Bug#612762: stopmotion: Crash when read single jpg files.

Thu, 10 Feb 2011 05:27:23 -0800 

Package: stopmotion
Version: 0.6.2-1.1
Justification: renders package unusable
Severity: grave
Tags: patch

*** Please type your report below this line ***

Hi,

I found that stopmotion crash when I tries to import a 640x480 jpg file
from my disk.
After tracing the code, I found that
in src/application/modelhandler.cpp:100
        char *f = new char[fileName.length()];
        strcpy(f, fileName.toLatin1().data());
So it causes an invalid write in 1 byte.
I think we should increase the size of f by 1 byte:
        char *f = new char[fileName.length()+1];

I'm attaching a patch to fix this bug.
Please consider to include it.

Many Thanks,
Paul

-- System Information:
Debian Release: 6.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages stopmotion depends on:
ii  libc6                       2.11.2-10    Embedded GNU C Library:
Shared lib
ii  libgcc1                     1:4.4.5-10   GCC support library
ii  libqtcore4                  4:4.6.3-4    Qt 4 core module
ii  libqtgui4                   4:4.6.3-4    Qt 4 GUI module
ii  libsdl-image1.2             1.2.10-2+b2  image loading library for
Simple D
ii  libsdl1.2debian             1.2.14-6.1   Simple DirectMedia Layer
ii  libstdc++6                  4.4.5-10     The GNU Standard C++ Library v3
ii  libtar                      1.2.11-6     C library for manipulating
tar arc
ii  libvorbisfile3              1.3.1-1      The Vorbis General Audio
Compressi
ii  libx11-6                    2:1.3.3-4    X11 client-side library
ii  libxml2                     2.7.8.dfsg-2 GNOME XML library

Versions of packages stopmotion recommends:
ii  dvgrab                        3.5-1+b1   grab digital video data via
IEEE13
ii  ffmpeg                        4:0.5.2-6  multimedia player, server
and enco
ii  vgrabbj                       0.9.6-3.2  grabs a image from a camera
and pu

Versions of packages stopmotion suggests:
ii  gimp                          2.6.11-1   The GNU Image Manipulation
Program

-- no debconf information

-- 
                                PaulLiu (劉穎駿)
E-mail: Ying-Chun Liu (PaulLiu) <[email protected]>

--- stopmotion-0.6.2.orig/src/application/modelhandler.cpp
+++ stopmotion-0.6.2/src/application/modelhandler.cpp
@@ -97,7 +97,7 @@
                QStringList::Iterator it = names.begin();
                while (it != names.end() ) {
                        QString fileName = *it;
-                       char *f = new char[fileName.length()];
+                       char *f = new char[fileName.length()+1];
                        strcpy(f, fileName.toLatin1().data());
                        fNames.push_back(f);
                        ++it;

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to