Bug 98811 - iceauth segfaults on invalid input
Summary: iceauth segfaults on invalid input
Alias: None
Product: xorg
Classification: Unclassified
Component: App/other (show other bugs)
Version: git
Hardware: Other All
: medium normal
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
Keywords: patch
Depends on:
Reported: 2016-11-21 20:01 UTC by Tobias Stoeckmann
Modified: 2018-03-25 06:39 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

My proposed patch (1.56 KB, patch)
2016-11-21 20:01 UTC, Tobias Stoeckmann
no flags Details | Splinter Review

Description Tobias Stoeckmann 2016-11-21 20:01:54 UTC
Created attachment 128106 [details] [review]
My proposed patch

The 'add' command leads to a segmentation fault on invalid input.

Two arguments to 'add' can be quoted, but the quotation check does not
properly parse a single double quote:

$ echo 'add 0 " 0 0 0' | iceauth
Segmentation fault
$ _

This happens because the code does not properly check if the argument
consists of just one quote. Technically, it is true that the first
and the last characters are double quotes. Therefore it also takes a
check to verify that the length of the string is at least 2.
Comment 1 Alan Coopersmith 2018-03-25 06:39:39 UTC
Thanks for the fix!  Pushed to git master:
To ssh://git.freedesktop.org/git/xorg/app/iceauth
   e994aca..509b0b9  master -> master

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.