Package: xauth
Version: 1:1.0.10-1
Architecture: arm64
Running 'startx' on a machine named 'myhost' (aarch64), with a sub-directory
named 'myhost' in my home directory: X starts very slowly, and I see the
message:
xauth: timeout in locking authority file /home/john/.Xauthority
Here's what happens: the 'startx' script calls 'xauth list' in a loop (line
199) and the first call crashes after receiving SIG_SEGV; this leaves its lock
files in place, and the next instance of xauth times out waiting for them to go
away.
I think I've traced the reason for 'xauth list' crashing: my .Xauthority file
contains a line like this:
myhost:0 MIT-MAGIC-COOKIE-1 <some value>
and while processing this for printing, there's some code in parsedpy.c (line
178) that does this:
if (0 == stat(path, &sbuf))
family = FamilyLocal;
and this test succeeds because 'myhost' is the name of a valid file (actually a
directory)
Then later on in gethost.c we have:
switch (family) {
case FamilyLocal: /* hostname/unix:0 */
...
if (0 == stat(path, &sbuf))
is_path_to_socket = 1;
...
if (is_path_to_socket)
strncpy(buf, strrchr(fulldpyname, '/') + 1,
sizeof(buf));
But there is no '/' in the name, so we end up passing a null pointer to
strncpy(), which crashes the whole program.
