From Bugzilla Helper: User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.11 Description of problem: xmodmap segfaults on some input, for example: echo 'keycode 111 = Print' | xmodmap - (Example stolen from freedesktop.org's bugzilla #1818.) The problem is that the xorg- x11-6.8.1-xmodmap-overflows.patch introduces a buffer overflow in xmodmap's process_line function. Specifically, the patch introduces these lines: + len = strlen(buffer); + cp = chk_malloc(len); + strcpy(cp, buffer); This is a classic C buffer overflow: the program mallocs enough space for the characters in the string (buffer), but not for the NUL terminator, so the strcpy writes one byte past the end of the buffer. These lines would solve the problem: + len = strlen(buffer); + cp = chk_malloc(len + 1); + strcpy(cp, buffer); Version-Release number of selected component (if applicable): xorg-x11-6.8.1-12 How reproducible: Always Steps to Reproduce: 1. echo 'keycode 111 = Print' | xmodmap - 2. ??? 3. Profit! Actual Results: Segmentation fault Expected Results: Not a segmentation fault. Additional info:
Yikes, good catch, nice bug report, thanks. I've applied your suggested bug fix to our RPM, will be available in 6.8.1-13. cheers, Kristian
Reopening to close as dupe of the bug I made the master dupe for this issue, since it is frequently reported and it's nice to have all dupes in one place.
*** This bug has been marked as a duplicate of 138458 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.