Debian Bug report logs - #297430
xterm: memory corruption and SEGV iff window height == 1

version graph

Package: xterm; Maintainer for xterm is Debian X Strike Force <debian-x@lists.debian.org>; Source for xterm is src:xterm.

Reported by: David Schmitt <david@schmitt.edv-bus.at>

Date: Mon, 28 Feb 2005 19:33:11 UTC

Severity: normal

Found in version 4.3.0.dfsg.1-12.0.1

Done: David Schmitt <e9725491@student.tuwien.ac.at>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#297430; Package xterm. Full text and rfc822 format available.

Acknowledgement sent to David Schmitt <david@schmitt.edv-bus.at>:
New Bug report received and forwarded. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: David Schmitt <david@schmitt.edv-bus.at>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xterm: memory corruption and SEGV iff window height == 1
Date: Mon, 28 Feb 2005 19:11:35 +0100
Package: xterm
Version: 4.3.0.dfsg.1-12.0.1
Severity: normal

Hi XSF!

Running xterm under valgrind shows heaps of errors after resizing the
xterm to one line height:

==8438== Invalid read of size 4
==8438==    at 0x80538AB: (within /usr/X11R6/bin/xterm)
==8438==    by 0x8053496: (within /usr/X11R6/bin/xterm)
==8438==    by 0x8053849: (within /usr/X11R6/bin/xterm)
==8438==    by 0x8053134: (within /usr/X11R6/bin/xterm)
==8438==  Address 0x1BF4A758 is not stack'd, malloc'd or (recently) free'd
==8438== 
==8438== Invalid read of size 1
==8438==    at 0x80538AF: (within /usr/X11R6/bin/xterm)
==8438==    by 0x8053496: (within /usr/X11R6/bin/xterm)
==8438==    by 0x8053849: (within /usr/X11R6/bin/xterm)
==8438==    by 0x8053134: (within /usr/X11R6/bin/xterm)
==8438==  Address 0x1BFFF470 is 739680 bytes inside a block of size 754560 free'd

and much more of this. Please, could someone with a debug-enabled xterm look
into this?

This leads to a reproducible stacksmashing SEGV when running scp within
this xterm.


Regards, David

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-k6-1
Locale: LANG=C, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8)

Versions of packages xterm depends on:
ii  libc6                2.3.2.ds1-20        GNU C Library: Shared libraries an
ii  libexpat1            1.95.8-1            XML parsing C library - runtime li
ii  libfontconfig1       2.2.3-4             generic font configuration library
ii  libfreetype6         2.1.7-2.3           FreeType 2 font engine, shared lib
ii  libice6              4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library
ii  libncurses5          5.4-4               Shared libraries for terminal hand
ii  libsm6               4.3.0.dfsg.1-12.0.1 X Window System Session Management
ii  libxaw7              4.3.0.dfsg.1-12.0.1 X Athena widget set library
ii  libxext6             4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte
ii  libxft2              2.1.2-6             FreeType-based font drawing librar
ii  libxmu6              4.3.0.dfsg.1-12.0.1 X Window System miscellaneous util
ii  libxpm4              4.3.0.dfsg.1-12.0.1 X pixmap library
ii  libxrender1          0.8.3-7             X Rendering Extension client libra
ii  libxt6               4.3.0.dfsg.1-12.0.1 X Toolkit Intrinsics
ii  xlibs                4.3.0.dfsg.1-12     X Keyboard Extension (XKB) configu
ii  xlibs-data           4.3.0.dfsg.1-12     X Window System client data

-- debconf information:
  xterm/clobber_xresource_file:
  xterm/xterm_needs_devpts:



Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#297430; Package xterm. Full text and rfc822 format available.

Acknowledgement sent to David Martínez Moreno <ender@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. Full text and rfc822 format available.

Message #10 received at 297430@bugs.debian.org (full text, mbox):

From: David Martínez Moreno <ender@debian.org>
To: 297430-submitter@bugs.debian.org
Cc: 297430@bugs.debian.org, debian-x@lists.debian.org
Subject: Is this fixed with the latest version in sid?
Date: Mon, 18 Jul 2005 18:42:53 +0200
[Message part 1 (text/plain, inline)]
	Hello, David. Could you please report success in the current sid packages 
(i.e. 6.8.2.dfsg.1-2 or -3? I can resize xterm to one line without problem, 
but I want to double check. I have not tried a valgrind test, but maybe you 
can try for being really sure.

	Best regards,


		Ender.
-- 
Mr. Anderson! Welcome back, we missed you.
		-- Agent Smith (Matrix Revolutions).
--
Debian developer
[Message part 2 (application/pgp-signature, inline)]

Message sent on to David Schmitt <david@schmitt.edv-bus.at>:
Bug#297430. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#297430; Package xterm. Full text and rfc822 format available.

Acknowledgement sent to David Schmitt <e9725491@student.tuwien.ac.at>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. Full text and rfc822 format available.

Message #18 received at 297430@bugs.debian.org (full text, mbox):

From: David Schmitt <e9725491@student.tuwien.ac.at>
To: David Martínez Moreno <ender@debian.org>
Cc: 297430-done@bugs.debian.org, 297430@bugs.debian.org, debian-x@lists.debian.org
Subject: Re: Bug#297430: Is this fixed with the latest version in sid?
Date: Tue, 19 Jul 2005 00:14:09 +0200
On Monday 18 July 2005 18:42, David Martínez Moreno wrote:
> 	Hello, David. Could you please report success in the current sid packages
> (i.e. 6.8.2.dfsg.1-2 or -3? I can resize xterm to one line without problem,
> but I want to double check. I have not tried a valgrind test, but maybe you
> can try for being really sure.

I checked it under valgrind and there were no problems anymore. Closing this 
bugreport.


Regards, David
-- 
Nach persönlicher Reorganisation bin ich momentan ausschliesslich unter meiner 
Studentenadresse zu erreichen.



Reply sent to David Schmitt <e9725491@student.tuwien.ac.at>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to David Schmitt <david@schmitt.edv-bus.at>:
Bug acknowledged by developer. Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 17 Jun 2007 21:54:06 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 22:15:35 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.