Interesting. Here's the new stacktrace:
(gdb) where
#0 0x08076a5d in add_auth_entry (d=0x80ed300, authlist=0xbf88758c, af=0x0,
af2=0x0, family=0, addr=0x4 <Address 0x4 out of bounds>, addrlen=4) at
auth.c:112
#1 0x08077402 in add_auth_entry_for_addr (d=0x80ed300, authlist=0xbf88758c,
ss=0x0) at auth.c:340
#2 0x080779fc in get_local_auths (d=0x80ed300) at auth.c:474
#3 0x08077f96 in gdm_auth_user_add (d=0x80ed300, user=1001, homedir=0x80ed4db
"/home/brian") at auth.c:561
#4 0x0806a894 in gdm_slave_session_start () at slave.c:4219
#5 0x080628f8 in gdm_slave_run (display=0x80ed300) at slave.c:1591
#6 0x080615da in gdm_slave_start (display=0x80ed300) at slave.c:892
#7 0x0805eb3d in gdm_display_manage (d=0x80ed300) at display.c:398
#8 0x0804f70c in gdm_start_first_unborn_local (delay=0) at gdm.c:266
#9 0x080527b5 in main (argc=1, argv=0xbf888294) at gdm.c:1832
And here's the problem:
if (SERVER_IS_LOCAL (d) && ! added_lo && ! d->tcp_disallowed) {
struct sockaddr_storage *lo_ss = NULL;
/* FIXME: get loobback ss */
if (! add_auth_entry_for_addr (d, &auths, lo_ss)) {
goto get_local_auth_error;
}
}
in get_local_auths(). lo_ss == NULL is passed to
add_auth_entry_for_addr() which doesn't even test it for NULL and starts
using it and ends up assigning one if it's members to "addr" which ends
up being used in a memcpy. Bad.
--
gdm crashes with SIGSEGV
https://bugs.launchpad.net/bugs/116392
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
