ports/182279: x11-wm/windowmaker: Fix a typo causing memory to be overwritten
Francois Tigeot
ftigeot at wolfpond.org
Sat Sep 21 11:20:00 UTC 2013
>Number: 182279
>Category: ports
>Synopsis: x11-wm/windowmaker: Fix a typo causing memory to be overwritten
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Sep 21 11:20:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Francois Tigeot
>Release: DragonFly 3.5-DEVELOPMENT
>Organization:
>Environment:
DragonFly sekishi.zefyris.com 3.5-DEVELOPMENT DragonFly v3.5.0.961.gd8b0268-DEVELOPMENT #183: Fri Sep 20 09:48:57 CEST 2013 ftigeot at sekishi.zefyris.com:/usr/obj/usr/src/sys/X86_64_GENERIC x86_64
>Description:
This patch fixes an array-out-of-bounds memory access issue.
I stumbled upon this bug by pure chance after constantly getting signal 11s
from a WindowMaker built with gcc 4.7 (I used 4.4 until now).
gcc 4.4 and previous versions didn't show any obvious issue even though
some memory has always been overwritten.
>How-To-Repeat:
The problem has always been there.
Try running an x11-wm/windowmaker binary built with gcc-4.7 for instant crashes.
>Fix:
Patch attached with submission follows:
--- src/osdep_bsd.c.orig 2013-09-12 21:43:54.000000000 +0000
+++ src/osdep_bsd.c
@@ -86,7 +86,7 @@ Bool GetCommandForPid(int pid, char ***a
mib[0] = CTL_KERN;
mib[1] = KERN_ARGMAX;
mib[2] = 0;
- mib[4] = 0;
+ mib[3] = 0;
count = sizeof(argmax);
if (sysctl(mib, 2, &argmax, &count, NULL, 0) == -1)
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list