Description of problem: If compiled with vsyslog() support (which is always present in Fedora's libc), gpm's gpm_report() function uses the same variable argument list structure twice (once for syslog, once for terminal output). This is incorrect, as the structure keeps reference index of last argument that was gotten via call to va_get(). And thus, when it comes to terminal input vprintf(), there are no arguments left on, and it gets and in turn dereferences random values from the stack, which often triggers a Segmentation Fault. Version-Release number of selected component (if applicable): gpm-1.20.1-84 How reproducible: Trigger a log message that is a format string with one or more format specifiers. Steps to Reproduce: 1. gpm -KWAK_KWAK_KWAK_KWAK Actual results: $ gpm -KWAK_KWAK_KWAK_KWAK gpm: invalid option -- K *** err [gpn.c(43)]: Segmentation fault (core dumped) $ Expected results: $ gpm -KWAK_KWAK_KWAK_KWAK gpm: invalid option -- K *** err [gpn.c(43)]: Error in the commandline specification. Try "gpm -h". $ Additional info: The patch to fix the issue is attached.
Created attachment 158192 [details] Fix to incorrect use of variable argument lists in gpm's gpm_report()