Re: Crash in FVWM (bug report)

2015-11-08 Thread Dan Espen
Alwin  writes:

> Dear List,
>
> I would like to report a crash in FVWM 2.6.5. According to the logs,
> it's a possible buffer overflow. I'm using FVWM-Crystal 3.4.0 SVN rev.
> 767, X.Org server 1.16.4 and Gentoo Linux.
>
> The logs are huge, so it might be a good idea to only copy the relevant
> parts in-line from the attached gzipped files: config.log, build.log,
> session.log and backtrace.txt.
>
> The crash happens when the Volume+ or Volume- button is pressed
> on the keyboard. These are common Multimedia Keys which generate the
> XF86AudioRaiseVolume and XF86AudioLowerVolume KeySyms, and have auto
> repeat enabled by default. The KeySyms have key bindings in
> FVWM-Crystal: see 'Change-Volume-Down' function in the session.log. It
> decreases the volume, and prints the volume level on screen, using a
> function called 'FvwmButtons-Tooltip-Volume' in the session.log.
>
> When these buttons are pressed for about 3 seconds too long, after the
> volume reached 0% (or 100%) already, then FVWM is aborted with
> this log message:
>
> *** buffer overflow detected ***: fvwm terminated
>
> The backtrace leads to the tooltip print function, which might be the
> problem here:
>
> #10 0x00437c89 in sprintf (__fmt=0x4a2898 "%d",
> __s=0x7ffc22de1290 "10wmButtons-Tooltip-Volume (99)") at
> /usr/include/bits/stdio2.h:33
>
>
> Please let me know if more information is needed, or to test a patch.

Looks to me like this line in add_window.c:

char win_name_len[MAX_WINDOW_NAME_NUMBER_DIGITS];

should be:

char win_name_len[MAX_WINDOW_NAME_NUMBER_DIGITS+1];

If you can test that, okay.
If I don't hear otherwise, I'll commit a change in a day or 3.

-- 
Dan Espen



Re: Crash in FVWM (bug report)

2015-11-08 Thread Alwin

Dan Espen schreef:
> Alwin  writes:
>
>> Dear List,
>>
>> I would like to report a crash in FVWM 2.6.5. According to the logs,
>> it's a possible buffer overflow. I'm using FVWM-Crystal 3.4.0 SVN
>> rev. 767, X.Org server 1.16.4 and Gentoo Linux.
>>
>> The logs are huge, so it might be a good idea to only copy the
>> relevant parts in-line from the attached gzipped files:
>> config.log, build.log, session.log and backtrace.txt.
>>
>> The crash happens when the Volume+ or Volume- button is pressed
>> on the keyboard. These are common Multimedia Keys which generate the
>> XF86AudioRaiseVolume and XF86AudioLowerVolume KeySyms, and have auto
>> repeat enabled by default. The KeySyms have key bindings in
>> FVWM-Crystal: see 'Change-Volume-Down' function in the session.log.
>> It decreases the volume, and prints the volume level on screen,
>> using a function called 'FvwmButtons-Tooltip-Volume' in the
>> session.log.
>>
>> When these buttons are pressed for about 3 seconds too long, after
>> the volume reached 0% (or 100%) already, then FVWM is aborted with
>> this log message:
>>
>> *** buffer overflow detected ***: fvwm terminated
>>
>> The backtrace leads to the tooltip print function, which might be the
>> problem here:
>>
>> #10 0x00437c89 in sprintf (__fmt=0x4a2898 "%d",
>> __s=0x7ffc22de1290 "10wmButtons-Tooltip-Volume (99)") at
>> /usr/include/bits/stdio2.h:33
>>
>>
>> Please let me know if more information is needed, or to test a patch.
>
> Looks to me like this line in add_window.c:
>
>char win_name_len[MAX_WINDOW_NAME_NUMBER_DIGITS];
>
> should be:
>
>char win_name_len[MAX_WINDOW_NAME_NUMBER_DIGITS+1];
>
> If you can test that, okay.
> If I don't hear otherwise, I'll commit a change in a day or 3.
>

I've made the change, recompiled and it now works fine! The crash is
gone. Thank you very much for the quick fix.


Kind regards,


--
[alwin]