From 3a6a304c64b669f71c530a07d64caa93dc2f23ca Mon Sep 17 00:00:00 2001 From: Mike Fleetwood Date: Mon, 13 Mar 2017 22:24:23 +0000 Subject: [PATCH] Workaround g_utf8_find_next_char() not incrementing past NUL char (#777973) If PipeCapture reads a NUL character, a valid UTF-8 character, it causes GParted to allocate all available memory and crash. The while loop in PipeCapture::OnReadable() loops forever reading the same NUL character from readbuf because g_utf8_find_next_char() doesn't advance past it. Hence an infinite number of NUL characters are added to the current line, linevec. Workaround this by checking for this failure case of g_utf8_find_next_char() and increment past the NUL character. This is actually a bug recently fixed in glib 2.49.3 released 2016-07-17. References: * Bug 547200 - g_utf8_find_next_char() issues https://bugzilla.gnome.org/show_bug.cgi?id=547200 * https://git.gnome.org/browse/glib/commit/?id=e0e652e4032a181d4f0b0a12aeddf0678b7a3c04 Fix a corner-case in g_utf8_find_next_char In the case that *p is '\0', we should return p + 1, not p. This change allows to simplify g_utf8_find_next_char a bit. Bug 777973 - Segmentation fault on bad disk --- src/PipeCapture.cc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/PipeCapture.cc b/src/PipeCapture.cc index 69cf7411..b900a7de 100644 --- a/src/PipeCapture.cc +++ b/src/PipeCapture.cc @@ -144,7 +144,13 @@ bool PipeCapture::OnReadable( Glib::IOCondition condition ) else { // Advance read pointer past the read UTF-8 character. - read_ptr = g_utf8_find_next_char( read_ptr, end_ptr ); + const char * new_ptr = g_utf8_find_next_char( read_ptr, end_ptr ); + if ( new_ptr == read_ptr && *read_ptr == '\0' ) + // Workaround bug in g_utf8_find_next_char() which + // stops it advancing past NUL char in buffer + // delimited by an end pointer. + new_ptr ++; + read_ptr = new_ptr; if ( read_ptr == NULL ) read_ptr = end_ptr; }