From 9f700e7d761cd2ebc58ec800ca5be9cc3aa424e8 Mon Sep 17 00:00:00 2001 From: Mamoru TASAKA Date: Mon, 15 Sep 2014 21:55:06 +0900 Subject: [PATCH] demo-Gtk-conf/de_stringify: fix memmove usage gcc sanitizer detected the following error on xscreensaver-demo: ==29615==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6030001b51ef at pc 0x444a4d bp 0x7fff8ad132d0 sp 0x7fff8ad132c0 READ of size 1 at 0x6030001b51ef thread T0 #0 0x444a4c in memmove /usr/include/bits/string3.h:57 #1 0x444a4c in de_stringify ../../driver/demo-Gtk-conf.c:1172 #2 0x444a4c in tokenize_command_line ../../driver/demo-Gtk-conf.c:1400 #3 0x444a4c in parse_command_line_into_parameters ../../driver/demo-Gtk-conf.c:1423 #4 0x44bd85 in load_configurator_1 ../../driver/demo-Gtk-conf.c:1863 #5 0x44c5ca in load_configurator ../../driver/demo-Gtk-conf.c:1934 #6 0x42f778 in populate_popup_window ../../driver/demo-Gtk.c:2984 #7 0x437dfc in list_select_changed_cb ../../driver/demo-Gtk.c:1939 .... .... In de_stringify, char *s has strlen(s) + 1 valid bytes (including null character terminater), so s + 1 has strlen(s) valid bytes, not strlen(s) + 1. Fix memmove arguments as such. --- driver/demo-Gtk-conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/driver/demo-Gtk-conf.c b/driver/demo-Gtk-conf.c index 2f03a12..ab6fdd8 100644 --- a/driver/demo-Gtk-conf.c +++ b/driver/demo-Gtk-conf.c @@ -1169,7 +1169,7 @@ de_stringify (char *s) char q = s[0]; if (q != '\'' && q != '\"' && q != '`') abort(); - memmove (s, s+1, strlen (s)+1); + memmove (s, s+1, strlen (s)); while (*s && *s != q) { if (*s == '\\') -- 2.1.0