Alwin <translati...@ziggo.nl> writes:
> Dear List,
>
> I would like to report a crash in FVWM 2.6.5. According to the logs,
> it's a possible buffer overflow. I'm using FVWM-Crystal 3.4.0 SVN rev.
> 767, X.Org server 1.16.4 and Gentoo Linux.
>
> The logs are huge, so it might be a good idea to only copy the relevant
> parts in-line from the attached gzipped files: config.log, build.log,
> session.log and backtrace.txt.
>
> The crash happens when the Volume+ or Volume- button is pressed
> on the keyboard. These are common Multimedia Keys which generate the
> XF86AudioRaiseVolume and XF86AudioLowerVolume KeySyms, and have auto
> repeat enabled by default. The KeySyms have key bindings in
> FVWM-Crystal: see 'Change-Volume-Down' function in the session.log. It
> decreases the volume, and prints the volume level on screen, using a
> function called 'FvwmButtons-Tooltip-Volume' in the session.log.
>
> When these buttons are pressed for about 3 seconds too long, after the
> volume reached 0% (or 100%) already, then FVWM is aborted with
> this log message:
>
> *** buffer overflow detected ***: fvwm terminated
>
> The backtrace leads to the tooltip print function, which might be the
> problem here:
>
> #10 0x0000000000437c89 in sprintf (__fmt=0x4a2898 "%d",
> __s=0x7ffc22de1290 "10wmButtons-Tooltip-Volume (99)") at
> /usr/include/bits/stdio2.h:33
>
>
> Please let me know if more information is needed, or to test a patch.
Looks to me like this line in add_window.c:
char win_name_len[MAX_WINDOW_NAME_NUMBER_DIGITS];
should be:
char win_name_len[MAX_WINDOW_NAME_NUMBER_DIGITS+1];
If you can test that, okay.
If I don't hear otherwise, I'll commit a change in a day or 3.
--
Dan Espen
