Red Hat Bugzilla – Bug 45149
nedit crashes when print selected
Last modified: 2008-05-01 11:38:00 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.2.19-6.2.1 i686)
Description of problem:
RedHat issued a patch for nedit (RHSA-2001:61-02 updated 2001-05-08) to fix
potential problem with creation of temporary files.
In the source RPM, (and it also seems to be the same in source RPMS up to
rawhide version), the patch nedit-5.1.1-security.patch line 8 causes a
string to be passed to mkstemp().
This causes a core dump when, for example, you select "Print" from the File
You can fix this by replacing *tmpFileName by tmpFileName or somesuch.
Steps to Reproduce:
1.Select Print from File menu
Actual Results: nedit core dumped with segment violation
Expected Results: It should have printed the file.
(I've marked it below as a Security bug as it would seem that the
problem it was meant to fix hasn't been fixed?)
*** Bug 45630 has been marked as a duplicate of this bug. ***
Not a security bug, the issue is fixed, it just introduced unwanted side
effects. reducing priority.
*** Bug 47697 has been marked as a duplicate of this bug. ***
*** Bug 50884 has been marked as a duplicate of this bug. ***
OK, this time I have a proposed fix (patch) for the problem.
The problem is that the security patch has an error in that it passes a constant
to mkstemp which seems to cause the segfault. The fix is to simply change the
definition of tmpFileName from a point to an array on the stack which is
initialized to the value in the old security patch.
This patch was developed and tested under the Roswell public beta (7.1.93) but
should apply to previous versions.
The attached patch replaces the existing security patch.
Created attachment 26715 [details]
replacement for nedit-5.1.1-security.patch
fixed in 5.1.1-10