Re: [XFree86] Posible format string bug on Xterm Up to last version

2003-11-07 Thread David Dawes 
On Fri, Nov 07, 2003 at 03:23:52AM -0300, Agustin wrote:
Hello, im Agustin Gianni (gr00vy) from argentina. I would like to report
a bug on xterm (the last version 181 and the one on Slackware 9.0).
Since im not experienced on format bugs i couldnt make so much to try to
make a fix o give more info about the bug.

Thanks for the report.

I've just traced through it, and it isn't a formatting bug, but an
off-by-one bug in libXcursor that shows up when $HOME doesn't start with
a '/'.

This patch fixes it for me.  Let me know if it does for you too.

Index: xc/lib/Xcursor/library.c
===
RCS file: /home/x-cvs/xc/lib/Xcursor/library.c,v
retrieving revision 1.2
diff -u -r1.2 library.c
--- library.c   26 Jan 2003 03:22:42 -  1.2
+++ library.c   7 Nov 2003 17:48:21 -
@@ -101,6 +101,9 @@
if (!home)
return 0;
homelen = strlen (home);
+   /* A '/' gets prepended if $HOME doesn't start with one. */
+   if (home[0] != '/')
+   homelen++;
dir++;
dirlen--;
 }


David


[EMAIL PROTECTED]:/root# HOME=%n%n%n%n%n%n
[EMAIL PROTECTED]:/root# xterm
Segmentation fault
[EMAIL PROTECTED]:/root# gdb xterm
(gdb) r
Starting program: /root/xterm-181/xterm

Program received signal SIGSEGV, Segmentation fault.
0x4026e5bd in _int_malloc () from /lib/libc.so.6
(gdb) bt
#0  0x4026e5bd in _int_malloc () from /lib/libc.so.6
#1  0x4026d6b5 in malloc () from /lib/libc.so.6
#2  0x4025c003 in __fopen_internal () from /lib/libc.so.6
#3  0x4025c0ce in fopen@@GLIBC_2.1 () from /lib/libc.so.6
#4  0x4001e47a in XcursorFilenameSave () from
/usr/X11R6/lib/libXcursor.so.1
#5  0x4001e616 in XcursorLibraryLoadImages () from
/usr/X11R6/lib/libXcursor.so.1
#6  0x4001e824 in XcursorShapeLoadImages () from
/usr/X11R6/lib/libXcursor.so.1
#7  0x4001eb6e in XcursorTryShapeCursor () from
/usr/X11R6/lib/libXcursor.so.1
#8  0x4012d628 in _XTryShapeCursor () from /usr/X11R6/lib/libX11.so.6
#9  0x4012d9e9 in XCreateGlyphCursor () from /usr/X11R6/lib/libX11.so.6
#10 0x4012de59 in XCreateFontCursor () from /usr/X11R6/lib/libX11.so.6
#11 0x0805f3ce in make_colored_cursor (cursorindex=68, fg=0,
bg=16777215) at misc.c:216
#12 0x0805b578 in get_terminal () at main.c:2467
#13 0x0805b019 in main (argc=0, argv=0xb9e8) at main.c:2111
#14 0x4020dbb4 in __libc_start_main () from /lib/libc.so.6
(gdb) i r
eax0x808e780134801280
ecx0x40327300   1077048064
edx0x40327354   1077048148
ebx0x40326234   1077043764
esp0xb650   0xb650
ebp0xb688   0xb688
esi0x0  0
edi0x0  0
eip0x4026e5bd   0x4026e5bd
eflags 0x10206  66054
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0  0
gs 0x0  0
fctrl  0x37f895
fstat  0x0  0
ftag   0x   65535
fiseg  0x0  0
fioff  0x0  0
foseg  0x0  0
fooff  0x0  0
fop0x0  0
mxcsr  0x1f80   8064
orig_eax   0x   -1

Best Regards

Agustin Gianni
Argentina

PS: thanks to #linux and #cheese (specially df)

___
XFree86 mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/xfree86


-- 
David Dawes X-Oz Technologies
www.XFree86.org/~dawes  www.x-oz.com
___
XFree86 mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/xfree86

Re: [XFree86] Posible format string bug on Xterm Up to last version

2003-11-07 Thread Marc Aurele La France 
On 7 Nov 2003, Agustin wrote:

 Hello, im Agustin Gianni (gr00vy) from argentina. I would like to report
 a bug on xterm (the last version 181 and the one on Slackware 9.0).
 Since im not experienced on format bugs i couldnt make so much to try to
 make a fix o give more info about the bug.

 [EMAIL PROTECTED]:/root# HOME=%n%n%n%n%n%n
 [EMAIL PROTECTED]:/root# xterm
 Segmentation fault
 [EMAIL PROTECTED]:/root# gdb xterm
 (gdb) r
 Starting program: /root/xterm-181/xterm

 Program received signal SIGSEGV, Segmentation fault.
 0x4026e5bd in _int_malloc () from /lib/libc.so.6
 (gdb) bt
 #0  0x4026e5bd in _int_malloc () from /lib/libc.so.6
 #1  0x4026d6b5 in malloc () from /lib/libc.so.6
 #2  0x4025c003 in __fopen_internal () from /lib/libc.so.6
 #3  0x4025c0ce in fopen@@GLIBC_2.1 () from /lib/libc.so.6
 #4  0x4001e47a in XcursorFilenameSave () from
 /usr/X11R6/lib/libXcursor.so.1
 #5  0x4001e616 in XcursorLibraryLoadImages () from
 /usr/X11R6/lib/libXcursor.so.1
 #6  0x4001e824 in XcursorShapeLoadImages () from
 /usr/X11R6/lib/libXcursor.so.1
 #7  0x4001eb6e in XcursorTryShapeCursor () from
 /usr/X11R6/lib/libXcursor.so.1
 #8  0x4012d628 in _XTryShapeCursor () from /usr/X11R6/lib/libX11.so.6
 #9  0x4012d9e9 in XCreateGlyphCursor () from /usr/X11R6/lib/libX11.so.6
 #10 0x4012de59 in XCreateFontCursor () from /usr/X11R6/lib/libX11.so.6
 #11 0x0805f3ce in make_colored_cursor (cursorindex=68, fg=0,
 bg=16777215) at misc.c:216
 #12 0x0805b578 in get_terminal () at main.c:2467
 #13 0x0805b019 in main (argc=0, argv=0xb9e8) at main.c:2111
 #14 0x4020dbb4 in __libc_start_main () from /lib/libc.so.6
 (gdb) i r
 eax0x808e780134801280
 ecx0x40327300   1077048064
 edx0x40327354   1077048148
 ebx0x40326234   1077043764
 esp0xb650   0xb650
 ebp0xb688   0xb688
 esi0x0  0
 edi0x0  0
 eip0x4026e5bd   0x4026e5bd
 eflags 0x10206  66054
 cs 0x23 35
 ss 0x2b 43
 ds 0x2b 43
 es 0x2b 43
 fs 0x0  0
 gs 0x0  0
 fctrl  0x37f895
 fstat  0x0  0
 ftag   0x   65535
 fiseg  0x0  0
 fioff  0x0  0
 foseg  0x0  0
 fooff  0x0  0
 fop0x0  0
 mxcsr  0x1f80   8064
 orig_eax   0x   -1

Does it SIGSEGV when $HOME is shortened by one character?  If not, I think
I know where the problem is.

Marc.

+--+---+
|  Marc Aurele La France   |  work:   1-780-492-9310   |
|  Computing and Network Services  |  fax:1-780-492-1729   |
|  352 General Services Building   |  email:  [EMAIL PROTECTED]  |
|  University of Alberta   +---+
|  Edmonton, Alberta   |   |
|  T6G 2H1 | Standard disclaimers apply|
|  CANADA  |   |
+--+---+
XFree86 Core Team member.  ATI driver and X server internals.

___
XFree86 mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/xfree86