Alwin <translati...@ziggo.nl> writes: > Dear List, > > I would like to report a crash in FVWM 2.6.5. According to the logs, > it's a possible buffer overflow. I'm using FVWM-Crystal 3.4.0 SVN rev. > 767, X.Org server 1.16.4 and Gentoo Linux. > > The logs are huge, so it might be a good idea to only copy the relevant > parts in-line from the attached gzipped files: config.log, build.log, > session.log and backtrace.txt. > > The crash happens when the Volume+ or Volume- button is pressed > on the keyboard. These are common Multimedia Keys which generate the > XF86AudioRaiseVolume and XF86AudioLowerVolume KeySyms, and have auto > repeat enabled by default. The KeySyms have key bindings in > FVWM-Crystal: see 'Change-Volume-Down' function in the session.log. It > decreases the volume, and prints the volume level on screen, using a > function called 'FvwmButtons-Tooltip-Volume' in the session.log. > > When these buttons are pressed for about 3 seconds too long, after the > volume reached 0% (or 100%) already, then FVWM is aborted with > this log message: > > *** buffer overflow detected ***: fvwm terminated > > The backtrace leads to the tooltip print function, which might be the > problem here: > > #10 0x0000000000437c89 in sprintf (__fmt=0x4a2898 "%d", > __s=0x7ffc22de1290 "10wmButtons-Tooltip-Volume (99)") at > /usr/include/bits/stdio2.h:33 > > > Please let me know if more information is needed, or to test a patch.
Looks to me like this line in add_window.c: char win_name_len[MAX_WINDOW_NAME_NUMBER_DIGITS]; should be: char win_name_len[MAX_WINDOW_NAME_NUMBER_DIGITS+1]; If you can test that, okay. If I don't hear otherwise, I'll commit a change in a day or 3. -- Dan Espen