Description of problem: Getting segfault only when running reproducer for CVE-2011-2895 (see https://bugzilla.redhat.com/show_bug.cgi?id=725760#c2), segfaulting on new packages only using Xephyr. Xorg, Xnest are fine. Version-Release number of selected component (if applicable): libXfont-1.2.2-1.0.4.el5_7 How reproducible: 100% Steps to Reproduce: 1. follow instructions at https://bugzilla.redhat.com/show_bug.cgi?id=725760#c2 2. 3. Actual results: SIGSEGV Expected results: no segfault Additional info: Program received signal SIGSEGV, Segmentation fault. __glXMesaScreenDestroy (screen=0x9d5b2e8) at xf86glx.c:299 299 if (mesaScreen->xm_vis[i]) #0 __glXMesaScreenDestroy (screen=0x9d5b2e8) at xf86glx.c:299 i = 0 #1 0x08125527 in __glXResetScreens () at glxscreens.c:321 i = 0 #2 0x0812476c in ResetExtension (extEntry=0x9d540c8) at glxext.c:49 No locals. #3 0x080750a6 in CloseDownExtensions () at extension.c:280 i = 20 j = 0 #4 0x0807921f in main (argc=4, argv=0xbfb8a4c4, envp=0x2415e0) at main.c:453 i = <value optimized out> error = 9076504 xauthfile = <value optimized out> alwaysCheckForInput = {0, 1} A debugging session is active. Inferior 1 [process 5407] will be detached. Quit anyway? (y or n) LND: Sending signal 11 to process 5407 Detaching from program: /usr/bin/Xephyr, process 5407
Created attachment 517825 [details] backtrace Actually Xephyr crash it self when executing as: Xephyr :99 -reset -terminate Backtrace attached.
*** Bug 729990 has been marked as a duplicate of this bug. ***
I don't believe this is related to the CVE-2011-2895 fix. I ran the runtest.sh script as part of the reproducer and commented out pretty much everything and it crashes both post- and pre-update: elif [ "$1" = 'run' ]; then echo "using font directory: $PWD/fontdir" #xset +fp $PWD/fontdir #xset fp rehash #echo 'running xfontsel - expect BOOM' #xfontsel & #xfspid=$! sleep 30 # give it some time to run and crash #kill -HUP $xfspid So it all it should be doing is sleeping, but the crash is immedaite: [vdanen@odvcent5]~/tmp/libXfont-LZW-overflow% time sh runtest.sh prep :2 Xephyr running Xephyr on :2... Xephyr unable to use SHM XImages Extended Input Devices not yet supported. Impelement it at line 625 in kinput.c runtest.sh: line 23: 5504 Segmentation fault $serv $disp -reset -terminate FAIL: X server crashed sh runtest.sh prep :2 Xephyr 0.03s user 0.14s system 13% cpu 1.247 total So this clearly has nothing to do with the libXfont changes.
This request was evaluated by Red Hat Product Management for inclusion in Red Hat Enterprise Linux 5.8 and Red Hat does not plan to fix this issue the currently developed update. Contact your manager or support representative in case you need to escalate this bug.
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux.
No further X updates are planned for RHEL5.