[PATCH] editors/AbiWord2 bug (function returns pointer to non static data destroyed after return)

Oleg Sharoiko os at rsu.ru
Wed Jun 2 09:38:45 GMT 2004 

>Submitter-Id:	current-users
>Originator:	Oleg Sharoiko
>Organization:	Computer Center of Rostov State University
>Confidential:	no 
>Synopsis:	[PATCH] editors/AbiWord2 bug (function returns pointer to non static data destroyed after return)
>Severity:	serious
>Priority:	medium
>Category:	ports
>Class:		sw-bug
>Release:	FreeBSD 5.2-CURRENT i386
>Environment:
System: FreeBSD brain.cc.rsu.ru 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Tue May 18 18:15:48 MSD 2004 os at brain.cc.rsu.ru:/usr/obj/usr/src/sys/brain.athlon-xp.HEAD.2004-01-30 i386


	
>Description:
	After upgrade of AbiWord from 2.06 to 2.0.7 is stopped working with
	SIGSEGV. After some digging in the code I found:

	ap_GetLabel_Autotext() (src/wp/ap/xp/ap_Menu_Functions.cpp)
	returns a pointer to internal buffer of temp variable of type
	UT_UTF8String, but ~UT_UTF8String destroys this buffer.
	
>How-To-Repeat:
	It seems that this bug is not always seen.
	I could easily reproduce it with

	cd /usr/ports/editors/AbiWord2
	make
	make install
	rehash
	AbiWord-2.0

	on two -CURRENT boxes
	but it works on my friend's -CURRENT which is a little bit older.
>Fix:

	The following patch (which is quite similar to the one committed into
	main abiword source three) solves the problem.


--- AbiWord2/files/patch-src::wp::ap::xp::ap_Menu_Functions.cpp	Thu Jan  1 03:00:00 1970
+++ AbiWord2/files/patch-src::wp::ap::xp::ap_Menu_Functions.cpp	Wed Jun  2 13:33:55 2004
@@ -0,0 +1,135 @@
+--- src/wp/ap/xp/ap_Menu_Functions.cpp.orig	Wed Jun  2 12:47:46 2004
++++ src/wp/ap/xp/ap_Menu_Functions.cpp	Wed Jun  2 12:47:49 2004
+@@ -62,92 +62,94 @@
+ 	const char * c = NULL;
+ 
+ 	const XAP_StringSet * pss = pApp->getStringSet();
+-	c = pss->getValueUTF8(AP_STRING_ID_DLG_Spell_NoSuggestions).utf8_str();
++	static UT_UTF8String s;
+ 
+ 	switch (id)
+ 	  {
+ 	  case AP_MENU_ID_AUTOTEXT_ATTN_1:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_ATTN_1).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_ATTN_1); break;
+ 	  case AP_MENU_ID_AUTOTEXT_ATTN_2:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_ATTN_2).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_ATTN_2); break;
+ 
+ 	  case AP_MENU_ID_AUTOTEXT_CLOSING_1:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_1).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_1); break;
+ 	  case AP_MENU_ID_AUTOTEXT_CLOSING_2:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_2).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_2); break;
+ 	  case AP_MENU_ID_AUTOTEXT_CLOSING_3:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_3).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_3); break;
+ 	  case AP_MENU_ID_AUTOTEXT_CLOSING_4:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_4).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_4); break;
+ 	  case AP_MENU_ID_AUTOTEXT_CLOSING_5:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_5).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_5); break;
+ 	  case AP_MENU_ID_AUTOTEXT_CLOSING_6:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_6).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_6); break;
+ 	  case AP_MENU_ID_AUTOTEXT_CLOSING_7:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_7).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_7); break;
+ 	  case AP_MENU_ID_AUTOTEXT_CLOSING_8:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_8).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_8); break;
+ 	  case AP_MENU_ID_AUTOTEXT_CLOSING_9:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_9).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_9); break;
+ 	  case AP_MENU_ID_AUTOTEXT_CLOSING_10:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_10).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_10); break;
+ 	  case AP_MENU_ID_AUTOTEXT_CLOSING_11:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_11).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_11); break;
+ 	  case AP_MENU_ID_AUTOTEXT_CLOSING_12:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_12).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_CLOSING_12); break;
+ 
+ 	  case AP_MENU_ID_AUTOTEXT_MAIL_1:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_1).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_1); break;
+ 	  case AP_MENU_ID_AUTOTEXT_MAIL_2:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_2).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_2); break;
+ 	  case AP_MENU_ID_AUTOTEXT_MAIL_3:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_3).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_3); break;
+ 	  case AP_MENU_ID_AUTOTEXT_MAIL_4:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_4).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_4); break;
+ 	  case AP_MENU_ID_AUTOTEXT_MAIL_5:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_5).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_5); break;
+ 	  case AP_MENU_ID_AUTOTEXT_MAIL_6:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_6).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_6); break;
+ 	  case AP_MENU_ID_AUTOTEXT_MAIL_7:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_7).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_7); break;
+ 	  case AP_MENU_ID_AUTOTEXT_MAIL_8:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_8).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_MAIL_8); break;
+ 
+ 	  case AP_MENU_ID_AUTOTEXT_REFERENCE_1:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_REFERENCE_1).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_REFERENCE_1); break;
+ 	  case AP_MENU_ID_AUTOTEXT_REFERENCE_2:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_REFERENCE_2).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_REFERENCE_2); break;
+ 	  case AP_MENU_ID_AUTOTEXT_REFERENCE_3:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_REFERENCE_3).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_REFERENCE_3); break;
+ 
+ 	  case AP_MENU_ID_AUTOTEXT_SALUTATION_1:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_SALUTATION_1).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_SALUTATION_1); break;
+ 	  case AP_MENU_ID_AUTOTEXT_SALUTATION_2:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_SALUTATION_2).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_SALUTATION_2); break;
+ 	  case AP_MENU_ID_AUTOTEXT_SALUTATION_3:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_SALUTATION_3).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_SALUTATION_3); break;
+ 	  case AP_MENU_ID_AUTOTEXT_SALUTATION_4:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_SALUTATION_4).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_SALUTATION_4); break;
+ 
+ 	  case AP_MENU_ID_AUTOTEXT_SUBJECT_1:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_SUBJECT_1).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_SUBJECT_1); break;
+ 
+ 	  case AP_MENU_ID_AUTOTEXT_EMAIL_1:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_EMAIL_1).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_EMAIL_1); break;
+ 	  case AP_MENU_ID_AUTOTEXT_EMAIL_2:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_EMAIL_2).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_EMAIL_2); break;
+ 	  case AP_MENU_ID_AUTOTEXT_EMAIL_3:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_EMAIL_3).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_EMAIL_3); break;
+ 	  case AP_MENU_ID_AUTOTEXT_EMAIL_4:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_EMAIL_4).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_EMAIL_4); break;
+ 	  case AP_MENU_ID_AUTOTEXT_EMAIL_5:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_EMAIL_5).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_EMAIL_5); break;
+ 	  case AP_MENU_ID_AUTOTEXT_EMAIL_6:
+-	    c = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_EMAIL_6).utf8_str(); break;
++	    s = pss->getValueUTF8(AP_STRING_ID_AUTOTEXT_EMAIL_6); break;
+ 
+ 	  default:
+-	    c = "No clue"; break;
++	    s = pss->getValueUTF8(AP_STRING_ID_DLG_Spell_NoSuggestions); break;
+ 	  }
++
++	c = s.utf8_str();
+ 
+ 	return c;
+ }

More information about the freebsd-gnome mailing list