[Bug 793282] [NEW] DoS window manager with extremely long error
Public bug reported: Binary package hint: zenity displaying extremely long error causes the window manager to crash. if the keyboard doesn't respond , login in tty and run compiz . test case : emanuel@emanuel-desktop:~$ zenity --error --text=`python -c print 'A'*115000` (zenity:8369): Gdk-WARNING **: Native Windows wider or taller than 65535 pixels are not supported The program 'zenity' received an X Window System error. This probably reflects a bug in the program. The error was 'RenderBadPicture (invalid Picture parameter)'. (Details: serial 266 error_code 158 request_code 148 minor_code 8) (Note to programmers: normally, X errors are reported asynchronously; that is, you will receive the error a while after causing it. To debug your program, run it with the --sync command line option to change this behavior. You can then get a meaningful backtrace from your debugger if you break on the gdk_x_error() function.) sometimes it print other messages : emanuel@emanuel-desktop:~$ zenity --error --text=`python -c print 'A'*115000` (zenity:8406): Gdk-WARNING **: Native Windows wider or taller than 65535 pixels are not supported zenity: Fatal IO error 11 (Resource temporarily unavailable) on X server :0.0. ** Affects: zenity (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to zenity in Ubuntu. https://bugs.launchpad.net/bugs/793282 Title: DoS window manager with extremely long error -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 793289] [NEW] DoS window manager with extremely long error
Public bug reported: Binary package hint: vinagre displaying extremely long error causes the window manager to crash. if the keyboard doesn't respond , login in tty and run compiz . test case: emanuel@emanuel-desktop:~$ vinagre --file=`python -c print 'A'*115000` (vinagre:8697): Gdk-WARNING **: Native Windows wider or taller than 65535 pixels are not supported vinagre: Fatal IO error 11 (Resource temporarily unavailable) on X server :0.0. sometimes it print other messages : emanuel@emanuel-desktop:~$ vinagre --file=`python -c print 'A'*115000` (vinagre:8766): Gdk-WARNING **: Native Windows wider or taller than 65535 pixels are not supported The program 'vinagre' received an X Window System error. This probably reflects a bug in the program. The error was 'RenderBadPicture (invalid Picture parameter)'. (Details: serial 313 error_code 158 request_code 148 minor_code 8) (Note to programmers: normally, X errors are reported asynchronously; that is, you will receive the error a while after causing it. To debug your program, run it with the --sync command line option to change this behavior. You can then get a meaningful backtrace from your debugger if you break on the gdk_x_error() function.) ** Affects: vinagre (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to vinagre in Ubuntu. https://bugs.launchpad.net/bugs/793289 Title: DoS window manager with extremely long error -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 793291] [NEW] DoS window manager with extremely long error
Public bug reported: Binary package hint: nautilus displaying extremely long error causes the window manager to crash. test case: emanuel@emanuel-desktop:~$ nautilus `python -c print 'A'*10` ** Affects: nautilus (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in Ubuntu. https://bugs.launchpad.net/bugs/793291 Title: DoS window manager with extremely long error -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 792258] [NEW] gnome-calculator Segmentation fault
Public bug reported: Binary package hint: gcalctool /usr/bin/gnome-calculator crash with Segmentation fault message and throw errors when get long input . test case : emanuel@emanuel-desktop:~$ gcalctool -s `python -c print 'A'*4` gcalctool: malloc.c:3096: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) ((av)-bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd old_size == 0) || ((unsigned long) (old_size) = (unsigned long)__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) ~((2 * (sizeof(size_t))) - 1))) ((old_top)-size 0x1) ((unsigned long)old_end pagemask) == 0)' failed. Aborted emanuel@emanuel-desktop:~$ gcalctool -s `python -c print 'A'*5` Segmentation fault under GDB : Starting program: /usr/bin/gnome-calculator -s `python -c print 'A'*5` [Thread debugging using libthread_db enabled] Program received signal SIGSEGV, Segmentation fault. 0x0805b0e2 in _mp_equation_lex () tested on : gnome-calculator 5.28.2 ** Affects: gcalctool (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gcalctool in Ubuntu. https://bugs.launchpad.net/bugs/792258 Title: gnome-calculator Segmentation fault -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 792063] [NEW] gconf-editor Segmentation fault
Public bug reported: Binary package hint: gconf-editor /usr/bin/gconf-editor crash with Segmentation fault message . test case : emanuel@emanuel-desktop:~$ gconf-editor /A Segmentation fault under GDB : Starting program: /usr/bin/gconf-editor /A [Thread debugging using libthread_db enabled] Program received signal SIGSEGV, Segmentation fault. 0x0805ca52 in ?? () ** Affects: gconf-editor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gconf-editor in Ubuntu. https://bugs.launchpad.net/bugs/792063 Title: gconf-editor Segmentation fault -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 782466] [NEW] command injection in gst-visualise-0.10
Public bug reported:
Binary package hint: gstreamer0.10-plugins-base-apps
/usr/bin/gst-visualise-0.10 have command injection bug .
test case :
1) from first argument ($pipe variable):
emanuel@emanuel-desktop:/tmp$ gst-visualise-0.10 text 2/dev/null ; echo
Systeminj ; #
No configuration file /home/emanuel/.gst found. You might want to create one.
Running gst-launch-0.10 osssrc ! text 2/dev/null ; echo Systeminj ; # ! {
queue ! ffmpegcolorspace ! xvimagesink }
Systeminj
2) from ~/.gst file :
emanuel@emanuel-desktop:/tmp$ cat ~/.gst
AUDIOSRC=test;echo Systeminj;exit;
VIDEOSINK=test;echo Systeminj;exit;
CVS_PATH=test;echo Systeminj;exit;
emanuel@emanuel-desktop:/tmp$ gst-visualise-0.10
Running gst-launch-0.10 test;echo Systeminj;exit; ! goom ! { queue !
ffmpegcolorspace ! test;echo Systeminj;exit; }
Systeminj
the bug can be found at :
$command = gst-launch-0.10 $cfg{AUDIOSRC} ! $pipe ! { queue !
ffmpegcolorspace ! $cfg{VIDEOSINK} };
print Running $command\n;
system (PATH=\$PATH:.$cfg{CVS_PATH}./gstreamer/tools $command);
** Affects: gst-plugins-base0.10 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gst-plugins-base0.10 in Ubuntu.
https://bugs.launchpad.net/bugs/782466
Title:
command injection in gst-visualise-0.10
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
