Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!ora!bloom-beacon!dont-send-mail-to-path-lines
From: mikew@neptune.fx.COM
Newsgroups: comp.windows.x
Subject: OSF/MOTIF Problem Report
Message-ID: <9103142221.AA28841@neptune.noname>
Date: 14 Mar 91 22:21:24 GMT
Sender: daemon@athena.mit.edu (Mr Background)
Organization: The Internet
Lines: 36


VERSION:
    R4

CLIENT MACHINE and OPERATING SYSTEM:
    Sun SparcStation, SunOS 4.1

DISPLAY TYPE:
    CG6

WINDOW MANAGER:
    mwm

AREA:
    Xt

SYNOPSIS:
	XtResolvePathname doesn't handle large paths properly.

DESCRIPTION:
	XtResolvePathname has the following code segment
	    char *new = (bytesAllocd += 1000, ALLOCATE_LOCAL(bytesAllocd));
	    if (new == NULL) _XtAllocError("alloca");
	    strncpy( massagedPath, new, bytesUsed );
	This copies new on top of massagedPath. It seems that the opposite
	was intended. Since new could have arbitrary characters in it 
	(malloc doesn't guarrantee zeros), the could have some surprising
	behaviour including core dumps.

REPEAT BY:
	Eyeballed the code.

SAMPLE FIX:
<	    strncpy( massagedPath, new, bytesUsed );
--
>	    strncpy( new, massagedPath, bytesUsed );