[Freeciv-Dev] [bug #21293] Tab completion on empty line references invalid memory

Sat, 23 Nov 2013 04:05:54 -0800 

URL:
  <http://gna.org/bugs/?21293>

                 Summary: Tab completion on empty line references invalid
memory
                 Project: Freeciv
            Submitted by: jtn
            Submitted on: Sat Nov 23 12:04:33 2013
                Category: client-gtk-2.0
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: In Progress
             Assigned to: jtn
        Originator Email: 
             Open/Closed: Open
                 Release: 2.4.0
         Discussion Lock: Any
        Operating System: Any
         Planned Release: 2.4.1,2.5.0,2.6.0

    _______________________________________________________

Details:

Spotted by Valgrind and chance: in the Gtk clients, pressing Tab while the
chatline is empty dereferences off the start of an array while searching for
something to complete.


==14362== Invalid read of size 1
==14362==    at 0x489873: chatline_autocomplete (chatline.c:288)
==14362==    by 0x489BEB: inputline_handler (chatline.c:383)
==14362==    by 0x65D0DD7: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.10)
==14362==    by 0x71FECA1: g_closure_invoke (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3200.4)
==14362==    by 0x720FD70: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3200.4)
==14362==    by 0x7217D4D: g_signal_emit_valist (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3200.4)
==14362==    by 0x7218211: g_signal_emit (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3200.4)
==14362==    by 0x66EB190: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.10)
==14362==    by 0x41533D: toplevel_handler (gui_main.c:376)
==14362==    by 0x65D0DD7: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.10)
==14362==    by 0x71FECA1: g_closure_invoke (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3200.4)
==14362==    by 0x720FD70: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3200.4)
==14362==  Address 0x23af372f is 1 bytes before a block of size 1 alloc'd
==14362==    at 0x4C2B6CD: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14362==    by 0x5BAEA38: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==14362==    by 0x5BC3358: g_strndup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==14362==    by 0x48982E: chatline_autocomplete (chatline.c:282)
==14362==    by 0x489BEB: inputline_handler (chatline.c:383)
==14362==    by 0x65D0DD7: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.10)
==14362==    by 0x71FECA1: g_closure_invoke (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3200.4)
==14362==    by 0x720FD70: ??? (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3200.4)
==14362==    by 0x7217D4D: g_signal_emit_valist (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3200.4)
==14362==    by 0x7218211: g_signal_emit (in
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3200.4)
==14362==    by 0x66EB190: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.10)
==14362==    by 0x41533D: toplevel_handler (gui_main.c:376)





    _______________________________________________________

Reply to this item at:

  <http://gna.org/bugs/?21293>

_______________________________________________
  Message sent via/by Gna!
  http://gna.org/


_______________________________________________
Freeciv-dev mailing list
[email protected]
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to