|
Bugzilla – Full Text Bug Listing |
| Summary: | xisdnload terminates program execution with buffer overflow message | ||
|---|---|---|---|
| Product: | [openSUSE] SUSE LINUX 10.0 | Reporter: | Christoph Pfeiler <christoph-erdmann.pfeiler> |
| Component: | ISDN | Assignee: | Karsten Keil <karsten.keil> |
| Status: | VERIFIED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | ||
| Version: | RC 4 | ||
| Target Milestone: | --- | ||
| Hardware: | i686 | ||
| OS: | All | ||
| Whiteboard: | |||
| Found By: | Beta-Customer | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | fix the bufferoverflow | ||
|
Description
Christoph Pfeiler
2005-09-21 13:57:51 UTC
I can reproduce it on RC4, but think this is related to core X or maybe a gcc problem. I'll provide backtraces soon. here is the bt.
What made me thinking about a gcc issue is, that the programm crash if
compiled with -O2 -O1 but not with -O0. Note: Only the option for the program
was changed, not the Options of the linked libs, but the crash in in some of
the lib functions. All other GCC options are the same.
#0 0xb7f9d80f in _dl_catch_error () from /lib/ld-linux.so.2
#1 0xb7d32546 in _dl_open () from /lib/tls/libc.so.6
#2 0xb7c3dd68 in dlopen_doit () from /lib/libdl.so.2
#3 0xb7f9d82f in _dl_catch_error () from /lib/ld-linux.so.2
#4 0xb7c3e37e in _dlerror_run () from /lib/libdl.so.2
#5 0xb7c3ddc1 in dlopen@@GLIBC_2.1 () from /lib/libdl.so.2
#6 0xb7d76be9 in open_library () at CrGlCur.c:69
#7 0xb7d76d27 in _XNoticeCreateBitmap (dpy=0x2, pid=2, width=2, height=2) at
CrGlCur.c:185
#8 0xb7d772ed in XCreatePixmap (dpy=0x8053800, d=2, width=<value optimized
out>, height=<value optimized out>,
depth=1) at CrPixmap.c:58
#9 0xb7d76180 in XCreateBitmapFromData (display=0x8053800, d=2, data=0x2
<Address 0x2 out of bounds>, width=32,
height=32) at CrBFData.c:59
#10 0x08049c52 in main (argc=1, argv=0xbfea3e54) at xisdnload.c:520
#11 0xb7c55ea0 in __libc_start_main () from /lib/tls/libc.so.6
#12 0x08049071 in _start () at start.S:119
OK, it's a classic buffer overflow. gdb got me on th false track, since it stops in stepping always on dlopen function calls, what I misinterpreted as part of the error handling. Note: To get useful debug info, you have to install at least i4l-base-debuginfo package (I know they are not longer available for the old previews). Created attachment 50746 [details]
fix the bufferoverflow
We need and update for i4l-base. Approved, Maintenance-Tracker-2376 released After performing an online update of all available components, the behaviour changed - xisdnload can be invoked without buffer overflow, if the isdn line is not in use. When the line is accessed, the window background colour changes to yellow and a buffer overflow terminates the program. :-(( This is the result of fixing a bug on a conference without having a ISDN line available. This tool is really crap from viewpoint code quality ... A test package is available on: ftp://ftp.suse.com/pub/people/kkeil/testing/10.0/... Please test and report if this fix it on your side too. Andreas do I need a new Maintenance-Tracker ID for the additional update ? Yes, we need another SWAMP-ID: Maintenance-Tracker-2687 Christoph, did you test this ? I really want your feedback, before I risk the next update :-) any news here? |