Bug#790325: libxaw7: obtaining textSink.textProperties by editres triggers sigsegv in application

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#790325: libxaw7: obtaining textSink.textProperties by editres triggers sigsegv in application
From: "Yuriy M. Kaminskiy" <yumkam@gmail.com>
Date: Sun, 28 Jun 2015 05:09:55 +0300
Message-id: <[🔎] 558F5773.10802@gmail.com>
Reply-to: "Yuriy M. Kaminskiy" <yumkam@gmail.com>, 790325@bugs.debian.org

Package: libxaw7
Version: 2:1.0.12-2+b1
Severity: normal
Tags: patch upstream

Dear Maintainer,

   * What led up to the situation?

1. Run xconsole
2. Run editres
3. Do "Commands|Get Tree" in editres, point to xconsole window

4. In editres: select textSink widget (left mouse click), do"Commands|Show Resource Box"

5. In Resource box, do middle-click on textProperties (to get current
"Resource Value").

   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?

xconsole dies with SIGSEGV:
(gdb) bt

#0 0xf7f75c2f in CvtPropertyListToString (dpy=0x80502f8, args=0x0,num_args=0xffffb004, fromVal=0xffffb158, toVal=0xffffb150,converter_data=0xffffafd8) at ../../src/TextSink.c:1812#1 0xf7ecdc20 in CallConverter (dpy=0x80502f8, converter=0xf7f75c10<CvtPropertyListToString>, args=0x0, num_args=0, from=0xffffb158,to=0xffffb150, cache_ref_return=0xffffb0d8, cP=0x8068dc0)

    at ../../src/Convert.c:733

#2 0xf7ece8a5 in _XtConvert (widget=0x8068e18, from_type=680,from=0xffffb158, to_type=1, to=0xffffb150, cache_ref_return=0xffffb0d8)

    at ../../src/Convert.c:904

#3 0xf7ecef3e in XtConvertAndStore (object=0x8068e18,from_type_str=0xf7f8f910 "XawTextProperties", from=0xffffb158,to_type_str=0x804c225 <XtStrings+1797> "String", to=0xffffb150)

    at ../../src/Convert.c:1013
#4  0xf7f3209b in ?? () from /usr/lib/i386-linux-gnu/libXmu.so.6
#5  0xf7f331de in ?? () from /usr/lib/i386-linux-gnu/libXmu.so.6
#6  0xf7f339db in ?? () from /usr/lib/i386-linux-gnu/libXmu.so.6

#7 0xf7ecad74 in HandleNormal (dpy=dpy@entry=0x80502f8,widget=widget@entry=0x80648a0, property=639, info=0x806ee38,closure=0x12, selection=896) at ../../src/Selection.c:1325#8 0xf7eecb22 in HandleSelectionReplies (widget=0x80648a0,closure=0x806ee38, ev=0xffffd57c, cont=0xffffd354 "\001") at../../src/Selection.c:1425#9 0xf7ed9c9e in CallEventHandlers (mask=<optimized out>,event=0xffffd57c, widget=0x80648a0) at ../../src/Event.c:773

#10 XtDispatchEventToWidget (widget=0x80648a0, event=0xffffd57c)
    at ../../src/Event.c:878

#11 0xf7eda21d in DispatchEvent (widget=<optimized out>,event=<optimized out>)

    at ../../src/Event.c:1288
#12 _XtDefaultDispatcher (event=0xffffd57c) at ../../src/Event.c:1350

#13 0xf7eda41b in XtDispatchEvent (event=0xffffd57c) at../../src/Event.c:1423

#14 0xf7ee6128 in XtAppProcessEvent (app=0x804f868, mask=15)
    at ../../src/NextEvent.c:1397
#15 0xf7eda86b in XtAppMainLoop (app=0x804f868) at ../../src/Event.c:1554
#16 0xf7eda8ad in XtMainLoop () at ../../src/Event.c:1546
#17 0x080493a8 in ?? ()

#18 0xf7bd8a63 in __libc_start_main (main=0x80491f0, argc=1,argv=0xffffd754, init=0x804a1b0, fini=0x804a220,rtld_fini=0xf7febc90 <_dl_fini>, stack_end=0xffffd74c) atlibc-start.c:287

#19 0x08049418 in ?? ()
(gdb) print propl
$1 = (XawTextPropertyList *) 0x0

   * What outcome did you expect instead?

Probably error in the *editres* or something, but certainly not a fatalerror in the examined application?

Attached patch plugs this SIGSEGV, but I'm not sure if it is 100%correct or sufficient.


-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libxaw7 depends on:
ii  libc6              2.19-18
ii  libx11-6           2:1.6.2-3
ii  libxext6           2:1.3.3-1
ii  libxmu6            2:1.1.2-1
ii  libxpm4            1:3.5.11-1+b1
ii  libxt6             1:1.1.4-1+b1
ii  multiarch-support  2.19-18

libxaw7 recommends no packages.

libxaw7 suggests no packages.

-- no debconf information

From: "Yuriy M. Kaminskiy" <yumkam+debian@gmail.com>
Subject: Fix editres-triggered SIGSEGV

Index: libxaw-1.0.12/src/TextSink.c
===================================================================
--- libxaw-1.0.12.orig/src/TextSink.c
+++ libxaw-1.0.12/src/TextSink.c
@@ -1809,8 +1809,13 @@ CvtPropertyListToString(Display *dpy, Xr
 
     propl = *(XawTextPropertyList**)fromVal[0].addr;
 
+    if (propl) {
     buffer = XrmQuarkToString(propl->identifier);
     size = strlen(buffer) + 1;
+    } else {
+	/* FIXME */
+	return (False);
+    }
 
     if (toVal->addr != NULL) {
 	if (toVal->size < size) {

Reply to:

Prev by Date: Bug#686611: xserver-xorg-video-nouveau: Distorted graphics with GeForce 4200Go (NV28)
Next by Date: Bug#789759: libdrm-nouveau2:amd64: X hangs, multiple instances of buffer 212 on validation list
Previous by thread: Bug#686611: xserver-xorg-video-nouveau: Distorted graphics with GeForce 4200Go (NV28)
Next by thread: Bug#790433: xinit: /etc/X11/xinit/xinitrc is not executable
Index(es):
- Date
- Thread