Am 06.12.2017 12:16, schrieb Tomasz Śniatowski: > Don't reuse cmd for strtok output to ensure the proper pointer is > freed afterwards. > > The code incorrectly assumed the pointer returned by strtok(cmd, ":") > would always point to cmd. However, strtok(str, sep) != str if str > begins with sep. This caused an invalid-free crash when running > a program under X with a name beginning with a colon. > > Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=104123 >
Yes, strtok returns a pointer to its arguments. btw: strtok is not thread-safe, could that be an issue with that function ? re, wh > Signed-off-by: Tomasz Śniatowski <[email protected]> > --- > os/access.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/os/access.c b/os/access.c > index 8828e0834..97246160c 100644 > --- a/os/access.c > +++ b/os/access.c > @@ -1137,12 +1137,12 @@ ComputeLocalClient(ClientPtr client) > /* Cut off any colon and whatever comes after it, see > * > https://lists.freedesktop.org/archives/xorg-devel/2015-December/048164.html > */ > - cmd = strtok(cmd, ":"); > + char *tok = strtok(cmd, ":"); > > #if !defined(WIN32) || defined(__CYGWIN__) > - ret = strcmp(basename(cmd), "ssh") != 0; > + ret = strcmp(basename(tok), "ssh") != 0; > #else > - ret = strcmp(cmd, "ssh") != 0; > + ret = strcmp(tok, "ssh") != 0; > #endif > > free(cmd); _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
