Package: jclassinfo
Version: 0.19.1-5
Severity: important
Tags: upstream patch
Parsing some classes results with a crash:
(...)
81)CONSTANT_Utf8[1]("too many bytes in \"")
*** glibc detected *** /tmp/jclassinfo-0.19.1/jclassinfo/.libs/lt-jclassinfo:
free(): invalid next size (fast): 0x08cf5c08 ***
======= Backtrace: =========
/lib/i686/cmov/libc.so.6(+0x6b281)[0xb75bb281]
/lib/i686/cmov/libc.so.6(+0x6cad8)[0xb75bcad8]
/lib/i686/cmov/libc.so.6(cfree+0x6d)[0xb75bfbbd]
/tmp/jclassinfo-0.19.1/jclassinfo/.libs/lt-jclassinfo[0x804bf07]
/tmp/jclassinfo-0.19.1/jclassinfo/.libs/lt-jclassinfo[0x804bc41]
/tmp/jclassinfo-0.19.1/jclassinfo/.libs/lt-jclassinfo[0x804c34c]
/tmp/jclassinfo-0.19.1/jclassinfo/.libs/lt-jclassinfo[0x804d8bc]
/lib/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb7566c76]
/tmp/jclassinfo-0.19.1/jclassinfo/.libs/lt-jclassinfo[0x8049a01]
======= Memory map: ========
08048000-08050000 r-xp 00000000 08:05 2313111
/tmp/jclassinfo-0.19.1/jclassinfo/.libs/lt-jclassinfo
08050000-08051000 rw-p 00008000 08:05 2313111
/tmp/jclassinfo-0.19.1/jclassinfo/.libs/lt-jclassinfo
08cf4000-08d15000 rw-p 00000000 00:00 0 [heap]
b7400000-b7421000 rw-p 00000000 00:00 0
b7421000-b7500000 ---p 00000000 00:00 0
b7517000-b7534000 r-xp 00000000 08:05 1157360 /lib/libgcc_s.so.1
b7534000-b7535000 rw-p 0001c000 08:05 1157360 /lib/libgcc_s.so.1
b754f000-b7550000 rw-p 00000000 00:00 0
b7550000-b7690000 r-xp 00000000 08:05 1610228 /lib/i686/cmov/libc-2.11.2.so
b7690000-b7692000 r--p 0013f000 08:05 1610228 /lib/i686/cmov/libc-2.11.2.so
b7692000-b7693000 rw-p 00141000 08:05 1610228 /lib/i686/cmov/libc-2.11.2.so
b7693000-b7696000 rw-p 00000000 00:00 0
b7696000-b76ba000 r-xp 00000000 08:05 1610150 /lib/i686/cmov/libm-2.11.2.so
b76ba000-b76bb000 r--p 00023000 08:05 1610150 /lib/i686/cmov/libm-2.11.2.so
b76bb000-b76bc000 rw-p 00024000 08:05 1610150 /lib/i686/cmov/libPrzerwane
I just increased the size of the char* new_string in jclass/jstring.c by 20
bytes when mallocing; not correct, but works for me.
Additionally fixed some minor memory problems.
To debug, use "valgrind" after "exec" in jclassinfo/jclassinfo:
exec valgrind $progdir/$program ${1+"$@"}
-- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (650, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Versions of packages jclassinfo depends on:
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
jclassinfo recommends no packages.
jclassinfo suggests no packages.
diff -r -u jclass_orig//class_loader.c jclass/class_loader.c
--- jclass_orig//class_loader.c 2011-02-14 10:40:01.000000000 +0100
+++ jclass/class_loader.c 2011-02-14 10:47:00.000000000 +0100
@@ -222,6 +222,7 @@
}
}
+ free(class_filename);
return absolute_class_filename;
}
diff -r -u jclass_orig//jstring.c jclass/jstring.c
--- jclass_orig//jstring.c 2011-02-14 10:40:01.000000000 +0100
+++ jclass/jstring.c 2011-02-14 11:45:12.000000000 +0100
@@ -118,7 +118,7 @@
str_ptr++;
}
- new_string = (char*) malloc(string_length + 1);
+ new_string = (char*) malloc(string_length + 1 /* ugly fix: */ + 20);
str_ptr = raw_string;
to_ptr = new_string;
@@ -199,8 +199,9 @@
number = strdup("0");
else
{
- number = (char*) malloc(40);
- number[40] = '\0';
+ int max_size = 41;
+ number = (char*) malloc(max_size);
+ number[max_size - 1] = '\0';
/* set sign */
if (float_bytes & 0x80000000)
@@ -247,8 +248,9 @@
number = strdup("0");
else
{
- number = (char*) malloc(80);
- number[40] = '\0';
+ int max_size = 81;
+ number = (char*) malloc(max_size);
+ number[max_size - 1] = '\0';
/* set sign */
if ((double_bytes >> 63))
