When the autoraise function FvwmAuto is activated, it crashes immediately. Reproducible: Always Steps to Reproduce: 1. Turn on the autoraise feature FvwmAuto Actual Results: FvwmAuto crashes giving a message in the system journal. Autoraise doesn't happen. Expected Results: Autoraise should be activated. The problem is that in FvwmAuto.c lines 334 to 346 it tries to work out the necessary size of a buffer big enough for the entry_fn or leave_fn. Then it allocates this size. However, when it uses it, it adds a \n character and, of course, the null terminator, causing a buffer overflow. In previous versions of Fedora, this somehow worked, but now the hardening has turned this bug into a crash. I don't see how to attach a patch here, but it is fixed by just a one liner, adding len += 2; at line 347 right before the safemalloc (or you could just change the safemalloc(len) to safemalloc(len+2).
Created attachment 1960298 [details] patch to fix it Ah, the button to add a patch is on the next page! Here it is.
This still isn't fixed in Fedora 39. The fix is still to just allocate two bytes more.
This still isn't fixed in Fedora 40 and it is still a trivial fix with a patch provided.
This message is a reminder that Fedora Linux 38 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 38 on 2024-05-21. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '38'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see it. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 38 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.
I just posted this morning that the problem isn't fixed in Fedora 40.
I can confirm, after building my own rpm package with the patch suggested by @nvwarr that FvwmAuto now builds, and performs correctly. Thanks! Hopefully this patch gets applied and fixed. This has plagued me for months and months now.
FEDORA-2024-527d1451f5 (fvwm-2.7.0-13.fc39) has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-527d1451f5
FEDORA-2024-0a7b807e91 (fvwm-2.7.0-13.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-0a7b807e91
FEDORA-2024-ab40ea1a6d (fvwm-2.7.0-13.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2024-ab40ea1a6d
FEDORA-2024-ab40ea1a6d has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-ab40ea1a6d` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-ab40ea1a6d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-527d1451f5 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-527d1451f5` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-527d1451f5 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-0a7b807e91 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-0a7b807e91` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-0a7b807e91 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Good, this seems to sort it out. Richard, you seem to have set a flag indicating you need info from me. I'm just a user, so I have no influence over the updates and I don't know what info you want. Maybe this was just added on automatically, when you cited me. Anyway, it seems to have provoked the desired update, so thanks for that. I think we can close now.
FEDORA-2024-ab40ea1a6d (fvwm-2.7.0-13.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-527d1451f5 (fvwm-2.7.0-13.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-0a7b807e91 (fvwm-2.7.0-13.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.