Date: Wed, 5 Oct 2011 12:24:49 +0200 (CEST) From: Guido Falsi <mad@madpilot.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/161298: x11/rxvt-unicode: fix segfault on 9.0-BETA3 Message-ID: <20111005102449.86C0F1214@megatron.madpilot.net> Resent-Message-ID: <201110051030.p95AU7Cg036848@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 161298 >Category: ports >Synopsis: x11/rxvt-unicode: fix segfault on 9.0-BETA3 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Oct 05 10:30:06 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Guido Falsi >Release: FreeBSD 8.2-STABLE amd64 >Organization: none >Environment: System: FreeBSD vwg82.<removed> 9.0-BETA3 FreeBSD 9.0-BETA3 #11 r: Tue Oct 4 14:43:04 CEST 2011 root@vwg82.<removed>:/usr/obj/usr/src/sys/VWG82 amd64 >Description: After upgrading to 9.0-BETA3 and upgrading rxvt-unicode to last version the urxvtd program started segfaulting when trying to open a terminal. After some debugging I nailed it down to a 0 pointer being passed to strncpy() in libptytty/src/logging.C. A new patch in the last update to the port happens to call fill_utmpx() in that file with an argument(a pointer) set to 0 for certain conditions(on 9.0, for example). There is no check in the function for NULL or 0 pointers though, so strncpy() gets passed a 0 pointer, resulting in a segmentation fault. My fix simply adds a conditional check and skips the strncpy() when the id argument is set to zero. >How-To-Repeat: On a recent 9.0 system: Install x11/rxvt-unicode Launch "urxvtd -o" in a terminal window.(due to the bug I've been using xterm) >From another terminal window try opening a rxvt-unicode terminal by using the daemon, with "urxvtc". the terminal should not open and the daemon exit on signal 11. If gdb is used on urxvtd the stack will show it segfaults in strncpy() called from fill_utmpx(). >Fix: diff -ruN rxvt-unicode.old/files/patch-libptytty-src-logging.C rxvt-unicode/files/patch-libptytty-src-logging.C --- rxvt-unicode.old/files/patch-libptytty-src-logging.C 2011-10-05 12:08:36.337167497 +0200 +++ rxvt-unicode/files/patch-libptytty-src-logging.C 2011-10-05 12:09:00.296169739 +0200 @@ -1,6 +1,16 @@ ---- libptytty/src/logging.C.orig 2011-05-31 00:59:42.000000000 +0400 -+++ libptytty/src/logging.C 2011-09-21 16:19:44.000000000 +0400 -@@ -284,11 +284,19 @@ +--- libptytty/src/logging.C.orig 2011-05-30 22:59:42.000000000 +0200 ++++ libptytty/src/logging.C 2011-10-05 11:12:04.370185467 +0200 +@@ -223,7 +223,8 @@ + // records, but most implementations of last use ut_line to + // associate records in wtmp file + strncpy (utx->ut_line, line, sizeof (utx->ut_line)); +- strncpy (utx->ut_id, id, sizeof (utx->ut_id)); ++ if(id) ++ strncpy (utx->ut_id, id, sizeof (utx->ut_id)); + utx->ut_pid = pid; + utx->ut_type = login ? USER_PROCESS : DEAD_PROCESS; + utx->ut_tv.tv_sec = time (NULL); +@@ -284,11 +285,19 @@ #endif #ifdef HAVE_STRUCT_UTMP @@ -20,7 +30,7 @@ #endif #ifdef HAVE_STRUCT_UTMP -@@ -363,11 +371,19 @@ +@@ -363,11 +372,19 @@ #endif #ifdef HAVE_STRUCT_UTMP >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111005102449.86C0F1214>