Your message dated Mon, 13 Jan 2020 14:54:29 +0000 with message-id <e1ir16r-000cax...@fasolo.debian.org> and subject line Bug#948527: fixed in gtkboard 0.11pre0+cvs.2003.11.02-10 has caused the Debian Bug report #948527, regarding gtkboard: Always hang up after selecting a game. to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 948527: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948527 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: gtkboard Version: 0.11pre0+cvs.2003.11.02-9+b1 Severity: grave Tags: patch Dear Maintainer, The gtkboard always hangs up after selecting a game in Game menu. It causes gtkboard completely useless. And when it hangs up,the following message is shown in stdin, ' *** stack smashing detected ***: <unknown> terminated ' I report this problem, and I attach the patch to fix this problem. In my Debian box, this patch works well. Would you release a newer package applied to this patch? FYI: The root cause of this problem is the buffer overflow in channel_process_input() in src/engine.c. The channel_process_input() invokes g_io_channel_read; however, the type of the last argument of g_io_channel should be 'gsize(unsigned long)',but it is 'int'. It causes an overflow in the stack, and 'stack smashing' kills the forked process. Then the parent process, which handles GUI, keeps waiting for the response of the killed process forever, and it looks hanging up. Additionally, I happen to find a possibility of 1 bytes of buffer overflow. The linbuf in channel_process_input() has 4096bytes, but there is a possibility that '\0' puts in 4097th. This patch fixes it also. Finally, this problem comes from upstream. However, the site of upstream says maintenance is over. So, I haven't reported upstream. See. http://gtkboard.sourceforge.net/ Regards, -- Takahide Nojima -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.4.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE=ja_JP.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gtkboard depends on: ii libatk1.0-0 2.34.1-1 ii libc6 2.29-8 ii libcairo2 1.16.0-4 ii libfontconfig1 2.13.1-2+b1 ii libfreetype6 2.10.1-2 ii libgdk-pixbuf2.0-0 2.40.0+dfsg-2 ii libglib2.0-0 2.62.4-1 ii libgtk2.0-0 2.24.32-4 ii libpango-1.0-0 1.42.4-8 ii libpangocairo-1.0-0 1.42.4-8 ii libpangoft2-1.0-0 1.42.4-8 ii libsdl-mixer1.2 1.2.12-16+b1 ii libsdl1.2debian 1.2.15+dfsg2-5 gtkboard recommends no packages. gtkboard suggests no packages. -- no debconf informationdiff -u -N -r a/debian/changelog b/debian/changelog --- a/debian/changelog 2018-07-29 19:02:29.000000000 +0900 +++ b/debian/changelog 2020-01-10 04:19:52.749057611 +0900 @@ -1,3 +1,13 @@ +gtkboard (0.11pre0+cvs.2003.11.02-10) UNRELEASED; urgency=medium + + * Fix stack overflow in engine.c. + It has 2 overflows. + -The 'linebuf' have 4096 bytes,but '\0' puts in 4097th. + -The last argument of g_io_channel_read should be + 'unsigned long' not 'int'. + + -- Takahide Nojima <nozzy123no...@gmail.com> Mon, 06 Jan 2020 02:01:42 +0900 + gtkboard (0.11pre0+cvs.2003.11.02-9) unstable; urgency=medium * recent list crash bug fix, thanks to Nelson Benítez León (closes: #820595) diff -u -N -r a/debian/patches/fixed-stack-smash.patch b/debian/patches/fixed-stack-smash.patch --- a/debian/patches/fixed-stack-smash.patch 1970-01-01 09:00:00.000000000 +0900 +++ b/debian/patches/fixed-stack-smash.patch 2020-01-10 03:09:20.792565886 +0900 @@ -0,0 +1,15 @@ +--- a/src/engine.c ++++ b/src/engine.c +@@ -345,10 +345,10 @@ + + static gboolean channel_process_input () + { +- static char linebuf[4096]; ++ static char linebuf[4096+1]; + char *linep = linebuf; + char *line; +- int bytes_read; ++ gsize bytes_read; + #if GLIB_MAJOR_VERSION > 1 + // we need to call this again because we will get new events before returning + // from this function diff -u -N -r a/debian/patches/series b/debian/patches/series --- a/debian/patches/series 2018-07-29 19:02:29.000000000 +0900 +++ b/debian/patches/series 2020-01-06 02:07:43.243615139 +0900 @@ -1 +1,2 @@ debian-changes +fixed-stack-smash.patch
--- End Message ---
--- Begin Message ---Source: gtkboard Source-Version: 0.11pre0+cvs.2003.11.02-10 We believe that the bug you reported is fixed in the latest version of gtkboard, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 948...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Barak A. Pearlmutter <b...@debian.org> (supplier of updated gtkboard package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 09 Jan 2020 21:32:54 +0000 Source: gtkboard Architecture: source Version: 0.11pre0+cvs.2003.11.02-10 Distribution: unstable Urgency: medium Maintainer: Barak A. Pearlmutter <b...@debian.org> Changed-By: Barak A. Pearlmutter <b...@debian.org> Closes: 948527 Changes: gtkboard (0.11pre0+cvs.2003.11.02-10) unstable; urgency=medium . [ Ondřej Nový ] * d/watch: Use https protocol . [ Takahide Nojima ] * Fix stack overflow in engine.c. (closes: #948527) It has 2 overflows. -The 'linebuf' have 4096 bytes,but '\0' puts in 4097th. -The last argument of g_io_channel_read should be 'unsigned long' not 'int'. . [ Barak A. Pearlmutter ] * Bump debhelper from old 11 to 12. * Set debhelper-compat version in Build-Depends. * Bump policy Checksums-Sha1: 946c921878799a561c628a76871d6491d5fc5484 2031 gtkboard_0.11pre0+cvs.2003.11.02-10.dsc 000ac3a3bc46c7a9948d8aac9f10a920ca825d61 24812 gtkboard_0.11pre0+cvs.2003.11.02-10.debian.tar.xz 94beef59b3694ed0126c6be5aed5a4cb8c462b10 14225 gtkboard_0.11pre0+cvs.2003.11.02-10_source.buildinfo Checksums-Sha256: cd75db80f9e2f7cdf5f216fa75ed719fb03289cba2ee61aa505a167a62395155 2031 gtkboard_0.11pre0+cvs.2003.11.02-10.dsc 2435c0b0cf27b84204dc2cbbeda1870f6e30ff835f4fec2cf525cc344249dfbf 24812 gtkboard_0.11pre0+cvs.2003.11.02-10.debian.tar.xz 12530064fe425e83ab1ccc46dd766c211fe783b623207479b96fa390e70482e3 14225 gtkboard_0.11pre0+cvs.2003.11.02-10_source.buildinfo Files: b67d5742dc2771cbe10e22420ebd33ce 2031 games optional gtkboard_0.11pre0+cvs.2003.11.02-10.dsc 68031dbb44ba9071c838ed3274b42757 24812 games optional gtkboard_0.11pre0+cvs.2003.11.02-10.debian.tar.xz 3ee694e93a6e419493acfdb47aa43dc2 14225 games optional gtkboard_0.11pre0+cvs.2003.11.02-10_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEEZPQp426hHMLZZlRvEltXR14ZDRgFAl4cd14PHGJhcEBkZWJp YW4ub3JnAAoJEBJbV0deGQ0Y9HQP/16jua/UnAsNnWC4TXue5BgqGxfAe62KKIoX 4seEpdse7Wl9tycVKFc6I4Yd3XXFERfFtthyPFGH+GFmtKSsa4hts62ileWNdGpG yyUUED92n7CGTieGG80BkTZ1vvst9al8LkKyTnidTIKHqTx4BYQkvmkVoPY0esvi ZRCU3HOscVvKHbts7kvJCHWyhUyV+L0ID9GSIVmv/C+VOqeIq3heN+n6/Z6B9OdE fEPJd9ftbRKIzPxfjsSUo9vs9nUBjFTPDDZEZqcUa9u6As2tVnES3Ik0ymWZ3S0D JkuQQGIpOKBXfFmchaxdpBLvaa19MZgH1vXNjFhvvjlI+AsDV/8tGmo9MG3kwG3W 4BixsITjGIY7L29xyGzIjVKIbMAzeGLKmtwT3XyPFi94UsyTSvC7LkYuYD5CkMS4 aoNJhpSemwnTY8SCTp6HLjRu7lmpzyECicBGIaSgxnXAh4I9W6KaDQiI98oa+EIP 20NrH8yybwl/tC8m9MRI1MqYTfqbc7FYchFHb98+UpLT3Xwsp+/GcXk8DPkME6a2 pixHfuzGdgOMmaDjkkkrg8FoYvmeKXUYy/AqL62qdIiUv//vf6TudL1YJ6C7fN6X lPO8AMKyqdk6nTQ064B8QY1LbcDzp6SPG1m5AhVxh0dJJTFhhbvltfXJ8SyJPhqS cwck8wDM =28eJ -----END PGP SIGNATURE-----
--- End Message ---
