Bug#597127: xboard: Bad path results in segmentation fault

Thu, 16 Sep 2010 13:30:19 -0700 

Package: xboard
Version: 4.2.7-7.1
Severity: normal
Tags: patch

Yesterday I was editing a game which I was reading about in a book.
After I finished placing all the moves in the game I tried the "save
game" option. I wanted to save it to ~/chess/game1.pgn, but I mistakenly
typed ~ /chess/game1.pgn (note the space). Xboard didn't take it very
well, it segfaulted on me :-(. Very annoying.

Today I decided to take a look at xboard's code. I don't know what this
logic is all about, but I think it might make paths with spaces buggy:
        p = strrchr(buf, ' ');
        if (p == NULL) {
            index = 0;
        } else {
            *p++ = NULLCHAR;
            index = atoi(p);
        }
However, I didn't touch it. Who knows what mystery it might hide, right?

The patch I written changes another function, ExpandPathName, this one I
think I got completely figured out. What I did was to make it expand ~
if the next character is white space. This way we avoid the segmentation
fault altogether. It gives the user a nice error. I assume there are not
many nice ways to interpret a path like:

        ~ /chess/game1.pgn

Perhaps ~/ /chess/game1.pgn? I'm not sure anyone has their system layout
like that. So I think an error -- which my patch accomplishes -- is good
enough.

I wrote the patch for xboard 4.2.7, hence the version, but it does work
in all the versions I've tested (4.4.3 and 4.5~git20100118-1). By the
way, the bug applies to all those versions. Finally, I'm not very good
with reportbug program, so I might take a few tries before I send the
patch (hopefully not).


-- System Information:
Debian Release: 5.0.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-x86_64-linode11 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

diff -ru xboard-4.2.7.old/xboard.c xboard-4.2.7.new/xboard.c
--- xboard-4.2.7.old/xboard.c	2003-11-19 06:42:18.000000000 -0200
+++ xboard-4.2.7.new/xboard.c	2010-09-16 17:07:39.000000000 -0300
@@ -7136,7 +7136,7 @@
     }
 
     if (*s == '~') {
-	if (*(s+1) == '/') {
+	if (*(s+1) == '/' || isspace(*(s+1)) || *(s+1) == '\0') {
 	    strcpy(d, getpwuid(getuid())->pw_dir);
 	    strcat(d, s+1);
 	}

Reply via email to