ports/92899: firefox-1.5.0.1, 1 uses stack garbage for directory name [patch]
Don Lewis
truckman at FreeBSD.org
Mon Feb 6 16:00:30 UTC 2006
>Number: 92899
>Category: ports
>Synopsis: firefox-1.5.0.1,1 uses stack garbage for directory name [patch]
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Feb 06 16:00:21 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Don Lewis
>Release: FreeBSD 4.11-STABLE i386
>Organization:
totally disorganized
>Environment:
System: FreeBSD mousie.catspoiler.org 4.11-STABLE FreeBSD 4.11-STABLE #27: Sat Feb 4 05:21:17 PST 2006 dl at mousie.catspoiler.org:/usr/obj/usr/src/sys/GENERICDDB i386
FreeBSD 4-STABLE, i386
>Description:
Firefox-1.5.0.1,1 stores a directory name in a character array
on the stack. It saves a pointer to that character array and
uses it to access the array contents after the array has gone
out of scope. The old contents seem to get trashed on 4-STABLE,
causing firefox to create a subdirectory under ~/.mozilla with
a name generated from stack garbage.
This problem does not seem to occur on 7-STABLE.
>How-To-Repeat:
Build and run firefox-1.5 on a 4-STABLE, i386 machine.
>Fix:
--- toolkit/xre/nsXREDirProvider.cpp.orig Tue Oct 4 11:46:26 2005
+++ toolkit/xre/nsXREDirProvider.cpp Sun Feb 5 23:54:31 2006
@@ -820,6 +820,7 @@
char* appNameFolder = nsnull;
char profileFolderName[MAXPATHLEN] = ".";
+ char temp[MAXPATHLEN];
// Offset 1 for the outermost folder to make it hidden (i.e. using the ".")
char* writing = profileFolderName + 1;
@@ -829,7 +830,6 @@
rv = localDir->AppendNative(nsDependentCString(profileFolderName));
NS_ENSURE_SUCCESS(rv, rv);
- char temp[MAXPATHLEN];
GetProfileFolderName(temp, gAppData->name);
appNameFolder = temp;
}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list