From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Oct 5 10:30:07 2011 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 75504106566B for ; Wed, 5 Oct 2011 10:30:07 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 492C08FC17 for ; Wed, 5 Oct 2011 10:30:07 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p95AU73e036851 for ; Wed, 5 Oct 2011 10:30:07 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p95AU7Cg036848; Wed, 5 Oct 2011 10:30:07 GMT (envelope-from gnats) Resent-Date: Wed, 5 Oct 2011 10:30:07 GMT Resent-Message-Id: <201110051030.p95AU7Cg036848@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Guido Falsi Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 15EEE1065672 for ; Wed, 5 Oct 2011 10:24:55 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from megatron.madpilot.net (megatron.madpilot.net [88.149.173.206]) by mx1.freebsd.org (Postfix) with ESMTP id 7E3BC8FC17 for ; Wed, 5 Oct 2011 10:24:54 +0000 (UTC) Received: from megatron.madpilot.net (localhost [127.0.0.1]) by megatron.madpilot.net (Postfix) with ESMTP id BC67F1215 for ; Wed, 5 Oct 2011 12:24:52 +0200 (CEST) Received: from megatron.madpilot.net ([127.0.0.1]) by megatron.madpilot.net (megatron.madpilot.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id uc2CUh3VtvEG for ; Wed, 5 Oct 2011 12:24:50 +0200 (CEST) Received: by megatron.madpilot.net (Postfix, from userid 1000) id 86C0F1214; Wed, 5 Oct 2011 12:24:49 +0200 (CEST) Message-Id: <20111005102449.86C0F1214@megatron.madpilot.net> Date: Wed, 5 Oct 2011 12:24:49 +0200 (CEST) From: Guido Falsi To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/161298: x11/rxvt-unicode: fix segfault on 9.0-BETA3 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Guido Falsi List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Oct 2011 10:30:07 -0000 >Number: 161298 >Category: ports >Synopsis: x11/rxvt-unicode: fix segfault on 9.0-BETA3 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Oct 05 10:30:06 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Guido Falsi >Release: FreeBSD 8.2-STABLE amd64 >Organization: none >Environment: System: FreeBSD vwg82. 9.0-BETA3 FreeBSD 9.0-BETA3 #11 r: Tue Oct 4 14:43:04 CEST 2011 root@vwg82.:/usr/obj/usr/src/sys/VWG82 amd64 >Description: After upgrading to 9.0-BETA3 and upgrading rxvt-unicode to last version the urxvtd program started segfaulting when trying to open a terminal. After some debugging I nailed it down to a 0 pointer being passed to strncpy() in libptytty/src/logging.C. A new patch in the last update to the port happens to call fill_utmpx() in that file with an argument(a pointer) set to 0 for certain conditions(on 9.0, for example). There is no check in the function for NULL or 0 pointers though, so strncpy() gets passed a 0 pointer, resulting in a segmentation fault. My fix simply adds a conditional check and skips the strncpy() when the id argument is set to zero. >How-To-Repeat: On a recent 9.0 system: Install x11/rxvt-unicode Launch "urxvtd -o" in a terminal window.(due to the bug I've been using xterm) >From another terminal window try opening a rxvt-unicode terminal by using the daemon, with "urxvtc". the terminal should not open and the daemon exit on signal 11. If gdb is used on urxvtd the stack will show it segfaults in strncpy() called from fill_utmpx(). >Fix: diff -ruN rxvt-unicode.old/files/patch-libptytty-src-logging.C rxvt-unicode/files/patch-libptytty-src-logging.C --- rxvt-unicode.old/files/patch-libptytty-src-logging.C 2011-10-05 12:08:36.337167497 +0200 +++ rxvt-unicode/files/patch-libptytty-src-logging.C 2011-10-05 12:09:00.296169739 +0200 @@ -1,6 +1,16 @@ ---- libptytty/src/logging.C.orig 2011-05-31 00:59:42.000000000 +0400 -+++ libptytty/src/logging.C 2011-09-21 16:19:44.000000000 +0400 -@@ -284,11 +284,19 @@ +--- libptytty/src/logging.C.orig 2011-05-30 22:59:42.000000000 +0200 ++++ libptytty/src/logging.C 2011-10-05 11:12:04.370185467 +0200 +@@ -223,7 +223,8 @@ + // records, but most implementations of last use ut_line to + // associate records in wtmp file + strncpy (utx->ut_line, line, sizeof (utx->ut_line)); +- strncpy (utx->ut_id, id, sizeof (utx->ut_id)); ++ if(id) ++ strncpy (utx->ut_id, id, sizeof (utx->ut_id)); + utx->ut_pid = pid; + utx->ut_type = login ? USER_PROCESS : DEAD_PROCESS; + utx->ut_tv.tv_sec = time (NULL); +@@ -284,11 +285,19 @@ #endif #ifdef HAVE_STRUCT_UTMP @@ -20,7 +30,7 @@ #endif #ifdef HAVE_STRUCT_UTMP -@@ -363,11 +371,19 @@ +@@ -363,11 +372,19 @@ #endif #ifdef HAVE_STRUCT_UTMP >Release-Note: >Audit-Trail: >Unformatted: