[Pkg-kde-extras] Bug#865765: [qtcurve] Crash when using QtCurve widget style and Breeze preset

Sergey Sharybin sergey.vfx at gmail.com
Sat Jun 24 16:30:27 UTC 2017 

Package: qtcurve
Version: 1.8.18+git20160320-3d8622c-3
Severity: normal
Tags: patch

--- Please enter the report below this line. ---

QtCurve uses `memcmp()` to compare strings against various constants
when reading configuration file. This might easily end up with
memcmp() reading past the input string boundary, when input string is
shorter that the string which is compared against.

For example, if slider style is set to "circular", it will be first be
compared against "triangular", which is a longer string and will cause
reads past the original string boundary.

In order to reproduce the issue, KDE Plasma is to be configured to use
QtCurve widget style (Settings -> Application Style -> Applications ->
Widget Style). I am using Breeze preset for QtCurve. The error is very
easily noticeable when running Qt5 application compiled with address
sanitizer. Probably running any Qt application with Valgrind will show
the error as well, but i did not try that.

The solution i've tried is to use strncmp() instead of memcmp(), which
will avoid reading past the string memory. Seems all strings are
NULL-terminated in those comparisons, so it should be good enough
approach. The patch is attached.

P.S. Not sure the QtCurve versions are correctly detected, i've
re-compiled the packaged locally with the patch mentioned above. The
patch is against QtCurve from Stretch.
P.P.S. I'm using self-compiled kernel, because previously i was on one
from jessie-backports, which had issues with my machine. This
shouldn't matter i think.

--- System information. ---
Architecture:
Kernel:       Linux 4.11.5-vanilla

Debian Release: 9.0
  995 stable          dl.google.com
  990 stable          security.debian.org
  990 stable          ftp.de.debian.org

--- Package information. ---
Depends                    (Version) | Installed
====================================-+-===========
gtk2-engines-qtcurve                 | 1.8.18+git20160320-3d8622c-3
kde-style-qtcurve-qt4                | 1.8.18+git20160320-3d8622c-3
kde-style-qtcurve-qt5                | 1.8.18+git20160320-3d8622c-3
qtcurve-l10n                         | 1.8.18+git20160320-3d8622c-3


Package's Recommends field is empty.

Suggests                    (Version) | Installed
=====================================-+-===========
kwin-decoration-oxygen                | 4:5.8.4-1
oxygen-icon-theme                     | 5:5.28.0-1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: replace_memcmp_with_strncmp.patch
Type: text/x-patch
Size: 50427 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-kde-extras/attachments/20170624/0178695d/attachment-0001.bin>

More information about the pkg-kde-extras mailing list