Buffer overflow in xfce_appfinder_model_fuzzy_match

Steps to reproduce

• Run xfce4-appfinder
• Type m in the search field

Debugging

ASan:

ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7fffffffdb02 at pc 0x555555575705 bp 0x7fffffffdac0 sp 0x7fffffffdab0
WRITE of size 1 at 0x7fffffffdb02 thread T0
    #0 0x555555575704 in xfce_appfinder_model_fuzzy_match xfce4-appfinder/src/appfinder-model.c:3129
    #1 0x55555557e85e in xfce_appfinder_model_get_visible xfce4-appfinder/src/appfinder-model.c:2507
    #2 0x555555584771 in xfce_appfinder_window_item_visible xfce4-appfinder/src/appfinder-window.c:1955
    #3 0x7ffff6e4c0eb in gtk_tree_model_filter_real_visible gtk/gtktreemodelfilter.c:1245
    #4 0x7ffff6e4ba58 in gtk_tree_model_filter_visible gtk/gtktreemodelfilter.c:1275
    #5 0x7ffff6e5a4f2 in gtk_tree_model_filter_row_changed gtk/gtktreemodelfilter.c:2026
    #6 0x7ffff6e5a97d in gtk_tree_model_filter_refilter_helper gtk/gtktreemodelfilter.c:4244
    #7 0x7ffff6e4807a in gtk_tree_model_foreach_helper gtk/gtktreemodel.c:1995
    #8 0x7ffff6e4a979 in gtk_tree_model_foreach gtk/gtktreemodel.c:2048
    #9 0x7ffff6e56ef5 in gtk_tree_model_filter_refilter gtk/gtktreemodelfilter.c:4264
    #10 0x555555582bdd in xfce_appfinder_window_entry_changed_idle xfce4-appfinder/src/appfinder-window.c:1436
    #11 0x7ffff628f9ff in gdk_threads_dispatch gdk/gdk.c:769
    #12 0x7ffff54e841c in g_idle_dispatch glib/gmain.c:6243
    #13 0x7ffff54ec192 in g_main_dispatch glib/gmain.c:3357
    #14 0x7ffff54f2eb5 in g_main_context_dispatch_unlocked glib/gmain.c:4208
    #15 0x7ffff54f2eb5 in g_main_context_iterate_unlocked glib/gmain.c:4273
    #16 0x7ffff54f3c87 in g_main_loop_run glib/gmain.c:4475
    #17 0x7ffff6bf7256 in gtk_main gtk/gtkmain.c:1329
    #18 0x55555558b701 in main xfce4-appfinder/src/main.c:341
    #19 0x7ffff5234e07  (/usr/lib/libc.so.6+0x25e07)
    #20 0x7ffff5234ecb in __libc_start_main (/usr/lib/libc.so.6+0x25ecb)
    #21 0x55555556bed4 in _start (/usr/local/bin/xfce4-appfinder+0x17ed4)

GDB:

#9  0x0000555555575705 in xfce_appfinder_model_fuzzy_match (source=0x50c0003c4f00 "about xfce\nxfce4-about\ninformation about the xfce desktop environment", 
    token=token@entry=0x50c0004a9c80 "m") at appfinder-model.c:3129
3129	        cmd_part [index + 1] = '\0';
(gdb) p cmd_part
$10 = "m"
(gdb) p cmd_part_size
$11 = 2
(gdb) p index + 1
$12 = 3

Version info

• f2bccd0d on Arch Linux