Re: [XFree86] Posible format string bug on Xterm Up to last version

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 7 Nov 2003, Agustin wrote:

> Hello, im Agustin Gianni (gr00vy) from argentina. I would like to report
> a bug on xterm (the last version 181 and the one on Slackware 9.0).
> Since im not experienced on format bugs i couldnt make so much to try to
> make a fix o give more info about the bug.

> root@zencracking:/root# HOME=%n%n%n%n%n%n
> root@zencracking:/root# xterm
> Segmentation fault
> root@zencracking:/root# gdb xterm
> (gdb) r
> Starting program: /root/xterm-181/xterm

> Program received signal SIGSEGV, Segmentation fault.
> 0x4026e5bd in _int_malloc () from /lib/libc.so.6
> (gdb) bt
> #0  0x4026e5bd in _int_malloc () from /lib/libc.so.6
> #1  0x4026d6b5 in malloc () from /lib/libc.so.6
> #2  0x4025c003 in __fopen_internal () from /lib/libc.so.6
> #3  0x4025c0ce in fopen@@GLIBC_2.1 () from /lib/libc.so.6
> #4  0x4001e47a in XcursorFilenameSave () from
> /usr/X11R6/lib/libXcursor.so.1
> #5  0x4001e616 in XcursorLibraryLoadImages () from
> /usr/X11R6/lib/libXcursor.so.1
> #6  0x4001e824 in XcursorShapeLoadImages () from
> /usr/X11R6/lib/libXcursor.so.1
> #7  0x4001eb6e in XcursorTryShapeCursor () from
> /usr/X11R6/lib/libXcursor.so.1
> #8  0x4012d628 in _XTryShapeCursor () from /usr/X11R6/lib/libX11.so.6
> #9  0x4012d9e9 in XCreateGlyphCursor () from /usr/X11R6/lib/libX11.so.6
> #10 0x4012de59 in XCreateFontCursor () from /usr/X11R6/lib/libX11.so.6
> #11 0x0805f3ce in make_colored_cursor (cursorindex=68, fg=0,
> bg=16777215) at misc.c:216
> #12 0x0805b578 in get_terminal () at main.c:2467
> #13 0x0805b019 in main (argc=0, argv=0xbffff9e8) at main.c:2111
> #14 0x4020dbb4 in __libc_start_main () from /lib/libc.so.6
> (gdb) i r
> eax            0x808e780        134801280
> ecx            0x40327300       1077048064
> edx            0x40327354       1077048148
> ebx            0x40326234       1077043764
> esp            0xbffff650       0xbffff650
> ebp            0xbffff688       0xbffff688
> esi            0x0      0
> edi            0x0      0
> eip            0x4026e5bd       0x4026e5bd
> eflags         0x10206  66054
> cs             0x23     35
> ss             0x2b     43
> ds             0x2b     43
> es             0x2b     43
> fs             0x0      0
> gs             0x0      0
> fctrl          0x37f    895
> fstat          0x0      0
> ftag           0xffff   65535
> fiseg          0x0      0
> fioff          0x0      0
> foseg          0x0      0
> fooff          0x0      0
> fop            0x0      0
> mxcsr          0x1f80   8064
> orig_eax       0xffffffff       -1

Does it SIGSEGV when $HOME is shortened by one character?  If not, I think
I know where the problem is.

Marc.

+----------------------------------+-----------------------------------+
|  Marc Aurele La France           |  work:   1-780-492-9310           |
|  Computing and Network Services  |  fax:    1-780-492-1729           |
|  352 General Services Building   |  email:  tsi@xxxxxxxxxxx          |
|  University of Alberta           +-----------------------------------+
|  Edmonton, Alberta               |                                   |
|  T6G 2H1                         |     Standard disclaimers apply    |
|  CANADA                          |                                   |
+----------------------------------+-----------------------------------+
XFree86 Core Team member.  ATI driver and X server internals.

_______________________________________________
XFree86 mailing list
XFree86@xxxxxxxxxxx
http://XFree86.Org/mailman/listinfo/xfree86
[Index of Archives]     [X Forum]     [Xorg]     [XFree86 Newbie]     [IETF Announce]     [Security]     [Font Config]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux Kernel]

  Powered by Linux