Bug#690827: marked as done (kinput2-wnn uses unintialized memory area)

To: Adam Borowski <kilobyte@angband.pl>
Subject: Bug#690827: marked as done (kinput2-wnn uses unintialized memory area)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 12 Feb 2016 10:27:08 +0000
Message-id: <[🔎] handler.690827.D690827.145527263614563.ackdone@bugs.debian.org>
References: <E1aUAtG-0003hk-3c@franck.debian.org> <20121018050711.5567.71433.reportbug@debian-vbox-ci.ddns.intra.ubin.jp>

Your message dated Fri, 12 Feb 2016 10:23:54 +0000
with message-id <E1aUAtG-0003hk-3c@franck.debian.org>
and subject line Bug#690827: fixed in kinput2 3.1-13
has caused the Debian Bug report #690827,
regarding kinput2-wnn uses unintialized memory area
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
690827: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690827
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kinput2-wnn uses unintialized memory area
From: ishikawa <ishikawa@yk.rim.or.jp>
Date: Thu, 18 Oct 2012 14:07:11 +0900
Message-id: <20121018050711.5567.71433.reportbug@debian-vbox-ci.ddns.intra.ubin.jp>

Package: kinput2-wnn
Version: 3.1-10.3
Severity: important
Tags: patch

Dear Maintainer,
*** Please consider answering these questions, where appropriate ***

   * What led up to the situation?
     I was debugging mozila thunderbird issue and suspected a problem
     in XIM protocol handling somewhere in kinput2-wnn and jserver.
     (It turns out libX11 itself has a problem, but I will report it
     separately.)

   * What exactly did you do (or not do) that was effective (or
     ineffective)?
     I ran kinput2-wnn under valgrind when valgrind warned of
     usage of uninitialized memory are.

   * What was the outcome of this action?
     Hard to tell. It could lead to a random strange behavior.

   * What outcome did you expect instead?
     kinput2-wnn should not cause uninitialized memory usage.

*** End of the template - remove these lines ***


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.39-2-686-pae (SMP w/1 CPU core)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages kinput2-wnn depends on:
ii  debconf [debconf-2.0]  1.5.46
ii  freewnn-common         1.1.1~a021+cvs20100325-6
ii  kinput2-common         3.1-10.3
ii  libc6                  2.13-35
ii  libice6                2:1.0.8-2
ii  libsm6                 2:1.2.1-2
ii  libwnn6-1              1.0.0-14.2+b1
ii  libx11-6               2:1.5.0-1
ii  libxaw7                2:1.0.10-2
ii  libxext6               2:1.3.1-2
ii  libxmu6                2:1.1.1-1
ii  libxpm4                1:3.5.10-1
ii  libxt6                 1:1.1.3-1

Versions of packages kinput2-wnn recommends:
ii  xfonts-base  1:1.0.3

Versions of packages kinput2-wnn suggests:
ii  freewnn-jserver  1.1.1~a021+cvs20100325-6

-- debconf information:
  shared/kinput2/wnn/keybindings: Egg


The following patch contains the fix (see bzero() in two places in imxport.c)
as well as fixing the use of sprintf with snprintf, and
inclusion of stdlib to properly declare free/malloc/realloc [gcc
complained about mismatched prototypes.] 

diff -ur kinput2-v3.1/lib/ConvCtrl.c kinput2-v3.1-CI-mods/lib/ConvCtrl.c
--- kinput2-v3.1/lib/ConvCtrl.c	2002-10-03 18:35:27.000000000 +0900
+++ kinput2-v3.1-CI-mods/lib/ConvCtrl.c	2012-10-12 13:46:34.000000000 +0900
@@ -18,6 +18,7 @@
  * Author:  Makoto Ishisone, Software Research Associates, Inc., Japan
  */
 
+#include <stdio.h>
 #include <X11/IntrinsicP.h>
 #include <X11/StringDefs.h>
 #include <X11/Xmu/CharSet.h>
@@ -1247,7 +1248,8 @@
     params[0] = XtClass(w)->core_class.class_name;
     num_params = 1;
 
-    (void)sprintf(buf, "%%s: %s", msg);
+    /*FIXED with snprintf */
+    (void)snprintf(buf, 512, "%%s: %s", msg);
 
     XtAppErrorMsg(XtWidgetToApplicationContext(w),
 		  name, type, "WidgetError", buf, params, &num_params);
Only in kinput2-v3.1-CI-mods/lib: ConvCtrl.c.orig
Only in kinput2-v3.1-CI-mods/lib: ConvCtrl.o
Only in kinput2-v3.1-CI-mods/lib: ConvDisp.o
Only in kinput2-v3.1-CI-mods/lib: ConvMgr.o
Only in kinput2-v3.1-CI-mods/lib: ICLabel.o
Only in kinput2-v3.1-CI-mods/lib: IMProto.o
Only in kinput2-v3.1-CI-mods/lib: InputConv.o
diff -ur kinput2-v3.1/lib/KIProto.c kinput2-v3.1-CI-mods/lib/KIProto.c
--- kinput2-v3.1/lib/KIProto.c	2002-10-03 18:35:28.000000000 +0900
+++ kinput2-v3.1-CI-mods/lib/KIProto.c	2012-10-12 13:45:13.000000000 +0900
@@ -18,6 +18,8 @@
  * Author:  Makoto Ishisone, Software Research Associates, Inc., Japan
  */
 
+/* for sprintf() prototype. */
+#include <stdio.h>
 #include <X11/IntrinsicP.h>
 #include <X11/StringDefs.h>
 #include <X11/Xatom.h>
@@ -314,10 +316,11 @@
     Display *dpy = XtDisplay((Widget)kpw);
     char buf[256];
 
-    (void)sprintf(buf, "_%s_CONVERSION", kpw->kinput.language);
+    /* FIXED with snprintf */
+    (void)snprintf(buf, 256, "_%s_CONVERSION", kpw->kinput.language);
     kpw->kinput.convAtom = XInternAtom(dpy, buf, False);
     if (kpw->kinput.backward_compatible) {
-	(void)sprintf(buf, "%s_CONVERSION", kpw->kinput.language);
+      (void)snprintf(buf, 256, "%s_CONVERSION", kpw->kinput.language);
 	kpw->kinput.oldConvAtom = XInternAtom(dpy, buf, False);
     } else {
 	kpw->kinput.oldConvAtom = None;
@@ -331,7 +334,7 @@
     kpw->kinput.convNotifyAtom = MAKEATOM("CONVERSION_NOTIFY");
     kpw->kinput.convEndAtom = MAKEATOM("CONVERSION_END");
 
-    (void)sprintf(buf, "%s_CONVERSION_VERSION", kpw->kinput.language);
+    (void)snprintf(buf, 256, "%s_CONVERSION_VERSION", kpw->kinput.language);
     kpw->kinput.convVersionAtom = XInternAtom(dpy, buf, False);
     kpw->kinput.convInitialTypeAtom = MAKEATOM("CONVERSION_INITIAL_TYPE");
     kpw->kinput.convOpenNotifyAtom = MAKEATOM("CONVERSION_OPEN_NOTIFY");
Only in kinput2-v3.1-CI-mods/lib: KIProto.o
Only in kinput2-v3.1-CI-mods/lib: Makefile
Only in kinput2-v3.1-CI-mods/lib: OffConv.o
Only in kinput2-v3.1-CI-mods/lib: OnConv.o
Only in kinput2-v3.1-CI-mods/lib: OverConv.o
Only in kinput2-v3.1-CI-mods/lib: WcharDisp.o
Only in kinput2-v3.1-CI-mods/lib: XimpProto.c.orig
Only in kinput2-v3.1-CI-mods/lib: XimpProto.o
Only in kinput2-v3.1-CI-mods/lib/Xsj3clib: Makefile
Only in kinput2-v3.1-CI-mods/lib: asyncerr.o
Only in kinput2-v3.1-CI-mods/lib: cachedatom.o
Only in kinput2-v3.1-CI-mods/lib: cachedfont.o
diff -ur kinput2-v3.1/lib/cconv.c kinput2-v3.1-CI-mods/lib/cconv.c
--- kinput2-v3.1/lib/cconv.c	2002-10-03 18:35:28.000000000 +0900
+++ kinput2-v3.1-CI-mods/lib/cconv.c	2012-10-12 13:29:38.000000000 +0900
@@ -604,6 +604,7 @@
 #endif
 
 #include	<stdio.h>
+#include        <stdlib.h>
 #include	<X11/Xlib.h>
 #include	<X11/keysym.h>
 #include	<X11/Xutil.h>
Only in kinput2-v3.1-CI-mods/lib: cconv.o
Only in kinput2-v3.1-CI-mods/lib: ctext.c.orig
Only in kinput2-v3.1-CI-mods/lib: ctext.o
Only in kinput2-v3.1-CI-mods/lib: dispatch.o
Only in kinput2-v3.1-CI-mods/lib: fontbank.o
Only in kinput2-v3.1-CI-mods/lib: fontset.o
Only in kinput2-v3.1-CI-mods/lib/imlib: Makefile
Only in kinput2-v3.1-CI-mods/lib/imlib: imattr.c.orig
Only in kinput2-v3.1-CI-mods/lib/imlib: imattr.o
Only in kinput2-v3.1-CI-mods/lib/imlib: imbuf.o
Only in kinput2-v3.1-CI-mods/lib/imlib: imconv.o
Only in kinput2-v3.1-CI-mods/lib/imlib: imdata.o
Only in kinput2-v3.1-CI-mods/lib/imlib: imdispatch.o
Only in kinput2-v3.1-CI-mods/lib/imlib: imfuncs.h.orig
Only in kinput2-v3.1-CI-mods/lib/imlib: imic.o
Only in kinput2-v3.1-CI-mods/lib/imlib: improto.o
Only in kinput2-v3.1-CI-mods/lib/imlib: imrequest.o
diff -ur kinput2-v3.1/lib/imlib/imxport.c kinput2-v3.1-CI-mods/lib/imlib/imxport.c
--- kinput2-v3.1/lib/imlib/imxport.c	2002-10-03 18:35:31.000000000 +0900
+++ kinput2-v3.1-CI-mods/lib/imlib/imxport.c	2012-10-12 14:28:27.000000000 +0900
@@ -355,6 +355,9 @@
 
     if ((length = IMBUFLEN(ibp)) == 0) return TRANSPORT_OK;
 
+    /*FIXME: repl time field? */
+    bzero(&repl, sizeof(repl));
+
     repl.type = ClientMessage;
     repl.window = client_win;
 
@@ -569,6 +572,10 @@
 
     TRACE(("IMXConnection()\n"));
 
+    /* FIXME: repl time ? */
+    bzero(&repl, sizeof(repl));
+
+
     if (event->type != ClientMessage ||
 	event->display != dpy ||
 	event->window != XtWindow(protocol) ||
@@ -609,6 +616,7 @@
     repl.data.l[1] = ServerMajorTransportVersion;
     repl.data.l[2] = ServerMinorTransportVersion;
     repl.data.l[3] = XTransportDividingSize;
+
     /* make it safe... */
     h = XAESetIgnoreErrors(dpy);
     XSendEvent(dpy, client_window, False, NoEventMask, (XEvent *)&repl);
Only in kinput2-v3.1-CI-mods/lib/imlib: imxport.o
Only in kinput2-v3.1-CI-mods/lib/imlib: libim.a
diff -ur kinput2-v3.1/lib/ioecall.c kinput2-v3.1-CI-mods/lib/ioecall.c
--- kinput2-v3.1/lib/ioecall.c	2002-10-03 18:35:28.000000000 +0900
+++ kinput2-v3.1-CI-mods/lib/ioecall.c	2012-10-12 13:42:58.000000000 +0900
@@ -23,6 +23,7 @@
  */
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <X11/Xlib.h>
 #include <X11/Xfuncproto.h>
 #include "IOECall.h"
Only in kinput2-v3.1-CI-mods/lib: ioecall.o
Only in kinput2-v3.1-CI-mods/lib: libKi2.a
Only in kinput2-v3.1-CI-mods/lib: parsekey.o
Only in kinput2-v3.1-CI-mods/lib: wnnlib.o
Only in kinput2-v3.1-CI-mods/lib: wstring.o
Only in kinput2-v3.1-CI-mods/lib: xtwstr.o
Only in kinput2-v3.1-CI-mods/lib: xwstr.o
Only in kinput2-v3.1-CI-mods/: reset_state.patch
Only in kinput2-v3.1-CI-mods/sj3def: Makefile
Only in kinput2-v3.1-CI-mods/: t-add.txt

--- End Message ---

--- Begin Message ---

To: 690827-close@bugs.debian.org
Subject: Bug#690827: fixed in kinput2 3.1-13
From: Adam Borowski <kilobyte@angband.pl>
Date: Fri, 12 Feb 2016 10:23:54 +0000
Message-id: <E1aUAtG-0003hk-3c@franck.debian.org>

Source: kinput2
Source-Version: 3.1-13

We believe that the bug you reported is fixed in the latest version of
kinput2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 690827@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Borowski <kilobyte@angband.pl> (supplier of updated kinput2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 12 Feb 2016 11:09:01 +0100
Source: kinput2
Binary: kinput2-common kinput2-canna kinput2-wnn kinput2-canna-wnn
Architecture: source
Version: 3.1-13
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Adam Borowski <kilobyte@angband.pl>
Description:
 kinput2-canna - input server for X11 applications that want Japanese text input
 kinput2-canna-wnn - input server for X11 applications that want Japanese text input
 kinput2-common - Files shared among kinput2 packages
 kinput2-wnn - input server for X11 applications that want Japanese text input
Closes: 690827 808493
Changes:
 kinput2 (3.1-13) unstable; urgency=medium
 .
   * QA upload.
   * Fix FTBFS due to getline() (closes: #808493).
   * Apply a patch by ishikawa to fix a bunch of uninitialized memory uses
     and buffer overflows (closes: #690827).
   * Improve short descriptions.
   * Make debian/rules more up-to-date (debhelper 9, dh_prep, build-arch).
   * Pass dpkg-buildflags.
Checksums-Sha1:
 61886bf382e04f480399dc8cc1c06fe905fb21b5 1624 kinput2_3.1-13.dsc
 e629ea2b42aeeab2344acabe20f66d91dd3da5a9 17001 kinput2_3.1-13.diff.gz
Checksums-Sha256:
 51c93ffabff30a651db7ff9f525f07f03b0d85c8705b279eb93e7f8f21896da9 1624 kinput2_3.1-13.dsc
 2fecd76040a34f9953719043ffddac05e48999ee940447d905d8d620aa51d966 17001 kinput2_3.1-13.diff.gz
Files:
 ef49757eb859e5280fbcf2cc8881ed62 1624 x11 optional kinput2_3.1-13.dsc
 d3ef63abf69b9815f54442bbb8046b33 17001 x11 optional kinput2_3.1-13.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWva90AAoJECw7Q2/qxoEBmpcH/03G51fyTc2waG966gfbt0qC
H3J3Rn//dGqKs+lqgJKehcQsEzHgjaZS7v7qoyKd9AnsBvlu3xcFfCF/hpKRsjmc
BiEf/8htrfP8p2qJcmXd1bDMQ1Cx6iCu8HxNf3kmfEiG6AoVyBCCd/GHEhq1JgPH
KcXx7Q4E+q5giU9lx/JajoncHIzGWWDio7dPqqiPhNTpt1iwbkWykyXzPoAV0q4G
fkZkn7pfAnLUP+X5Fnb5vFr904qbrM5fyAZT/ZFISYO4hixGeBre6ccA80ClJRKH
+/6R74FAxTRdF7h4YjnUJSC1OPGZSgbFzaMUPbh1OYL3v6061Ya2N2JAQrs5lbw=
=yERD
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Processing of aj-snapshot_0.9.6-2_amd64.changes
Next by Date: Bug#808493: marked as done (kinput2: FTBFS: cconv.c:793:15: error: conflicting types for ‘getline’)
Previous by thread: Processing of aj-snapshot_0.9.6-2_amd64.changes
Next by thread: Bug#808493: marked as done (kinput2: FTBFS: cconv.c:793:15: error: conflicting types for ‘getline’)
Index(es):
- Date
- Thread