Bug 166144
Summary: | "*** buffer overflow detected ***" abort in MrmOpenHierarchyPerDisplay() | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Dmitry Bolkhovityanov <d.yu.bolkhovityanov> | ||||||
Component: | openmotif | Assignee: | Thomas Woerner <twoerner> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | high | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 4 | CC: | beccuti | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | i686 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2005-09-02 16:17:48 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Dmitry Bolkhovityanov
2005-08-17 11:59:35 UTC
Created attachment 117831 [details]
A test case
Created attachment 117833 [details]
A text "screenshot" of the abort
question: can you make sure that your local openmotif build uses "-D_FORTIFY_SOURCE=2" as part of the CFLAGs ? That is to compare apples to apples, eg enable buffer overflow checking as well in your local build This was a bug in the Motif code (patch below) It did XtNumber on a char pointer, which isn't allowed, XtNumber() is only allowed on static sized buffers not on dynamic sized ones. diff -u openMotif-2.2.3/lib/Mrm/MrmIheader.c~ openMotif-2.2.3/lib/Mrm/MrmIheader.c --- openMotif-2.2.3/lib/Mrm/MrmIheader.c~ 2005-08-22 10:13:49.712349972 +0200 +++ openMotif-2.2.3/lib/Mrm/MrmIheader.c 2005-08-22 10:13:49.712349972 +0200 @@ -228,9 +228,11 @@ { /* sscanf() may call ungetc(), which would write the XmConst string. */ - char buf[strlen(idb__database_version) + 1]; + char *buf; + buf = XtMalloc(strlen(idb__database_version) + 1); strcpy(buf, idb__database_version); sscanf(buf, "URM %d.%d", &db_major, &db_minor); + XtFree(buf); } if ((file_major > db_major) || woops wrong patch: --- openMotif-2.2.3/lib/Mrm/MrmIheader.c.org 2005-08-22 10:11:08.951763921 +0200 +++ openMotif-2.2.3/lib/Mrm/MrmIheader.c 2005-08-22 10:13:49.712349972 +0200 @@ -228,9 +228,11 @@ { /* sscanf() may call ungetc(), which would write the XmConst string. */ - char buf[XtNumber(idb__database_version) + 1]; + char *buf; + buf = XtMalloc(strlen(idb__database_version) + 1); strcpy(buf, idb__database_version); sscanf(buf, "URM %d.%d", &db_major, &db_minor); + XtFree(buf); } if ((file_major > db_major) || Yes, patch at comment#5 cures the problem. I've filed a bugreport to OpenMotif's Bugzilla too -- http://bugs.motifzone.net/show_bug.cgi?id=1304 *** Bug 167094 has been marked as a duplicate of this bug. *** Fixed in FC3-updates in rpm openmotif-2.2.3-10.FC3.1 FC4-updates in rpm openmotif-2.2.3-10.FC4.1 rawhide in rpm openmotif-2.2.3-11 |