search

mate-desktop / pluma

A powerful text editor for MATE
http://www.mate-desktop.org
GNU General Public License v2.0
158 stars 66 forks source link

Buffer overflow on -D_FORTIFY_SOURCE=3 #664

Closed balping closed 2 years ago

balping commented 2 years ago

Since openSUSE introduced -D_FORTIFY_SOURCE=3 as a global cflag, pluma keeps crashing on pressing shortcuts with ctrl key, eg. CTRL + S

Expected behaviour

no crash

Actual behaviour

buffer overflow detected : terminated Aborted (core dumped)

Steps to reproduce the behaviour

MATE general version

1.26

Package version

1.26.0

Linux Distribution

openSUSE Tumbleweed

Link to bugreport of your Distribution (requirement)

https://bugzilla.opensuse.org/show_bug.cgi?id=1200853

I traced down the issue to this strcpy call

https://github.com/mate-desktop/pluma/blob/v1.26.0/pluma/pluma-window.c#L322

gchar tempfont [strlen (font)];
strcpy (tempfont, font);

I think the issue is the tempfont variable being too short, as strlen returns the length of the string excluding the terminating 0. This means that strcpy tries to perform an out of bounds write, but FORTIFY_SOURCE prevents it from doing so. So I think the fix could be 

gchar tempfont [strlen (font) + 1];
strcpy (tempfont, font);

but I need someone to confirm this.