Bug 614973
| Summary: | Tooltip buffer overflows in amsn | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Ray Mansour <ray> | ||||||
| Component: | amsn | Assignee: | Sander Hoentjen <sander> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 13 | CC: | arthurus314, baifcc, bamccaig, boby_drack, didierg-divers, dougmpx, genarolaw, jskarvad, punklinux, sander, tonlhing, vivo_depresivo, wdaguirrer, zbechir, zgarcia83 | ||||||
| Target Milestone: | --- | Keywords: | Reopened | ||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | abrt_hash:0a27c825321efe205a0fd3157f29dea0ec29b36c | ||||||||
| Fixed In Version: | amsn-0.98.3-2.fc14 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2010-08-25 01:18:37 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | 595177 | ||||||||
| Bug Blocks: | |||||||||
| Attachments: |
|
||||||||
|
Description
Ray Mansour
2010-07-15 16:33:31 UTC
Created attachment 432138 [details]
File: backtrace
Well, according to backtrace this looks more as amsn fault for me:
> #6 Tk_ConfigureIcon (clientData=<value optimized out>, interp=0x22c1110,
> objc=4, objv=<value optimized out>) at utils/linux/traydock/libtray.c:516
Looks like there is wrongly defined tooltip, causing the hang.
Can you provide steps to reproduce (e.g. which icon/tooltip you navigate before the hang)? The backtrace here seems not to be useful.
*** Bug 617413 has been marked as a duplicate of this bug. *** *** Bug 618907 has been marked as a duplicate of this bug. *** Package: tk-1:8.5.8-1.fc13 Architecture: i686 OS Release: Fedora release 13 (Goddard) How to reproduce ----- 1. Just leave the program running for a couple hours and then the program shutdown unnormally 2. 3. Package: tk-1:8.5.8-1.fc13 Architecture: x86_64 OS Release: Fedora release 13 (Goddard) How to reproduce ----- 1. some times without things to reproduct the bug 2. it crash ! 3. OK, thanks for info. Maybe I got it. It seems the tooltip buffer is only 256 bytes long, and amsn copy there notification of new messages without checking of bounds, thus it overflows sometimes. Something like the following patch should solve this. Thus this is definitely amsn problem and I am reassigning this. Created attachment 435546 [details]
Fix tooltip overflow
amsn-0.98.3-2.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/amsn-0.98.3-2.fc13 amsn-0.98.3-2.fc14 has been submitted as an update for Fedora 14. http://admin.fedoraproject.org/updates/amsn-0.98.3-2.fc14 *** Bug 622992 has been marked as a duplicate of this bug. *** *** Bug 622988 has been marked as a duplicate of this bug. *** amsn-0.98.3-2.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update amsn'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/amsn-0.98.3-2.fc14 amsn-0.98.3-2.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. hi. After the update 0.98.3-2.fc13 on Fedora 13, amsn crash suddenly after logging in with a segfault. I compiled the amsn sources to be sure that it's still working, and repeat the operation of update, and I had the same problem. (In reply to comment #15) > I compiled the amsn sources to be sure that it's still > working When I said "compled sources", I mean that I tried the older version : amsn-0.98.3-1 Please download and install the newest tktray from http://code.google.com/p/tktray/downloads/list if you can. If you want, I can make an rpm version of that package for you. Just let me know. If it still happens with that version running amsn with gdb would help. $ gdb --args wish amsn (gdb) run [then when it segfaults, type] (gdb) bt (gdb) bt full It works with tktray1.3.9 Thank you ;) Same problem after update to amsn-0.98.3-2.fc13.i686 and tktray-1.1-6.fc12.i686 Definitively need last version of tktray for Fedora 13. Confirmed, the crash happened only on i686 platform (not x86_64). With tktray-1.3.9 it don't crash. I didn't investigate this further, but for me it seems that it is not related to original subject of this bug, thus I would recommend closing this bug and opening new bug on it and/or pushing on bug #595177. There is abrt bug for it (bug #625747). *** Bug 625876 has been marked as a duplicate of this bug. *** amsn-0.98.3-2.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. This may not be relevant anymore, but I discovered that if I manually launched amsn from a terminal and passed it an argument of '--version' (which it doesn't seem to interpret as expected) it doesn't crash[1]... :\ [1] At least, not right away. I was able to view my buddy list and message a buddy. Ah, I take it back... I just tried again it core-dumped... >_< *** Bug 628197 has been marked as a duplicate of this bug. *** I'm lookiing forward 0.98.4 on Fedora 14. (In reply to comment #27) > I'm lookiing forward 0.98.4 on Fedora 14. See https://bugzilla.redhat.com/show_bug.cgi?id=666070 |