Bug 614973 - Tooltip buffer overflows in amsn
Tooltip buffer overflows in amsn
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: amsn (Show other bugs)
13
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Sander Hoentjen
Fedora Extras Quality Assurance
abrt_hash:0a27c825321efe205a0fd3157f2...
: Reopened
: 617413 618907 622988 622992 625876 628197 (view as bug list)
Depends On: 595177
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-15 12:33 EDT by Ray Mansour
Modified: 2011-01-02 09:54 EST (History)
15 users (show)

See Also:
Fixed In Version: amsn-0.98.3-2.fc14
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-24 21:18:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: backtrace (18.18 KB, text/plain)
2010-07-15 12:33 EDT, Ray Mansour
no flags Details
Fix tooltip overflow (456 bytes, patch)
2010-07-30 09:01 EDT, Jaroslav Škarvada
no flags Details | Diff

  None (edit)
Description Ray Mansour 2010-07-15 12:33:31 EDT
abrt 1.1.1 detected a crash.

architecture: x86_64
Attached file: backtrace
cmdline: wish /usr/bin/amsn
component: tk
crash_function: raise
executable: /usr/bin/wish8.5
global_uuid: 0a27c825321efe205a0fd3157f29dea0ec29b36c
kernel: 2.6.33.6-147.fc13.x86_64
package: tk-1:8.5.8-1.fc13
rating: 4
reason: Process /usr/bin/wish8.5 was killed by signal 6 (SIGABRT)
release: Fedora release 13 (Goddard)
Comment 1 Ray Mansour 2010-07-15 12:33:34 EDT
Created attachment 432138 [details]
File: backtrace
Comment 2 Jaroslav Škarvada 2010-07-27 03:43:03 EDT
Well, according to backtrace this looks more as amsn fault for me:

> #6  Tk_ConfigureIcon (clientData=<value optimized out>, interp=0x22c1110, 
>     objc=4, objv=<value optimized out>) at utils/linux/traydock/libtray.c:516

Looks like there is wrongly defined tooltip, causing the hang.

Can you provide steps to reproduce (e.g. which icon/tooltip you navigate before the hang)? The backtrace here seems not to be useful.
Comment 3 Jaroslav Škarvada 2010-07-27 03:44:03 EDT
*** Bug 617413 has been marked as a duplicate of this bug. ***
Comment 4 Jaroslav Škarvada 2010-07-28 03:18:35 EDT
*** Bug 618907 has been marked as a duplicate of this bug. ***
Comment 5 tonlhing 2010-07-28 11:46:04 EDT
Package: tk-1:8.5.8-1.fc13
Architecture: i686
OS Release: Fedora release 13 (Goddard)


How to reproduce
-----
1. Just leave the program running for a couple hours and then the program shutdown unnormally
2.
3.
Comment 6 juju 2010-07-29 19:41:26 EDT
Package: tk-1:8.5.8-1.fc13
Architecture: x86_64
OS Release: Fedora release 13 (Goddard)


How to reproduce
-----
1. some times without things to reproduct the bug
2. it crash !
3.
Comment 7 Jaroslav Škarvada 2010-07-30 09:00:20 EDT
OK, thanks for info.

Maybe I got it. It seems the tooltip buffer is only 256 bytes long, and amsn copy there notification of new messages without checking of bounds, thus it overflows sometimes.

Something like the following patch should solve this. Thus this is definitely amsn problem and I am reassigning this.
Comment 8 Jaroslav Škarvada 2010-07-30 09:01:21 EDT
Created attachment 435546 [details]
Fix tooltip overflow
Comment 9 Fedora Update System 2010-08-14 07:11:03 EDT
amsn-0.98.3-2.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/amsn-0.98.3-2.fc13
Comment 10 Fedora Update System 2010-08-14 07:11:09 EDT
amsn-0.98.3-2.fc14 has been submitted as an update for Fedora 14.
http://admin.fedoraproject.org/updates/amsn-0.98.3-2.fc14
Comment 11 Jaroslav Škarvada 2010-08-16 04:08:30 EDT
*** Bug 622992 has been marked as a duplicate of this bug. ***
Comment 12 Jaroslav Škarvada 2010-08-16 04:10:22 EDT
*** Bug 622988 has been marked as a duplicate of this bug. ***
Comment 13 Fedora Update System 2010-08-16 12:04:34 EDT
amsn-0.98.3-2.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update amsn'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/amsn-0.98.3-2.fc14
Comment 14 Fedora Update System 2010-08-19 22:25:08 EDT
amsn-0.98.3-2.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 arthurus314 2010-08-21 21:14:42 EDT
hi.
After the update 0.98.3-2.fc13 on Fedora 13, amsn crash suddenly after logging in with a segfault. I compiled the amsn sources to be sure that it's still working, and repeat the operation of update, and I had the same problem.
Comment 16 arthurus314 2010-08-21 21:21:40 EDT
(In reply to comment #15)
> I compiled the amsn sources to be sure that it's still
> working

When I said "compled sources", I mean that I tried the older version : amsn-0.98.3-1
Comment 17 Sander Hoentjen 2010-08-22 12:57:12 EDT
Please download and install the newest tktray from http://code.google.com/p/tktray/downloads/list if you can. If you want, I can make an rpm version of that package for you. Just let me know.

If it still happens with that version running amsn with gdb would help.

 $ gdb --args wish amsn
 (gdb) run
 [then when it segfaults, type]
 (gdb) bt
 (gdb) bt full
Comment 18 arthurus314 2010-08-22 13:15:00 EDT
It works with tktray1.3.9
Thank you ;)
Comment 19 Didier G 2010-08-22 16:06:18 EDT
Same problem after update to amsn-0.98.3-2.fc13.i686 and tktray-1.1-6.fc12.i686

Definitively need last version of tktray for Fedora 13.
Comment 20 Jaroslav Škarvada 2010-08-23 04:27:33 EDT
Confirmed, the crash happened only on i686 platform (not x86_64). With tktray-1.3.9 it don't crash. I didn't investigate this further, but for me it seems that it is not related to original subject of this bug, thus I would recommend closing this bug and opening new bug on it and/or pushing on bug #595177.
Comment 21 Jaroslav Škarvada 2010-08-23 04:48:16 EDT
There is abrt bug for it (bug #625747).
Comment 22 Jaroslav Škarvada 2010-08-23 05:13:37 EDT
*** Bug 625876 has been marked as a duplicate of this bug. ***
Comment 23 Fedora Update System 2010-08-24 21:18:32 EDT
amsn-0.98.3-2.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 24 Brandon McCaig 2010-08-25 09:37:53 EDT
This may not be relevant anymore, but I discovered that if I manually launched amsn from a terminal and passed it an argument of '--version' (which it doesn't seem to interpret as expected) it doesn't crash[1]... :\

[1] At least, not right away. I was able to view my buddy list and message a buddy.
Comment 25 Brandon McCaig 2010-08-25 09:51:08 EDT
Ah, I take it back... I just tried again it core-dumped... >_<
Comment 26 Jaroslav Škarvada 2010-09-06 05:12:11 EDT
*** Bug 628197 has been marked as a duplicate of this bug. ***
Comment 27 Baif 2010-12-22 22:19:19 EST
I'm lookiing forward 0.98.4 on Fedora 14.
Comment 28 Sander Hoentjen 2011-01-02 09:54:17 EST
(In reply to comment #27)
> I'm lookiing forward 0.98.4 on Fedora 14.

See https://bugzilla.redhat.com/show_bug.cgi?id=666070

Note You need to log in before you can comment on or make changes to this bug.