Bug 18579

Summary: libsafe kills sawfish
Product: [Retired] Red Hat Linux Reporter: Need Real Name <chris>
Component: sawfishAssignee: Havoc Pennington <hp>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: high Docs Contact:
Priority: medium    
Version: 7.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-10-10 22:18:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Need Real Name 2000-10-07 00:05:16 UTC 
I can reliably enduce libsafe to kill sawfish. Opening the "Configure
Update Agent" item from the Gnome "Programs->System" menu and entering the
root passwd gives the following in /var/log/secure:

Oct  7 00:48:02 tenshu libsafe.so[5877]: version 1.3
Oct  7 00:48:02 tenshu libsafe.so[5877]: detected an attempt to write
across stack boundary.
Oct  7 00:48:02 tenshu libsafe.so[5877]: terminating /usr/bin/sawfish
Oct  7 00:48:02 tenshu libsafe.so[5877]: overflow caused by memcpy()

This is using the versions of libsafe and sawfish supplied as part of
RedHat 7.0 (my system was 6.1 with more recent versions of librep, rep-gtk
and sawfish, upgraded to RH7 using the RedHat installer)
Comment 1 Need Real Name 2000-10-07 00:07:15 UTC 
I have just built and installed an RPM of sawfish-0.31 from the official site
and the segfault is no longer present.
Looks like RH needs to issue an update of this package.
Comment 2 Havoc Pennington 2000-10-10 22:18:40 UTC 
Forwarded upstream to the sawfish maintainer. We aren't going to upgrade to a
newer version of sawfish at this time because the version in 7 was feature
frozen and stabilized, and newer versions add features and destabilize things
again. So we would need a fix backported to the version we shipped. If I
understand correctly this is not a security bug, please correct me if it is.
(i.e. it's just a matter of Sawfish being a bit broken writing in inappropriate
parts of the stack.)
Comment 3 Elliot Lee 2001-02-09 18:35:30 UTC 
sawfish-0.36 is in rawhide, all is well.