Package: xgraph
Version: 12.1-14
Severity: important
Tags: upstream patch
Dear Maintainer,
Thank you for maintaining xgraph.
I noticed that xgraph would always segfault for me.
I tracked it down to my setting of MALLOC_PERTURB_ to a nonzero value,
(that makes glibc scribble on freed/malloc'd memory). That exposed
the latent problem in xgraph. Debugged it and wrote the patch below.
Also, after cloning from git and running autoreconf, I noticed that git
diff reported many changes in the generated file, aclocal.m4 (because
I use a newer version of autoconf). I attach a patch to remove aclocal.m4
from version control, too.
From bd5ae5869e16792c5fa6cb894ed2e50e52278c62 Mon Sep 17 00:00:00 2001
From: Jim Meyering meyer...@redhat.com
Date: Mon, 7 Nov 2011 11:01:44 +0100
Subject: [PATCH 2/2] don't dereference a pointer with uninitialized stack
data
Before this change, xgraph was unusable for me:
(because I set e.g., MALLOC_PERTURB_=39 in my environment)
$ echo 1 2| MALLOC_PERTURB_=39 xgraph
zsh: doneecho 1 2 |
zsh: segmentation fault xgraph
Given a bogus or unresolvable label or title font name specified with
-size, like helvetica-9, this code would determine that there are
no matching fonts, hence never run the body of the for loop, and then
test *font_info, which would be uninitialized stack data. If that
happened to be nonzero, it would return 1 and the caller would
dereference that font_info pointer.
* params.c (do_font): Do not return uninitialized *font_info as if it
were a valid pointer.
---
params.c |4 +---
1 files changed, 1 insertions(+), 3 deletions(-)
diff --git a/params.c b/params.c
index abcde5f..181500e 100644
--- a/params.c
+++ b/params.c
@@ -358,9 +358,7 @@ XFontStruct **font_info;/* Returned font information */
/* Load first one that you can */
for (i = 0; i font_count; i++)
if ((*font_info = XLoadQueryFont(param_disp, font_list[i])))
- break;
- if (*font_info)
- return 1;
+ return 1;
}
}
/* Assume normal font name */
--
1.7.8.rc0.35.gee6df
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.37-2-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash
Versions of packages xgraph depends on:
ii libc6 2.13-21
ii libice6 2:1.0.7-2
ii libsm62:1.2.0-2
ii libx11-6 2:1.4.4-2
xgraph recommends no packages.
Versions of packages xgraph suggests:
pn ygraph none
-- no debconf information
From fdb59dd5bf97a46749268d7db51478610baacea4 Mon Sep 17 00:00:00 2001
From: Jim Meyering meyer...@redhat.com
Date: Mon, 7 Nov 2011 10:54:47 +0100
Subject: [PATCH 1/2] don't version-control the generated file, aclocal.m4
* aclocal.m4: Remove generated file.
* .gitignore: Tell git to ignore it, too.
---
.gitignore |1 +
aclocal.m4 | 979
2 files changed, 1 insertions(+), 979 deletions(-)
delete mode 100644 aclocal.m4
diff --git a/.gitignore b/.gitignore
index fa2acb2..8debbd1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
.deps/
Makefile
Makefile.in
+aclocal.m4
autoconf.h
autom4te.cache/
config.log
diff --git a/aclocal.m4 b/aclocal.m4
deleted file mode 100644
index 27326f4..000
--- a/aclocal.m4
+++ /dev/null
@@ -1,979 +0,0 @@
-# generated automatically by aclocal 1.11.1 -*- Autoconf -*-
-
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
-# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-m4_ifndef([AC_AUTOCONF_VERSION],
- [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
-m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.67],,
-[m4_warning([this file was generated for autoconf 2.67.
-You have another version of autoconf. It may work, but is not guaranteed to.
-If you have problems, you may need to regenerate the build system entirely.
-To do so, use the procedure documented by the package, typically `autoreconf'.])])
-
-# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_AUTOMAKE_VERSION(VERSION)
-#
-# Automake X.Y traces
