[PATCH] Fixed out of bounds memory access
Stephan Bergmann
sbergman at redhat.com
Mon Jun 18 04:41:23 PDT 2012
On 06/15/2012 05:45 PM, Marc-André Laverdière wrote:
> Here is a patch for a small fish I caught while valgrinding. It was
> accessing memory in the strdup.
Was it really? My reading of the original
> rtl::OUString aUserName;
> rtl::OString aUser;
> oslSecurity aSec = osl_getCurrentSecurity();
> if( aSec )
> {
> osl_getUserName( aSec, &aUserName.pData );
> aUser = rtl::OUStringToOString( aUserName, osl_getThreadTextEncoding() );
> osl_freeSecurityHandle( aSec );
> }
>
> pSmProps[ 3 ].name = const_cast<char*>(SmUserID);
> pSmProps[ 3 ].type = const_cast<char*>(SmARRAY8);
> pSmProps[ 3 ].num_vals = 1;
> pSmProps[ 3 ].vals = new SmPropValue;
> pSmProps[ 3 ].vals->value = strdup( aUser.getStr() );
> pSmProps[ 3 ].vals->length = strlen( (char *)pSmProps[ 3 ].vals->value )+1;
is that at the end aUser is either the empty string (if !aSec) or holds
on to an OString copy of the data obtained from osl_getUserName. In
either case, the strdup(aUser.getStr()) should be OK?
Stephan
More information about the LibreOffice
mailing list