[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#790325: marked as done (libxaw7: obtaining textSink.textProperties by editres triggers sigsegv in application)

Your message dated Fri, 1 Nov 2024 18:24:48 +0100
with message-id <ZyUO4DRcFjRwKLTw@carotte>
and subject line Re: Bug#790325: libxaw7: obtaining textSink.textProperties by editres triggers sigsegv in application
has caused the Debian Bug report #790325,
regarding libxaw7: obtaining textSink.textProperties by editres triggers sigsegv in application
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
790325: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790325
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: libxaw7
Version: 2:1.0.12-2+b1
Severity: normal
Tags: patch upstream

Dear Maintainer,

   * What led up to the situation?

1. Run xconsole
2. Run editres
3. Do "Commands|Get Tree" in editres, point to xconsole window
4. In editres: select textSink widget (left mouse click), do "Commands|Show Resource Box" 
5. In Resource box, do middle-click on textProperties (to get current
"Resource Value").

   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?

xconsole dies with SIGSEGV:
(gdb) bt
#0 0xf7f75c2f in CvtPropertyListToString (dpy=0x80502f8, args=0x0, num_args=0xffffb004, fromVal=0xffffb158, toVal=0xffffb150, converter_data=0xffffafd8) at ../../src/TextSink.c:1812 #1 0xf7ecdc20 in CallConverter (dpy=0x80502f8, converter=0xf7f75c10 <CvtPropertyListToString>, args=0x0, num_args=0, from=0xffffb158, to=0xffffb150, cache_ref_return=0xffffb0d8, cP=0x8068dc0) 
    at ../../src/Convert.c:733
#2 0xf7ece8a5 in _XtConvert (widget=0x8068e18, from_type=680, from=0xffffb158, to_type=1, to=0xffffb150, cache_ref_return=0xffffb0d8) 
    at ../../src/Convert.c:904
#3 0xf7ecef3e in XtConvertAndStore (object=0x8068e18, from_type_str=0xf7f8f910 "XawTextProperties", from=0xffffb158, to_type_str=0x804c225 <XtStrings+1797> "String", to=0xffffb150) 
    at ../../src/Convert.c:1013
#4  0xf7f3209b in ?? () from /usr/lib/i386-linux-gnu/libXmu.so.6
#5  0xf7f331de in ?? () from /usr/lib/i386-linux-gnu/libXmu.so.6
#6  0xf7f339db in ?? () from /usr/lib/i386-linux-gnu/libXmu.so.6
#7 0xf7ecad74 in HandleNormal (dpy=dpy@entry=0x80502f8, widget=widget@entry=0x80648a0, property=639, info=0x806ee38, closure=0x12, selection=896) at ../../src/Selection.c:1325 #8 0xf7eecb22 in HandleSelectionReplies (widget=0x80648a0, closure=0x806ee38, ev=0xffffd57c, cont=0xffffd354 "\001") at ../../src/Selection.c:1425 #9 0xf7ed9c9e in CallEventHandlers (mask=<optimized out>, event=0xffffd57c, widget=0x80648a0) at ../../src/Event.c:773 
#10 XtDispatchEventToWidget (widget=0x80648a0, event=0xffffd57c)
    at ../../src/Event.c:878
#11 0xf7eda21d in DispatchEvent (widget=<optimized out>, event=<optimized out>) 
    at ../../src/Event.c:1288
#12 _XtDefaultDispatcher (event=0xffffd57c) at ../../src/Event.c:1350
#13 0xf7eda41b in XtDispatchEvent (event=0xffffd57c) at ../../src/Event.c:1423 
#14 0xf7ee6128 in XtAppProcessEvent (app=0x804f868, mask=15)
    at ../../src/NextEvent.c:1397
#15 0xf7eda86b in XtAppMainLoop (app=0x804f868) at ../../src/Event.c:1554
#16 0xf7eda8ad in XtMainLoop () at ../../src/Event.c:1546
#17 0x080493a8 in ?? ()
#18 0xf7bd8a63 in __libc_start_main (main=0x80491f0, argc=1, argv=0xffffd754, init=0x804a1b0, fini=0x804a220, rtld_fini=0xf7febc90 <_dl_fini>, stack_end=0xffffd74c) at libc-start.c:287 
#19 0x08049418 in ?? ()
(gdb) print propl
$1 = (XawTextPropertyList *) 0x0

   * What outcome did you expect instead?
Probably error in the *editres* or something, but certainly not a fatal error in the examined application?
Attached patch plugs this SIGSEGV, but I'm not sure if it is 100% correct or sufficient. 

-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libxaw7 depends on:
ii  libc6              2.19-18
ii  libx11-6           2:1.6.2-3
ii  libxext6           2:1.3.3-1
ii  libxmu6            2:1.1.2-1
ii  libxpm4            1:3.5.11-1+b1
ii  libxt6             1:1.1.4-1+b1
ii  multiarch-support  2.19-18

libxaw7 recommends no packages.

libxaw7 suggests no packages.

-- no debconf information


From: "Yuriy M. Kaminskiy" <yumkam+debian@gmail.com>
Subject: Fix editres-triggered SIGSEGV

Index: libxaw-1.0.12/src/TextSink.c
===================================================================
--- libxaw-1.0.12.orig/src/TextSink.c
+++ libxaw-1.0.12/src/TextSink.c
@@ -1809,8 +1809,13 @@ CvtPropertyListToString(Display *dpy, Xr
 
     propl = *(XawTextPropertyList**)fromVal[0].addr;
 
+    if (propl) {
     buffer = XrmQuarkToString(propl->identifier);
     size = strlen(buffer) + 1;
+    } else {
+	/* FIXME */
+	return (False);
+    }
 
     if (toVal->addr != NULL) {
 	if (toVal->size < size) {

--- End Message ---
--- Begin Message --- 
Version: 2:1.0.14-1

On Tue, Mar  5, 2019 at 11:05:54 +0300, Yuriy M. Kaminskiy wrote:

> Control: tags -1 fixed-upstream
> 
> Almost 4 years later, this bug is still present in stretch and buster.
> 
> Similar patch was applied upstream (with minor changes) in 2016-01-01, more than three years ago,
> commit 4a7626b5127c0eb597cd2b8d0ae3de0286b74d7c
> 
Thanks.  This fix was in libXaw 1.0.14, now in stable.

Cheers,
Julien

--- End Message ---
Reply to: