Red Hat Bugzilla – Bug 361041
yelp-2.20.0-2.fc8 crashes if an omf contains a bad url
Last modified: 2007-11-30 17:12:20 EST
virt-manager-C.omf from virt-manager-0.5.2-2.fc8 contains the following item:
[root@brinstar ~]# grep url virt-manager-C.omf
<identifier url="" />
This causes yelp to crash while searching, because of the following code at
ptr = g_strrstr (container->base_filename, "/");
path = g_strndup (container->base_filename,
ptr - container->base_filename);
The crash happens on the second line - if container->base_filename does not
contain the string "/" (like, say, if url is the empty string) then ptr will be
NULL. The subsequent g_strndup tries to allocate a ridiculous amount of memory
and subsequently dies like so:
GLib-ERROR **: gmem.c:135: failed to allocate 4150647657 bytes
Probably yelp should check for ptr == NULL after the g_strrstr and handle that
With the yelp update that I built last night, this no longer crashes.
I've filed an upstream bug to clean up that code.
Moving this bug to virt-manager to fix the docs
The virt-manager docs bug is already filed - see bug 361071. Moving back to yelp
so we can close this bug once the fix is confirmed.
Speaking of which - I guess yelp-2.20.0-3.fc8 is the fixed package? I'll retest
with that, assuming that's what you plan to push as an update.
Oh, and thanks for moving this upstream. Figured they'd want to know about it.
For reference, the upstream bug is http://bugzilla.gnome.org/show_bug.cgi?id=493751
And yes, I've just pushed an update for 2.20.0-3.fc8
That build doesn't fix this bug for me. Still crashes if I try to search in yelp
when the poisoned OMF file exists.
Ah, I missed the detail that the crash happens during search
yelp-2.20.0-5.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update yelp'
yelp-2.20.0-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.