Bug#498447: marked as done (gtk-theme-switch: An unchecked fopen() leads to SIGSEGV)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 02 May 2009 10:32:03 +0000
with message-id <E1M0CVn-0006kz-AT@ries.debian.org>
and subject line Bug#498447: fixed in gtk-theme-switch 2.0.6
has caused the Debian Bug report #498447,
regarding gtk-theme-switch: An unchecked fopen() leads to SIGSEGV
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
498447: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498447
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: gtk-theme-switch: An unchecked fopen() leads to SIGSEGV
• From: François Wendling <frwendling@free.fr>
• Date: Wed, 10 Sep 2008 06:26:16 +0200
• Message-id: <20080910042616.26040.31452.reportbug@nuclearpad>

Package: gtk-theme-switch
Version: 2.0.5
Severity: normal
Tags: patch

Hi, 

There is currently an unchecked fopen() in switch2.c. In fact all has
began when i made a small audit in the code, a getenv() was interesting.
If you change the HOME shell variable to something that doesn't exist,
then it crashes. Try it :

HOME="EvilPlace" gtk-switch-theme2

And then apply a theme :) A gdb later, i've realized that in fact
fopen() in write_rc wasn't checked for success. If the user can't write
in ~/.gtkrc-2.0 (and the temp file used for preview) it crashes too.

I join a patch that spawns a small message box to alert the user and
quits properly, since anyway the program is unusable under this
condition.

Regards, 

François.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gtk-theme-switch depends on:
ii  libatk1.0-0                   1.22.0-1   The ATK accessibility toolkit
ii  libc6                         2.7-13     GNU C Library: Shared libraries
ii  libcairo2                     1.6.4-6    The Cairo 2D vector graphics libra
ii  libglib2.0-0                  2.16.5-1   The GLib library of C routines
ii  libgtk2.0-0                   2.12.11-3  The GTK+ graphical user interface 
ii  libpango1.0-0                 1.20.5-1   Layout and rendering of internatio

gtk-theme-switch recommends no packages.

gtk-theme-switch suggests no packages.

-- no debconf information

--- switch2.orig.c	2005-05-01 02:28:32.000000000 +0200
+++ switch2.c	2008-09-10 05:57:10.000000000 +0200
@@ -9,7 +9,7 @@
 
 #include "switch.h"
 #define INIT_GTK if (!using_gtk) { gtk_init (&argc, &argv); using_gtk = 1; }
-
+#include <errno.h>
 /* globals */
 GHashTable *hash;
 GList *glist=NULL;
@@ -220,6 +220,19 @@
 write_rc_file (gchar *include_file, gchar *path)
 {
 	FILE *gtkrc = fopen(path, "w");
+	/*XXX XXX*/	
+	if (gtkrc == NULL) {
+		GtkWidget *dialog = gtk_message_dialog_new (GTK_WINDOW(dockwin),
+                                  GTK_DIALOG_DESTROY_WITH_PARENT,
+                                  GTK_MESSAGE_ERROR,
+                                  GTK_BUTTONS_CLOSE,
+                                  "Unable to save your preferences to %s: %s.",
+								  path,strerror(errno) );
+		gtk_window_set_title(GTK_WINDOW(dialog), "Error");
+ 		gtk_dialog_run (GTK_DIALOG (dialog));
+ 		gtk_widget_destroy (dialog);
+		quit();
+	}
 	/* the caps stuff is bullshit for gnome */
 	fprintf(gtkrc, "# -- THEME AUTO-WRITTEN DO NOT EDIT\ninclude \"%s\"\n\n", include_file);
 	if (newfont)

--- End Message ---

--- Begin Message ---

• To: 498447-close@bugs.debian.org
• Subject: Bug#498447: fixed in gtk-theme-switch 2.0.6
• From: Denis Briand <denis@narcan.fr>
• Date: Sat, 02 May 2009 10:32:03 +0000
• Message-id: <E1M0CVn-0006kz-AT@ries.debian.org>

Source: gtk-theme-switch
Source-Version: 2.0.6

We believe that the bug you reported is fixed in the latest version of
gtk-theme-switch, which is due to be installed in the Debian FTP archive:

gtk-theme-switch_2.0.6.dsc
  to pool/main/g/gtk-theme-switch/gtk-theme-switch_2.0.6.dsc
gtk-theme-switch_2.0.6.tar.gz
  to pool/main/g/gtk-theme-switch/gtk-theme-switch_2.0.6.tar.gz
gtk-theme-switch_2.0.6_i386.deb
  to pool/main/g/gtk-theme-switch/gtk-theme-switch_2.0.6_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 498447@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Denis Briand <denis@narcan.fr> (supplier of updated gtk-theme-switch package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 11 Apr 2009 18:36:20 +0200
Source: gtk-theme-switch
Binary: gtk-theme-switch
Architecture: source i386
Version: 2.0.6
Distribution: unstable
Urgency: low
Maintainer: Denis Briand <denis@narcan.fr>
Changed-By: Denis Briand <denis@narcan.fr>
Description: 
 gtk-theme-switch - GTK+ theme switching utility
Closes: 229384 319286 462908 498447
Changes: 
 gtk-theme-switch (2.0.6) unstable; urgency=low
 .
   * New Maintainer (Closes: #462908)
   * solve an unchecked fopen() (Closes: #498447)
     + Thanks to François Wendling for his audit
     + and for his patch.
   * fix hash table pointer issue (Closes: #229384)
     + Thanks to Ron Murray for his work and for his patch.
   * rename switch2.* by gtk-theme-switch2.*
     + and add gtk-theme-switch2 name in gtkrc-2.0 conf file (Closes: #319286).
   * Bump compat to 7.
   * Bump standards version to 3.8.1.
   * Remove unused switch.c and switch.1 files.
   * Fit Makefile and debian/rules to the renamed files.
   * Remove obsolete debian/README.debian file.
   * Remove obsolete debian/links file.
   * Fit debian/menu to the renamed bin file.
   * Fix versionless symlink license in debian/copyright.
   * Fit man file to the renamed bin file.
   * Rename unused ChangeLog to ChangeLog.old
   * Change deprecated "dh_clean -k" in "dh_prep" in debian/rules.
Checksums-Sha1: 
 f8552d891d853839d0ce9b48675f990f332bb3f0 753 gtk-theme-switch_2.0.6.dsc
 dfd105a522a63653d69f2e21c647889d5b369c28 16380 gtk-theme-switch_2.0.6.tar.gz
 6e8acb71350b93108785d86c041b18f6a30de1c0 18736 gtk-theme-switch_2.0.6_i386.deb
Checksums-Sha256: 
 f1586e63dab49c2fb28765d68256673baa3c8d30eb51c3f48b51e4fa65ac050c 753 gtk-theme-switch_2.0.6.dsc
 bdf62c1781aef18c2513b264ede96cc04fff37cda3e803cfc40c986b74358b8c 16380 gtk-theme-switch_2.0.6.tar.gz
 e5efa717027dd2010df5d5c77762813331b869b1187c5cccfefd4243e521bc58 18736 gtk-theme-switch_2.0.6_i386.deb
Files: 
 df8c954785f6f7763cb776d789ac8ca2 753 x11 optional gtk-theme-switch_2.0.6.dsc
 ee7c0e4d575eeff775491094a12e5347 16380 x11 optional gtk-theme-switch_2.0.6.tar.gz
 e977b49737ecbd027ba3d8a1247d5a9c 18736 x11 optional gtk-theme-switch_2.0.6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkn8HfAACgkQ2XA5inpabMco7ACgiG5UFjXzJSKjRr9jjEJUisTO
rskAn0U5La2CZSfIumFN37/mFs+2DgZe
=DSpi
-----END PGP SIGNATURE-----

--- End Message ---