Hi, Trying to debug a crash (in gajim) I discovered that it was due to a stack buffer overread in gtk+/libX11.
Digging down I am not entirely sure how to interpret it and whether it's libX11's or GTK's fault. Here's what's going on: Gtk+ calls XChangeProperty where the second last parameters are a pointer to a pid, see e.g. [1]. The "format" parameter is "32", which is the bit size. Now in libX11 it ends up crashing in the function _XData32, because it tries to access the variable as a long, which is 64 bit. Now this is kinda documented [2], where it says: "If the specified format is 32, the property data must be a long array." However that is - to put it mildly - unexpected and confusing. If I have a function that lets me tell I want to process a 32 bit value then learning that I have to pass that 32 bit value as a 64 bit value is surely the last thing I expected. Given this API this probably needs to be fixed in gtk by using long instead of pid_t for the pid, but I strongly recommend rethinking that design in libX11 and make it accept 32 bit values. [1] https://github.com/GNOME/gtk/blob/gtk-3-24/gdk/x11/gdkwindow-x11.c#L937 [2] https://tronche.com/gui/x/xlib/window-information/XChangeProperty.html -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
