[Bug 1926835] Re: update-notifier crashes (bug spotted in source code)
Xu Zhongxing
1926835 at bugs.launchpad.net
Sat May 1 11:50:39 UTC 2021
if(cargv[0][0] == '/' &&
g_file_test(cargv[0], G_FILE_TEST_EXISTS|G_FILE_TEST_IS_EXECUTABLE)) {
result = TRUE;
g_debug_hooks("command exists");
goto out; // THIS IS EXECUTED
}
g_debug_hooks("'%s' is not a valid absolute path", cargv[0]);
gchar **pathdirs = g_strsplit(getenv("PATH"), ":", 100);
if(!pathdirs) goto out;
for(int i = 0; pathdirs[i] != NULL; i++) {
gchar *pathdir = pathdirs[i];
char *fname = g_strdup_printf("%s/%s", pathdir, cargv[0]);
if(g_file_test(fname, G_FILE_TEST_EXISTS|G_FILE_TEST_IS_EXECUTABLE)) {
g_debug_hooks("command exists at '%s'", fname);
g_free(fname);
result = TRUE;
goto out;
}
g_free(fname);
}
g_debug_hooks("failed to find command in PATH");
out:
if(error) g_error_free(error);
if(cargv) g_strfreev(cargv);
if(pathdirs) g_strfreev(pathdirs); // THIS IS THE CRASH SITE BECAUSE pathdirs IS IN UNINITIALIZED STATE.
if(unquoted) g_free(unquoted);
return result;
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-notifier in Ubuntu.
https://bugs.launchpad.net/bugs/1926835
Title:
update-notifier crashes (bug spotted in source code)
Status in update-notifier package in Ubuntu:
New
Bug description:
In the source code update-notifier_3.192.40.tar.xz, when there is file
/var/lib/update-notifier/user.d/incomplete-language-support-
gnome.note.
In hooks.c, at line 108, when the file test is true, the program will
execute "goto out" at line 112.
Then at line 137, pathdirs is in uninitialized state and triggers a
segmentation fault in g_strfreev().
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1926835/+subscriptions
More information about the foundations-bugs
mailing list