Bug 197193 - Memory leak in XmGetVisibility() still present in 2.2.3
Summary: Memory leak in XmGetVisibility() still present in 2.2.3
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: openmotif
Version: 4
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-06-29 05:46 UTC by Dmitry Bolkhovityanov
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2007-08-29 12:24:03 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Dmitry Bolkhovityanov 2006-06-29 05:46:20 UTC
Description of problem:
The memory leak in XmGetVisibility(), despite declared as fixed in
OpenMotif-2.2.3, is STILL THERE, affecting all RedHat/Fedora releases upto FC4
inclusive.
The bug was really fixed in OpenMotif-2.3, so that FC5 is safe.
Since this serious bug is present in almost ALL RH/FC releases, it is definitely
worth an update.

Version-Release number of selected component (if applicable):
2.2, 2.3

How reproducible:
Always

Additional info:
Ironically, it WAS fixed in 2.1 for RHEL, but not in 2.2 series.
This is OpenMotif #1134, details are at
http://bugs.motifzone.net/show_bug.cgi?id=1134
The fix is trivial -- to "backport" the lib/Xm/Traversal.c, which only differs
in several-lines-fix for this bug (some care should be taken, since 2.3's fixed
version is OLDER than buggy 2.2.3's).

Comment 1 Christian Iseli 2007-01-22 10:35:48 UTC
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.

Comment 2 Dmitry Bolkhovityanov 2007-01-22 12:32:29 UTC
I can answer even without any further testing: FC5 and FC6 ARE SAFE.
That's because only 2.2 is vulnerable, while FC5 is shipped with openmotif-2.3
(which is already okay), and FC6 doesn't include openmotif at all (due to that
stupid licence problem).

And -- yes, I did tests with FC5 at the time of writing this bugreport, and
those had confirmed that this bug is fixed there.

However, Christian, if you have any connection to RHEL stuff -- RHEL can still
be vulnerable, since in ships 2.*2*, which was vulnerable in June-2006 and
wasn't updated since that time. And RHEL wouldn't be EOL'd for long time...

Comment 3 Thomas Woerner 2007-08-29 12:24:03 UTC
FC-3 and FC-4 are EOL and it has been fixed for the RHEL packages already. 

Closing as NOT A BUG.


Note You need to log in before you can comment on or make changes to this bug.