[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#498447: gtk-theme-switch: An unchecked fopen() leads to SIGSEGV

Package: gtk-theme-switch
Version: 2.0.5
Severity: normal
Tags: patch

Hi, 

There is currently an unchecked fopen() in switch2.c. In fact all has
began when i made a small audit in the code, a getenv() was interesting.
If you change the HOME shell variable to something that doesn't exist,
then it crashes. Try it :

HOME="EvilPlace" gtk-switch-theme2

And then apply a theme :) A gdb later, i've realized that in fact
fopen() in write_rc wasn't checked for success. If the user can't write
in ~/.gtkrc-2.0 (and the temp file used for preview) it crashes too.

I join a patch that spawns a small message box to alert the user and
quits properly, since anyway the program is unusable under this
condition.

Regards, 

François.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gtk-theme-switch depends on:
ii  libatk1.0-0                   1.22.0-1   The ATK accessibility toolkit
ii  libc6                         2.7-13     GNU C Library: Shared libraries
ii  libcairo2                     1.6.4-6    The Cairo 2D vector graphics libra
ii  libglib2.0-0                  2.16.5-1   The GLib library of C routines
ii  libgtk2.0-0                   2.12.11-3  The GTK+ graphical user interface 
ii  libpango1.0-0                 1.20.5-1   Layout and rendering of internatio

gtk-theme-switch recommends no packages.

gtk-theme-switch suggests no packages.

-- no debconf information

--- switch2.orig.c	2005-05-01 02:28:32.000000000 +0200
+++ switch2.c	2008-09-10 05:57:10.000000000 +0200
@@ -9,7 +9,7 @@
 
 #include "switch.h"
 #define INIT_GTK if (!using_gtk) { gtk_init (&argc, &argv); using_gtk = 1; }
-
+#include <errno.h>
 /* globals */
 GHashTable *hash;
 GList *glist=NULL;
@@ -220,6 +220,19 @@
 write_rc_file (gchar *include_file, gchar *path)
 {
 	FILE *gtkrc = fopen(path, "w");
+	/*XXX XXX*/	
+	if (gtkrc == NULL) {
+		GtkWidget *dialog = gtk_message_dialog_new (GTK_WINDOW(dockwin),
+                                  GTK_DIALOG_DESTROY_WITH_PARENT,
+                                  GTK_MESSAGE_ERROR,
+                                  GTK_BUTTONS_CLOSE,
+                                  "Unable to save your preferences to %s: %s.",
+								  path,strerror(errno) );
+		gtk_window_set_title(GTK_WINDOW(dialog), "Error");
+ 		gtk_dialog_run (GTK_DIALOG (dialog));
+ 		gtk_widget_destroy (dialog);
+		quit();
+	}
 	/* the caps stuff is bullshit for gnome */
 	fprintf(gtkrc, "# -- THEME AUTO-WRITTEN DO NOT EDIT\ninclude \"%s\"\n\n", include_file);
 	if (newfont)
Reply to: