I try the patch provided by "Jun Kobayashi (jkbys)" on 2017-07-19: x11vnc.debdiff Edit (2.2 KiB, text/plain)
Well... First I change the debdiff to be apply over x11vnc-0.9.13-5 (instead of 0.9.13-2) : after apply the debdiff, generate the package, and install I tested. After 30min NO STACK SMACHING.. I try make popup menu like crazy and no fail. I cannot reproduce the fail anymore. I make a roolback to previus version (only for sanity check) and after 5min stack smashing detected... Then YES, the patch fix the problem. I will continue testing, any problem i will notifi PS; Adj. debdiff Guillermo Reisch El martes, 24 de abril de 2018 04:56:55 -03 Nikita Youshchenko escribió: > Hi. > > Thank you for the reminder. > > As far as I understand, this issue is patched in ubuntu > (https://bugs.launchpad.net/ubuntu/+source/x11vnc/+bug/1686084). > > Did you try their patch? Does it fix the issue for you? > > I've adopted x11vnc package recently and I will try to go through list > of open issues soon. > > Nikita > > > This problem is still present in version: x11vnc 0.9.13-5 (sid) > > > > > > > > Note: Lots of errors in debian are already fixed in patch in a lots of > > bugs! But, lots of package are "orphan"... and you can't upload a simple > > patch without going through a traumatizing "adoption". > > > > > > > > PS: Sory my bad ingles. :-P > > > > > > > > Guillermo Reisch > > > > UInf - FENF - UdelaR > > > >
diff -Nru x11vnc-0.9.13/debian/changelog x11vnc-0.9.13/debian/changelog --- x11vnc-0.9.13/debian/changelog 2018-04-13 11:09:45.000000000 -0300 +++ x11vnc-0.9.13/debian/changelog 2018-04-28 01:52:36.000000000 -0300 @@ -1,3 +1,11 @@ +x11vnc (0.9.13-5ppa1) unstable; urgency=medium + + * Add patches: + - fix_overflow.patch - Two fixes for buffer overflows committed to + https://github.com/LibVNC/x11vnc/pull/25 + + -- Jun Kobayashi <jk...@ubuntu.com> Wed, 19 Jul 2017 12:06:45 +0900 + x11vnc (0.9.13-5) unstable; urgency=low * Split build and install into arch and indep parts (Closes: #895591). diff -Nru x11vnc-0.9.13/debian/patches/fix_overflow.patch x11vnc-0.9.13/debian/patches/fix_overflow.patch --- x11vnc-0.9.13/debian/patches/fix_overflow.patch 1970-01-01 09:00:00.000000000 +0900 +++ x11vnc-0.9.13/debian/patches/fix_overflow.patch 2017-07-19 12:06:45.000000000 +0900 @@ -0,0 +1,28 @@ +Index: x11vnc-0.9.13/x11vnc/win_utils.c +=================================================================== +--- x11vnc-0.9.13.orig/x11vnc/win_utils.c ++++ x11vnc-0.9.13/x11vnc/win_utils.c +@@ -262,8 +262,8 @@ void snapshot_stack_list(int free_only, + } + + last_snap = now; +- if (num > stack_list_len + blackouts) { +- int n = 2*num; ++ if (num + blackouts > stack_list_len) { ++ int n = 2 * (num + blackouts); + free(stack_list); + stack_list = (winattr_t *) malloc(n*sizeof(winattr_t)); + stack_list_len = n; +Index: x11vnc-0.9.13/x11vnc/xrecord.c +=================================================================== +--- x11vnc-0.9.13.orig/x11vnc/xrecord.c ++++ x11vnc-0.9.13/x11vnc/xrecord.c +@@ -964,7 +964,7 @@ if (db > 1) fprintf(stderr, "record_CW-% + data = (char *)req; + data += sz_xConfigureWindowReq; + +- for (i=0; i<req->length; i++) { ++ for (i = 0; i < req->length - sz_xConfigureWindowReq / 4 && i < 4; i++) { + unsigned int v; + /* + * We use unsigned int for the values. There were diff -Nru x11vnc-0.9.13/debian/patches/series x11vnc-0.9.13/debian/patches/series --- x11vnc-0.9.13/debian/patches/series 2018-04-13 11:09:45.000000000 -0300 +++ x11vnc-0.9.13/debian/patches/series 2018-04-28 02:02:34.000000000 -0300 @@ -4,3 +4,4 @@ do-not-run-dbus-launch.patch enforce-bash.patch java_target_source.patch +fix_overflow.patch