Debian Bug report logs - #452401
Calendar widget segfaults

version graph

Package: libcdk5; Maintainer for libcdk5 is Debian QA Group <>; Source for libcdk5 is src:libcdk5.

Reported by: Ron Murray <>

Date: Thu, 22 Nov 2007 15:51:02 UTC

Severity: normal

Tags: fixed-upstream, patch

Found in version libcdk5/5.0.20060507-1

Fixed in version libcdk5/5.0.20060507-3

Done: Scott Howard <>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to, John Goerzen <>:
Bug#452401; Package libcdk5. Full text and rfc822 format available.

Acknowledgement sent to Ron Murray <>:
New Bug report received and forwarded. Copy sent to John Goerzen <>. Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: Ron Murray <>
To: Debian Bug Tracking System <>
Subject: Calendar widget segfaults
Date: Thu, 22 Nov 2007 10:50:10 -0500
Package: libcdk5
Version: 5.0.20060507-1
Severity: normal
Tags: patch

Hash: SHA1

The calendar widget segfaults when you call activateCDKCalendar().

Found the problem to be caused by a classic buffer overflow: in line
462 of calendar.c, the temp[] buffer is initialised at temp[10]. Into
this buffer is written the month name, a comma and space, and the day
of the month. This is clearly too small: while the biggest month name
(September) will fit (just), the rest of the string will not. Changing
the buffer size to a somewhat arbitrary value of 20 fixed the problem:

 ------------- Cut here -------------
diff -uNr libcdk5-5.0.20060507.orig/calendar.c libcdk5-5.0.20060507/calendar.c
- --- libcdk5-5.0.20060507.orig/calendar.c	2006-05-04 20:27:45.000000000 -0400
+++ libcdk5-5.0.20060507/calendar.c	2007-11-22 10:35:21.572076953 -0500
@@ -459,7 +459,7 @@
    int day		= 1;
    int x, y;
    int save_y = -1, save_x = -1;
- -   char temp[10];
+   char temp[20];
    for (x = 1; x <= 6; x++)
 ------------- Cut here -------------

Presumably the addition of the date was an afterthought, and the
author tested it in May.

Note that this bug affects any CDK programs that use the calendar widget,
including those using libcdk-perl.


- -- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux (PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages libcdk5 depends on:
ii  libc6                         2.6.1-1+b1 GNU C Library: Shared libraries

libcdk5 recommends no packages.

- -- no debconf information

Version: GnuPG v1.4.6 (GNU/Linux)


Information forwarded to, John Goerzen <>:
Bug#452401; Package libcdk5. (Thu, 04 Feb 2010 21:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to
Extra info received and forwarded to list. Copy sent to John Goerzen <>. (Thu, 04 Feb 2010 21:57:04 GMT) Full text and rfc822 format available.

Message #10 received at (full text, mbox):

From: Thomas Dickey <>
Subject: re: #452401 Calendar widget segfaults
Date: Thu, 04 Feb 2010 16:55:19 -0500
[Message part 1 (text/plain, inline)]
This was fixed in

        + increase a buffer size in calendar.c (Debian #452401).

Thomas E. Dickey <>
[signature.asc (application/pgp-signature, inline)]

Message sent on to Ron Murray <>:
Bug#452401. (Thu, 04 Feb 2010 21:57:07 GMT) Full text and rfc822 format available.

Added tag(s) fixed-upstream. Request was from Thomas Dickey <> to (Thu, 04 Feb 2010 22:00:04 GMT) Full text and rfc822 format available.

Reply sent to Scott Howard <>:
You have taken responsibility. (Fri, 11 Feb 2011 01:21:03 GMT) Full text and rfc822 format available.

Notification sent to Ron Murray <>:
Bug acknowledged by developer. (Fri, 11 Feb 2011 01:21:03 GMT) Full text and rfc822 format available.

Message #20 received at (full text, mbox):

From: Scott Howard <>
Subject: Bug#452401: fixed in libcdk5 5.0.20060507-3
Date: Fri, 11 Feb 2011 01:18:00 +0000
Source: libcdk5
Source-Version: 5.0.20060507-3

We believe that the bug you reported is fixed in the latest version of
libcdk5, which is due to be installed in the Debian FTP archive:

  to main/libc/libcdk5/libcdk5-dev_5.0.20060507-3_amd64.deb
  to main/libc/libcdk5/libcdk5_5.0.20060507-3.debian.tar.gz
  to main/libc/libcdk5/libcdk5_5.0.20060507-3.dsc
  to main/libc/libcdk5/libcdk5_5.0.20060507-3_amd64.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Scott Howard <> (supplier of updated libcdk5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA1

Format: 1.8
Date: Thu, 10 Feb 2011 19:50:32 -0500
Source: libcdk5
Binary: libcdk5 libcdk5-dev
Architecture: source amd64
Version: 5.0.20060507-3
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <>
Changed-By: Scott Howard <>
 libcdk5    - C-based curses widget library
 libcdk5-dev - C-based curses widget library (development files)
Closes: 452401 500161 593283
 libcdk5 (5.0.20060507-3) unstable; urgency=low
   * QA Upload.
   * Policy 3.9.1 (see Lintian cleaning below) and debian/compat 8
   * Lintian cleaning
     - ${misc:Depends} added to libcdk5 and libcdk5-dev
     - fixed make clean call: [ ! -f Makefile ] || $(MAKE) distclean
     - debian/compat 7
     - replaced ${Source-Version} with ${binary:Version} in debian/control
     - dh_prep used in rules instead of dh_clean -k
   * Removed static patching of config.guess config.sub, removed those files,
     they will be copied from autotools-dev package in debian/rules
   * removed the following lines from debian/libcdk5-dev.install
     (dh_install throws error if you try to install files from an empty dir,
     and these files were not present in the previous Debian build)
     - usr/lib/pkgconfig/*
     - usr/lib/*.la
     - usr/share/pkgconfig/*
   * Added missing headers and example files (Closes: #500161, LP: #565526)
     - debian/patches/missing_header_examples.patch
     - debian/libcdk5-dev.examples added: include/cdk_test.h, examples/.,
   * Fixed segfault in calendar.c (Closes: #452401, LP: #290624)
     - debian/patches/cal_segfault.patch
   * debian/patches/libcdk5_man_cdk_display_examples_fix.diff
     - The examples in the cdk_display(3) man page are incorrect
       (wrong colors, segfault) (Closes: #593283)
 de6081e390ec44172091e7c865a47dd9c463dbb1 1069 libcdk5_5.0.20060507-3.dsc
 bda23411da7af37922862ba3a694533b42cb9a64 7423 libcdk5_5.0.20060507-3.debian.tar.gz
 c229dd722caffe1cfb242403a20408bc7e29b1e0 133578 libcdk5_5.0.20060507-3_amd64.deb
 9cbdc67e021b0c52de22a45a871c9ccb428f5165 406420 libcdk5-dev_5.0.20060507-3_amd64.deb
 59ebdc3445559b4723a38b394bd4a9401dc13d74acc5090d6437a69b9e20b87b 1069 libcdk5_5.0.20060507-3.dsc
 d52e133551f294d450ea0a4358a2ef935f46d4caedc5288dd56809c8070219af 7423 libcdk5_5.0.20060507-3.debian.tar.gz
 c1a012f8e59041e3d1864b48fbba2905a871bba0bce63ec4ba4d8ec1608bc325 133578 libcdk5_5.0.20060507-3_amd64.deb
 eb02257fe95d0fb0841e2180526f9e0d7c92c0e685d9e863adede72a2a485c32 406420 libcdk5-dev_5.0.20060507-3_amd64.deb
 2d3cd8eaf8c1c15f51da9f39644f79d1 1069 libs optional libcdk5_5.0.20060507-3.dsc
 98b7ea6316a2bf4f7121aa97f898e93e 7423 libs optional libcdk5_5.0.20060507-3.debian.tar.gz
 30126dad5236f6b5b7100401c10b9459 133578 libs optional libcdk5_5.0.20060507-3_amd64.deb
 220eb19696877469f6f543a030e35a7d 406420 libdevel optional libcdk5-dev_5.0.20060507-3_amd64.deb

Version: GnuPG v1.4.10 (GNU/Linux)


Bug archived. Request was from Debbugs Internal Request <> to (Wed, 16 Mar 2011 07:30:27 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Sun Apr 20 16:36:14 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.