Ticket #3582 (closed defect: fixed)
[PATCH] fix infopanel buffer overflow
| Reported by: | and | Owned by: | andrew_b |
|---|---|---|---|
| Priority: | major | Milestone: | 4.8.16 |
| Component: | mc-core | Version: | master |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Branch state: | merged | Votes for changeset: | committed-master |
Description
when using infopanel (C-x i) on a file that got deleted right now
buffer overflow occurs.
==13429==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x607000031c48 at pc 0x0000005fd41b bp 0x7ffca3f466c0 sp 0x7ffca3f466b8
WRITE of size 4 at 0x607000031c48 thread T0
#0 0x5fd41a in dirsize_status_deinit_cb /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/file.c:2557:24
#1 0x7f333f2bda2f in status_msg_deinit /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/wtools.c:619:9
#2 0x602fe3 in panel_operate_init_totals /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/file.c:1352:9
#3 0x5fe784 in panel_operate /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/file.c:2840:13
#4 0x528328 in copy_cmd /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/cmd.c:797:9
#5 0x528328 in midnight_execute_cmd /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/midnight.c:1139
#6 0x7f333f291949 in buttonbar_callback /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/buttonbar.c:172:42
#7 0x7f333f296245 in send_message /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/../../lib/widget/widget-common.h:167:15
#8 0x7f333f296245 in dlg_try_hotkey /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:464
#9 0x7f333f296245 in dlg_key_event /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:509
#10 0x7f333f296245 in dlg_process_event /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:1236
#11 0x7f333f2979c7 in frontend_dlg_run /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:570:9
#12 0x7f333f296565 in dlg_run /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:1267:5
#13 0x4fc7b8 in create_panels_and_run_mc /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/midnight.c:954:5
#14 0x4fc7b8 in do_nc /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/midnight.c:1757
#15 0x4fc7b8 in main /tmp/portage/app-misc/mc-9999/work/mc-9999/src/main.c:401
#16 0x7f333d7fc953 in __libc_start_main (/lib64/libc.so.6+0x20953)
#17 0x4270e8 in _start (/tmp/portage/app-misc/mc-9999/work/mc-9999/src/.libs/mc+0x4270e8)
attached patch works for me (TM) but I don't know why WPanel is invalid in this case.
Maybe it is only a workaround for a hidden root cause.
Attachments
Change History
comment:1 in reply to: ↑ description Changed 9 years ago by andrew_b
Replying to and:
when using infopanel (C-x i) on a file that got deleted right now
#4 0x528328 in copy_cmd /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/cmd.c:797:9
How delete and copy are related?
comment:2 Changed 9 years ago by and
it was from a not so simple testcase,
here the right dump from delete action when infopanel enabled
==22509==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700001e928 at pc 0x0000005feeaf bp 0x7ffc82225f40 sp 0x7ffc82225f38
WRITE of size 4 at 0x60700001e928 thread T0
#0 0x5feeae in dirsize_status_deinit_cb /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/file.c:2557:24
#1 0x7f1bf22317ff in status_msg_deinit /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/wtools.c:619:9
#2 0x601e0d in panel_operate_init_totals /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/file.c:1352:9
#3 0x600b3c in panel_operate /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/file.c:2840:13
#4 0x5ee53e in delete_cmd /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/cmd.c:904:9
#5 0x52807f in midnight_execute_cmd /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/midnight.c:1161:9
#6 0x7f1bf2205309 in buttonbar_callback /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/buttonbar.c:172:42
#7 0x7f1bf220b47c in dlg_try_hotkey /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:464:23
#8 0x7f1bf220a770 in dlg_key_event /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:509:19
#9 0x7f1bf220ac32 in frontend_dlg_run /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:570:9
#10 0x7f1bf220a935 in dlg_run /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:1267:5
#11 0x52652d in do_nc /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/midnight.c:1757:9
#12 0x4f7d3a in main /tmp/portage/app-misc/mc-9999/work/mc-9999/src/main.c:401:21
#13 0x7f1bf0776953 in __libc_start_main (/lib64/libc.so.6+0x20953)
#14 0x427318 in _start (/tmp/portage/app-misc/mc-9999/work/mc-9999/src/.libs/mc+0x427318)
comment:3 in reply to: ↑ description Changed 9 years ago by andrew_b
- Status changed from new to accepted
- Owner set to andrew_b
- Branch state changed from no branch to on review
Replying to and:
attached patch works for me (TM) but I don't know why WPanel is invalid in this case.
Patch is ok because only file list panel has dirty flag.
Branch: 3582_info_panel_buffer_overflow
changeset:30b6888fcc7e92793c5f831e81ea98cfd8187d7a
comment:4 Changed 9 years ago by andrew_b
- Votes for changeset set to andrew_b
- Branch state changed from on review to approved
comment:5 Changed 9 years ago by andrew_b
- Status changed from accepted to testing
- Votes for changeset changed from andrew_b to committed-master
- Resolution set to fixed
- Branch state changed from approved to merged
Merged to master: [30b6888fcc7e92793c5f831e81ea98cfd8187d7a].
Note: See
TracTickets for help on using
tickets.
