Hi Ludovic,
Thanks for looking into the crash. After looking at the code, it seems that
the crash happen because ap is incremented twice (line 95, and line 117)
while arg_c is decremented once.
If we run the program with ./xjdxgen A A, at the end of the first loop
iteration, arg_c is 2, and ap points to argv[2]. At the beginning of second
iteration, ap is incremented and now points to argv[3] which is NULL.
Therefore, when ap is dereferenced, the program will crash
An easy way to fix that is to remove line 117 (ap++).
Best,
Alex
On Fri, Sep 13, 2013 at 1:26 PM, <ldro...@debian.org> wrote:
> Hi!
>
> All the bugs are caused by poor argv parsing.
>
> (gdb) bt
> #0 strcmp () at ../sysdeps/i386/i686/strcmp.S:39
> #1 0x08048884 in main (argc=3, argv=0xbffffe74) at xjdxgen.c:96
>
> How to fix this quickly???
>
> Excerpt of code around xjdxgen.c:96:
>
> ap = argv;
> arg_c = argc;
> while (arg_c > 1)
> {
> <------>ap++;
> <------>if(strcmp(*ap,"-h") == 0) <--- CRASH
> ...
> ...
> <------>strcpy(strtmp,*ap);
> <------>strcpy(Dname,*ap);
> <------>strcpy(JDXname,*ap);
> <------>strcat(JDXname,".xjdx");
> <-->printf("Commandline request to use files %s and %s
> \n",Dname,JDXname);
> <------>ap++;
> <------>arg_c--;
> }
>
>
>
> --
> Ludovic Drolez.
>
> http://www.aopensource.com - The Android Open Source Portal
> http://www.drolez.com - Personal site - Linux and Free Software
>
>
