clxclient bug --- was Bug report on zita-rev1: zita-rev1 crashes with exit status 139

Thu, 27 Jun 2013 09:04:42 -0700 

Hi Fons,

If zita-rev1 cannot connext to a X-server it segfaults. The problem is
actually in libclxclient-3.6.1, xdisplay.cc.


X_display::X_display() .. constructor bails out early if it cannot
connect to X11 (and does not allocate the XImages) - but the
X_display::~X_display() destructor resets the data and calls
XDestroyImage() for those XImages - which may cause a segfault.


Attached patch is one possible solution.

Cheers!
robin


-=-=-=-=-=-
sudo su - nobody
gdb ./zita-rev1
#[..]
(gdb) run
Can't open display.

Program received signal SIGSEGV, Segmentation fault.
0xb7eae307 in X_display::~X_display() () from /usr/lib/libclxclient.so.3
(gdb) bt
#0  0xb7eae307 in X_display::~X_display() () from /usr/lib/libclxclient.so.3
#1  0x0804abdd in main (ac=1, av=0xbffffd94) at zita-rev1.cc:87
(gdb)



On 06/26/2013 07:52 PM, Alexandre Rebert wrote:
> Hi,
> 
> We found a crash in zita-rev1 contained in the zita-rev1 package. You are 
> being
> contacted because your are listed as one of the maintainer of zita-rev1.
> 
> We are planning to submit the bug to the Debian bug tracking system in two
> weeks. We wanted to give you a heads-up, so that you some time to assess the
> seriousness of the bug before it is publicly disclosed.
> 
> The bug report that will be submitted to the bug tracker is available at the
> following url:
> 
>   
> http://www.forallsecure.com/bug-reports/db7635e9e0fccad4d41a93ca1b2fe3ceea2eee5e/
> 
> This email is part of a mass bug reporting campain comprising 1,182 bugs. You
> might have received multiple emails from us concerning different programs. 
> More
> information about the mass bug reporting is available on the debian-devel
> mailing list:
> 
>   http://lists.debian.org/debian-devel/2013/06/msg00720.html
> 
> Regards,
> The Mayhem Team
> Cylab, Carnegie Mellon University

--- clxclient-3.6.1/xdisplay.cc	2013-06-27 17:30:44.520034390 +0200
+++ clxclient-3.6.1/xdisplay.cc.fixed	2013-06-27 17:30:40.452014218 +0200
@@ -55,13 +55,14 @@
 X_display::~X_display (void)
 {
     int i;
+    if (!_dpy) return;
 
     for (i = 0; i < N_IMG1515; i++)
     {  
         _imgptr1515 [i]->data = 0;
         XDestroyImage (_imgptr1515 [i]);
     }
-    if (_dpy) XCloseDisplay (_dpy); 
+    XCloseDisplay (_dpy); 
 }
 
 

_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Reply via email to