[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#418016: Recent security update of libx11-6 (1.0.3-7) made opera segfault

On Fri, Apr 06, 2007 at 12:07:36PM +0200, Brice Goglin wrote:
> forcemerge 417816 418016
> retitle 417816 libx11-6: upgrade to 2:1.0.3-7 makes opera segfault at
> startup
> thank you

> Yes, it has already been reported on the Debian/Gentoo/Opera/Xorg BTS. But I
> don't think anybody posted an interesting backtrace yet, so it's kind of
> hard to know what's going on.

Backtrace won't be very interesting without an unstripped binary.

Here's a diff of valgrind output between the non-working and working cases,
though, showing where opera goes south:

-==3864== Invalid read of size 4
-==3864==    at 0x8072130: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x8076204: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x8613575: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x86F60E2: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x86F3D09: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x86F665E: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x86F6F53: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x8181065: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x8758894: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x8758C55: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x875CAB9: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x875C332: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
-==3864== 
-==3864==  Access not within mapped region at address 0x0
-==3864==    at 0x8072130: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x8076204: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x8613575: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x86F60E2: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x86F3D09: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x86F665E: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x86F6F53: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x8181065: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x8758894: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x8758C55: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x875CAB9: (within /usr/lib/opera/9.10-20061214.6/opera)
-==3864==    by 0x875C332: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864== Syscall param writev(vector[...]) points to uninitialised byte(s)
+==3864==    at 0x4693153: writev (in /lib/tls/libc-2.3.6.so)
+==3864==    by 0x447A69D: (within /usr/lib/libX11.so.6.2.0)
+==3864==    by 0x447A2DE: _X11TransWritev (in /usr/lib/libX11.so.6.2.0)
+==3864==    by 0x447F9CD: _XSend (in /usr/lib/libX11.so.6.2.0)
+==3864==    by 0x445E017: XListFonts (in /usr/lib/libX11.so.6.2.0)
+==3864==    by 0x865D7F3: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864==    by 0x865DBFF: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864==    by 0x8806E11: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864==    by 0x880615A: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864==    by 0x8661C6F: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864==    by 0x8083CAC: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864==    by 0x8086A64: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864==  Address 0x8A2FCB3 is not stack'd, malloc'd or (recently) free'd
 ==3864== 
-==3864== ERROR SUMMARY: 18 errors from 9 contexts (suppressed: 67 from 1)
+==3864== Syscall param write(buf) points to uninitialised byte(s)
+==3864==    at 0x457536E: __write_nocancel (in /lib/tls/libpthread-2.3.6.so)
+==3864==    by 0x447A27E: _X11TransWrite (in /usr/lib/libX11.so.6.2.0)
+==3864==    by 0x447FBB5: (within /usr/lib/libX11.so.6.2.0)
+==3864==    by 0x4458517: XCopyArea (in /usr/lib/libX11.so.6.2.0)
+==3864==    by 0x8075E96: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864==    by 0x8076D17: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864==    by 0x8079AAA: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864==    by 0x8079EA6: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864==    by 0x8091314: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864==    by 0x80914AC: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864==    by 0x875A50B: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864==    by 0x875BD2D: (within /usr/lib/opera/9.10-20061214.6/opera)
+==3864==  Address 0x8A2FC7E is not stack'd, malloc'd or (recently) free'd

So this gets you closer to the point of the failure, but still needs
unstripped opera source to make any progress on from this angle.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/
Reply to: