sat, 23 Mar 2002 12:29:40 -0500
Reply-To: Doug Larrick <doug@jekyl.ddts.net>, 139618@bugs.debian.org
Resent-From: Doug Larrick <doug@jekyl.ddts.net>
X-Mailer: reportbug 1.48
Package: libgnomeprint15
Version: 0.35-3
Severity: normal
Tags: patch
The following brief patch fixes a problem where gfft2_move_to() is reading
an item at index -1 of an array. On other platforms, this behavior probably
goes unnoticed, but on Alpha it leads to a floating point exception crash
because the location often does not contain a valid floating point number.
This bug causes the print preview function to crash on Alpha.
--- gnome-font-face.c~ Fri Jan 11 22:52:59 2002
+++ gnome-font-face.c Sat Mar 23 12:00:24 2002
@@ -724,7 +724,7 @@
p.x = to->x * od->t[0] + to->y * od->t[2];
p.y = to->x * od->t[1] + to->y * od->t[3];
- if ((p.x != s->x3) || (p.y != s->y3)) {
+ if (od->end == 0 || (p.x != s->x3) || (p.y != s->y3)) {
od->bp[od->end].code = ART_MOVETO;
od->bp[od->end].x3 = to->x * od->t[0] + to->y * od->t[2];
od->bp[od->end].y3 = to->x * od->t[1] + to->y * od->t[3];
Similar to my prior patch, this misbehaviour is also accessing
uninitialized memory. This time fields are unused in a particular
instance of a struct (since p->code is ART_END, the coordinates in p->x3
and p->y3 have never been assigned). This bug caused a crash when
trying to actually print from Balsa (or presumably, other
gnome-print-using programs).
--- gp-path.c~ Thu Oct 4 16:04:11 2001
+++ gp-path.c Sat Mar 23 13:08:08 2002
@@ -460,7 +460,8 @@
}
}
- if ((!closed) && ((start->x3 != p->x3) || (start->y3 != p->y3))) {
+ if ((!closed) && (p->code == ART_END || +
(start->x3 != p->x3) || (start->y3 != p->y3))) {
d->code = ART_LINETO;
d->x3 = start->x3;
d->y3 = start->y3;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]