SIGABRT and calloc failure in parse_file() #5002

zhrvn · 2022-06-09T11:48:30Z

I'm submitting a…

[x] Bug
[ ] Feature Request
[ ] Documentation Request
[ ] Other (Please describe in detail)

Current Behavior

Using a config with nested variables (see config) causes i3 to crash either with a heap allocation failure (in calloc) or SIGABRT (heap smashing).

Expected Behavior

Using a config with nested variables (see config) doesn't cause i3 to crash.

Reproduction Instructions

Start i3 with the following configs.

Environment

Output of i3 --moreversion 2>&-:

Binary i3 version:  4.20-96-gce2665ca © 2009 Michael Stapelberg and contributors

Config file causing allocation failure

# i3 config file (v4)
set $xxxxxxxxxx 1
set $$xxxxxxxxxx 2
set $$$xxxxxxxxxx 3
set $$$$xxxxxxxxxx 4
set $$$$$xxxxxxxxxx 5
set $$$$$$xxxxxxxxxx 6
set $$$$$$$xxxxxxxxxx 7
set $$$$$$$$xxxxxxxxxx 8
set $$$$$$$$$xxxxxxxxxx 9
set $$$$$$$$$$xxxxxxxxxx 10
set $$$$$$$$$$$xxxxxxxxxx 11
set $$$$$$$$$$$$xxxxxxxxxx 12
set $$$$$$$$$$$$$xxxxxxxxxx 13
set $$$$$$$$$$$$$$xxxxxxxxxx 14

Config file causing SIGABRT

# i3 config file (v4)
set $xxxxxxxxxx 1
set $$xxxxxxxxxx 2
set $$$xxxxxxxxxx 3

Logfile URL: https://github.com/i3/i3/files/8869940/sigabrt-log.txt (SIGABRT) https://logs.i3wm.org/logs/6302401581547520.bz2 (calloc failure)
Strace URL: https://github.com/i3/i3/files/8869954/sigabrt-strace.txt (SIGABRT) https://github.com/i3/i3/files/8869961/calloc-strace.txt (calloc failure)
Backtrace URL: https://github.com/i3/i3/files/8869971/sigabrt-backtrace.txt (SIGABRT)

- Linux Distribution & Version: Arch Linux
- Are you using a compositor (e.g., xcompmgr or compton): no

The text was updated successfully, but these errors were encountered:

Airblader · 2022-06-09T11:58:17Z

Thanks for the report. Indeed we should not crash, but just to point it out, we do not support nested variables names.

Fixes i3#5002 If there is a variable with the same name as the rest of another variable after removing $, then it will be counted twice. Therefore, we need to completely replace it in order to correctly calculate the length of a new string.

If there is a variable with the same name as the rest of another variable after removing $, then it will be counted twice. Therefore, we need to completely replace it with spaces (variable names cannot contain spaces) in order to correctly calculate the length of a new string.

Count extra_bytes correctly If there is a variable with the same name as the rest of another variable after removing $, then it will be counted twice. Therefore, we need to completely replace it with spaces (variable names cannot contain spaces) in order to correctly calculate the length of a new string. fixes #5002 Co-authored-by: Ivan Zharov <zhiv.email@gmail.com> Co-authored-by: Michael Stapelberg <stapelberg@users.noreply.github.com>

i3bot added bug 4.20 labels Jun 9, 2022

zhrvn pushed a commit to zhrvn/i3 that referenced this issue Jun 9, 2022

Add test for i3#5002

693fffe

zhrvn pushed a commit to zhrvn/i3 that referenced this issue Jun 9, 2022

Add bugfix note for i3#5002

bfe39f6

zhrvn mentioned this issue Jun 9, 2022

Fix crash in parse_file() when parsing nested variables #5003

Merged

stapelberg closed this as completed in #5003 Sep 12, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SIGABRT and calloc failure in parse_file() #5002

SIGABRT and calloc failure in parse_file() #5002

zhrvn commented Jun 9, 2022

Airblader commented Jun 9, 2022

SIGABRT and calloc failure in parse_file() #5002

SIGABRT and calloc failure in parse_file() #5002

Comments

zhrvn commented Jun 9, 2022

I'm submitting a…

Current Behavior

Expected Behavior

Reproduction Instructions

Environment

Airblader commented Jun 9, 2022