xcutsel Buffer Overflow
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
x11-apps (Ubuntu) |
Fix Released
|
Undecided
|
Kees Cook |
Bug Description
Binary package hint: x11-apps
when /usr/bin/xcutsel get 83 characters or more from -selection option it crash with "buffer overflow detected".
test case :
emanuel@
*** buffer overflow detected ***: xcutsel terminated
======= Backtrace: =========
/lib/i386-
/lib/i386-
/lib/i386-
/lib/i386-
/lib/i386-
/lib/i386-
/lib/i386-
xcutsel[0x804940c]
/lib/i386-
xcutsel[0x8048c51]
======= Memory map: ========
00110000-00165000 r-xp 00000000 08:01 4391 /usr/lib/
00165000-00166000 r--p 00054000 08:01 4391 /usr/lib/
00166000-0016c000 rw-p 00055000 08:01 4391 /usr/lib/
0016c000-0016d000 rw-p 00000000 00:00 0
0016d000-0018e000 r-xp 00000000 08:01 5252 /usr/lib/
0018e000-0018f000 r--p 00020000 08:01 5252 /usr/lib/
0018f000-00190000 rw-p 00021000 08:01 5252 /usr/lib/
00190000-00192000 r-xp 00000000 08:01 260950 /lib/i386-
00192000-00193000 r--p 00001000 08:01 260950 /lib/i386-
00193000-00194000 rw-p 00002000 08:01 260950 /lib/i386-
00194000-00197000 r-xp 00000000 08:01 261021 /lib/i386-
00197000-00198000 r--p 00002000 08:01 261021 /lib/i386-
00198000-00199000 rw-p 00003000 08:01 261021 /lib/i386-
00199000-001a1000 r-xp 00000000 08:01 7134 /usr/lib/
001a1000-001a2000 r--p 00007000 08:01 7134 /usr/lib/
001a2000-001a3000 rw-p 00008000 08:01 7134 /usr/lib/
001a3000-001a7000 r-xp 00000000 08:01 7124 /usr/lib/
001a7000-001a8000 r--p 00003000 08:01 7124 /usr/lib/
001a8000-001a9000 rw-p 00004000 08:01 7124 /usr/lib/
001a9000-001c3000 r-xp 00000000 08:01 260968 /lib/i386-
001c3000-001c4000 r--p 00019000 08:01 260968 /lib/i386-
001c4000-001c5000 rw-p 0001a000 08:01 260968 /lib/i386-
004f9000-00508000 r-xp 00000000 08:01 4401 /usr/lib/
00508000-00509000 r--p 0000e000 08:01 4401 /usr/lib/
00509000-0050a000 rw-p 0000f000 08:01 4401 /usr/lib/
00531000-00535000 r-xp 00000000 08:01 7120 /usr/lib/
00535000-00536000 r--p 00003000 08:01 7120 /usr/lib/
00536000-00537000 rw-p 00004000 08:01 7120 /usr/lib/
0065a000-00662000 r-xp 00000000 08:01 7116 /usr/lib/
00662000-00663000 r--p 00007000 08:01 7116 /usr/lib/
00663000-00664000 rw-p 00008000 08:01 7116 /usr/lib/
00803000-00919000 r-xp 00000000 08:01 7110 /usr/lib/
00919000-0091a000 ---p 00116000 08:01 7110 /usr/lib/
0091a000-0091b000 r--p 00116000 08:01 7110 /usr/lib/
0091b000-0091d000 rw-p 00117000 08:01 7110 /usr/lib/
0091d000-0091e000 rw-p 00000000 00:00 0
00976000-0098d000 r-xp 00000000 08:01 7260 /usr/lib/
0098d000-0098e000 r--p 00016000 08:01 7260 /usr/lib/
0098e000-0098f000 rw-p 00017000 08:01 7260 /usr/lib/
009b1000-009b2000 r-xp 00000000 00:00 0 [vdso]
009bb000-009c8000 r-xp 00000000 08:01 7122 /usr/lib/
009c8000-009c9000 r--p 0000c000 08:01 7122 /usr/lib/
009c9000-009ca000 rw-p 0000d000 08:01 7122 /usr/lib/
00a0a000-00a26000 r-xp 00000000 08:01 260927 /lib/i386-
00a26000-00a27000 r--p 0001b000 08:01 260927 /lib/i386-
00a27000-00a28000 rw-p 0001c000 08:01 260927 /lib/i386-
00a35000-00b8f000 r-xp 00000000 08:01 260940 /lib/i386-
00b8f000-00b90000 ---p 0015a000 08:01 260940 /lib/i386-
00b90000-00b92000 r--p 0015a000 08:01 260940 /lib/i386-
00b92000-00b93000 rw-p 0015c000 08:01 260940 /lib/i386-
00b93000-00b96000 rw-p 00000000 00:00 0
00bb3000-00bb5000 r-xp 00000000 08:01 7112 /usr/lib/
00bb5000-00bb6000 r--p 00001000 08:01 7112 /usr/lib/
00bb6000-00bb7000 rw-p 00002000 08:01 7112 /usr/lib/
00c2b000-00c31000 r-xp 00000000 08:01 7106 /usr/lib/
00c31000-00c32000 r--p 00005000 08:01 7106 /usr/lib/
00c32000-00c33000 rw-p 00006000 08:01 7106 /usr/lib/
00c79000-00c8d000 r-xp 00000000 08:01 4395 /usr/lib/
00c8d000-00c8e000 r--p 00014000 08:01 4395 /usr/lib/
00c8e000-00c8f000 rw-p 00015000 08:01 4395 /usr/lib/
00cda000-00d28000 r-xp 00000000 08:01 7136 /usr/lib/
00d28000-00d29000 r--p 0004d000 08:01 7136 /usr/lib/
00d29000-00d2c000 rw-p 0004e000 08:01 7136 /usr/lib/
00e12000-00e26000 r-xp 00000000 08:01 7104 /usr/lib/
00e26000-00e27000 r--p 00013000 08:01 7104 /usr/lib/
00e27000-00e28000 rw-p 00014000 08:01 7104 /usr/lib/
00e28000-00e2a000 rw-p 00000000 00:00 0
08048000-0804a000 r-xp 00000000 08:01 2067 /usr/bin/xcutsel
0804a000-0804b000 r--p 00001000 08:01 2067 /usr/bin/xcutsel
0804b000-0804c000 rw-p 00002000 08:01 2067 /usr/bin/xcutsel
08c26000-08c69000 rw-p 00000000 00:00 0 [heap]
b7635000-b7835000 r--p 00000000 08:01 10267 /usr/lib/
b7835000-b783a000 rw-p 00000000 00:00 0
b7850000-b7851000 r--p 002a1000 08:01 10267 /usr/lib/
b7851000-b7853000 rw-p 00000000 00:00 0
bf836000-bf85a000 rw-p 00000000 00:00 0 [stack]
Aborted
tested on :
Ubuntu 11.04 , x11-apps package version : 7.6+4ubuntu2
Thanks for the report. I've sent a patch for this to upstream.