Ubuntu
xmorph package

crashes when trying to load or save images or meshes

Bug #1066056 reported by Helmut Enck-Radana
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xmorph (Ubuntu)
New
Undecided
Unassigned

Bug Description

applies to the binary package gtkmorph version 1:20090926

segfault occurs directly after click on one of the buttons for loading or saving images or meshes

reproducible when an image is loaded and the path of the loaded image is longer than x characters,

where x is

- in the main window

   70 to load a new image or save the current image
   77 to load a mesh or save the mesh

- in a window for an additional image

   72 to load an image or save the image
   79 to load a mesh or save the mesh

The relevant path is shown in the open file dialog when loading the image. When the path of the image contains the path of the current working directory, and the path of the currrent working directory contains symlinks, then these are normalized as by readlink -f.

See original description
Tags: patch
Revision history for this message
Helmut Enck-Radana (helmenra) wrote :

The length of the path of the current working directory can be obtained in bash with

echo -n $(readlink -f $PWD) | wc -c

summary: - segfault when trying to load or save a mesh
+ crashes when trying to load or save images or meshes
description: updated
description: updated
Revision history for this message
Scott Pakin (pakin) wrote :

Aha! These gtkmorph crashes have been annoying me for years, but I never made the connection to filename length until I encountered this bug report. I believe that was just the information I needed to fix the problem. From what I can tell, the bug lies in the show_fs() function in gtkmorph/callbacks_fs.c, which hard-wires 50 characters for a file name. The 70+ characters in the bug report is a bit of a red herring; that's probably just the point where the buffer overrun tickles some critical data structure and brings down the whole application.

The solution is to replace

    char s[l+50];

with

    char s[l+strlen(N)+1];

I've attached a patch file. Could the morph package maintainer please test and apply it?

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Patch to prevent gtkmorph from crashing when manipulating long directory/file names" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.