mirror of
https://github.com/gryf/wmaker.git
synced 2025-12-21 13:28:05 +01:00
1f3adb0ea5
I've found a buffer overflow problem in RSmoothScaleImage. There are some scaling calculations involving floats which are finally converted to integers. Since such conversion does not round the number, just truncates the decimal part, sometimes the number is smaller than it should be. As a result, smaller buffer is allocated for picture scaling and thus buffer overflow occurs. Strange thing is that this bug has not appeared earlier so it probably has something to do with newer gcc or glibc (I switch from "prehistoric" Fedora Core 5 to Fedora 12). <What about the symptoms?> There were several ones, probably depending on application version and compilation flags. First, it just stopped responding. Looking at the process with strace I saw it locked in some FUTEX wait (unfortunately I don't have the logs). Second, it just crashed. And last I got complaint from glibc about double free or corrupted heap before malloc. I've found the bug through wmweather+ dockapp, versions 2.9 and 2.11 (http://sourceforge.net/projects/wmweatherplus/), I've never encountered it in WindowMaker itself.
11 KiB
11 KiB