Bug 45149 - nedit crashes when print selected
Summary: nedit crashes when print selected
Alias: None
Product: Red Hat Powertools
Classification: Retired
Component: nedit   
(Show other bugs)
Version: 6.2
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact:
: 45630 47697 50884 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2001-06-20 15:29 UTC by pq
Modified: 2008-05-01 15:38 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-08-20 11:54:35 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
replacement for nedit-5.1.1-security.patch (1.25 KB, patch)
2001-08-07 21:05 UTC, Gene Czarcinski
no flags Details | Diff

Description pq 2001-06-20 15:29:53 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.2.19-6.2.1 i686)

Description of problem:
RedHat issued a patch for nedit (RHSA-2001:61-02 updated 2001-05-08) to fix
potential problem with creation of temporary files.
In the source RPM, (and it also seems to be the same in source RPMS up to
rawhide version), the patch nedit-5.1.1-security.patch line 8 causes a
string to be passed to mkstemp().
This causes a core dump when, for example, you select "Print" from the File
You can fix this by replacing *tmpFileName by tmpFileName[] or somesuch.

Paul Quare

How reproducible:

Steps to Reproduce:
1.Select Print from File menu

Actual Results:  nedit core dumped with segment violation

Expected Results:  It should have printed the file.

Additional info:

(I've marked it below as a Security bug as it would seem that the 
problem it was meant to fix hasn't been fixed?)

Comment 1 Bernhard Rosenkraenzer 2001-06-25 10:11:25 UTC
*** Bug 45630 has been marked as a duplicate of this bug. ***

Comment 2 Bernhard Rosenkraenzer 2001-06-26 16:15:36 UTC
Not a security bug, the issue is fixed, it just introduced unwanted side 
effects. reducing priority.

Comment 3 Bernhard Rosenkraenzer 2001-07-09 10:19:44 UTC
*** Bug 47697 has been marked as a duplicate of this bug. ***

Comment 4 Bernhard Rosenkraenzer 2001-08-04 19:22:25 UTC
*** Bug 50884 has been marked as a duplicate of this bug. ***

Comment 5 Gene Czarcinski 2001-08-07 21:02:45 UTC
OK, this time I have a proposed fix (patch) for the problem.

The problem is that the security patch has an error in that it passes a constant
to mkstemp which seems to cause the segfault.  The fix is to simply change the
definition of tmpFileName from a point to an array on the stack which is
initialized to the value in the old security patch.

This patch was developed and tested under the Roswell public beta (7.1.93) but
should apply to previous versions.

The attached patch replaces the existing security patch.

Comment 6 Gene Czarcinski 2001-08-07 21:05:04 UTC
Created attachment 26715 [details]
replacement for nedit-5.1.1-security.patch

Comment 7 Bernhard Rosenkraenzer 2001-08-20 11:54:31 UTC
*** Bug 50884 has been marked as a duplicate of this bug. ***

Comment 8 Bernhard Rosenkraenzer 2001-08-20 12:00:07 UTC
fixed in 5.1.1-10

Note You need to log in before you can comment on or make changes to this bug.