Bug 361041

Summary: yelp-2.20.0-2.fc8 crashes if an omf contains a bad url
Product: [Fedora] Fedora Reporter: Will Woods <wwoods>
Component: yelpAssignee: Matthias Clasen <mclasen>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: hbrock, mishu
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 2.20.0-5.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-15 13:14:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 235704    

Description Will Woods 2007-10-31 22:01:32 UTC
virt-manager-C.omf from virt-manager-0.5.2-2.fc8 contains the following item:

[root@brinstar ~]# grep url virt-manager-C.omf 
        <identifier url="" />

This causes yelp to crash while searching, because of the following code at
yelp-search-parser.c:1075

    ptr = g_strrstr (container->base_filename, "/");

    path = g_strndup (container->base_filename,
                      ptr - container->base_filename);

The crash happens on the second line - if container->base_filename does not
contain the string "/" (like, say, if url is the empty string) then ptr will be
NULL. The subsequent g_strndup tries to allocate a ridiculous amount of memory
and subsequently dies like so:

GLib-ERROR **: gmem.c:135: failed to allocate 4150647657 bytes
aborting...

Probably yelp should check for ptr == NULL after the g_strrstr and handle that
case appropriately.

Comment 1 Matthias Clasen 2007-11-05 14:59:57 UTC
With the yelp update that I built last night, this no longer crashes. 

I've filed an upstream bug to clean up that code.

Moving this bug to virt-manager to fix the docs

Comment 2 Will Woods 2007-11-05 15:09:14 UTC
The virt-manager docs bug is already filed - see bug 361071. Moving back to yelp
so we can close this bug once the fix is confirmed. 

Speaking of which - I guess yelp-2.20.0-3.fc8 is the fixed package? I'll retest
with that, assuming that's what you plan to push as an update.

Oh, and thanks for moving this upstream. Figured they'd want to know about it.

Comment 3 Matthias Clasen 2007-11-05 15:14:39 UTC
For reference, the upstream bug is http://bugzilla.gnome.org/show_bug.cgi?id=493751

And yes, I've just pushed an update for 2.20.0-3.fc8

Comment 4 Will Woods 2007-11-05 22:23:38 UTC
That build doesn't fix this bug for me. Still crashes if I try to search in yelp
when the poisoned OMF file exists.

Comment 5 Matthias Clasen 2007-11-05 22:59:47 UTC
Ah, I missed the detail that the crash happens during search

Comment 6 Fedora Update System 2007-11-06 16:03:14 UTC
yelp-2.20.0-5.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update yelp'

Comment 7 Fedora Update System 2007-11-08 06:00:49 UTC
yelp-2.20.0-5.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update yelp'

Comment 8 Fedora Update System 2007-11-15 13:14:28 UTC
yelp-2.20.0-5.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.