*** buffer overflow detected ***: xfig terminated

This Bug does not need the line. Xfig crahes whenever you zoom out enough.
Seems to be caused by gcc's optimization. After compiling it with -O0 it works. At least for me.

I also observe this bug with Ubuntu-8.10. It's very easy to reproduce.

1/ start xfig without argument:
    $ xfig

2/ Click in the canvas to give it focus then press z (lower case) several times until xfig crashes.
    On my machine it always crashes after pressing z 9 times.

Observe the following error:

$ xfig
*** buffer overflow detected ***: xfig terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7e936d8]
/lib/tls/i686/cmov/libc.so.6[0xb7e91800]
/lib/tls/i686/cmov/libc.so.6[0xb7e90ef8]
/lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0xb7e06a78]
/lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0x371b)[0xb7ddc0db]
/lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0xb7e90fa4]
/lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xb7e90eed]
xfig[0x80f76cd]
xfig[0x80f81ab]
xfig[0x80dc585]
xfig[0x80dd061]
/usr/lib/libXt.so.6[0xb7d8c4c1]
/usr/lib/libXt.so.6[0xb7d8c89b]
/usr/lib/libXt.so.6(_XtTranslateEvent+0x5e8)[0xb7d8ce98]
/usr/lib/libXt.so.6(XtDispatchEventToWidget+0x4c2)[0xb7d63672]
/usr/lib/libXt.so.6[0xb7d63e8a]
/usr/lib/libXt.so.6(XtDispatchEvent+0xc7)[0xb7d62cf7]
xfig[0x808916d]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7daf685]
xfig[0x804dd91]
======= Memory map: ========
08048000-08142000 r-xp 00000000 08:04 2184158 /usr/bin/xfig
08142000-08143000 r--p 000fa000 08:04 2184158 /usr/bin/xfig
08143000-08160000 rw-p 000fb000 08:04 2184158 /usr/bin/xfig
08160000-08200000 rw-p 08160000 00:00 0
08a07000-08a8c000 rw-p 08a07000 00:00 0 [heap]
b7c99000-b7ca6000 r-xp 00000000 08:04 1894074 /lib/libgcc_s.so.1
b7ca6000-b7ca7000 r--p 0000c000 08:04 1894074 /lib/libgcc_s.so.1
b7ca7000-b7ca8000 rw-p 0000d000 08:04 1894074 /lib/libgcc_s.so.1
b7ca8000-b7cac000 r-xp 00000000 08:04 2180417 /usr/lib/libXfixes.so.3.1.0
b7cac000-b7cad000 rw-p 00003000 08:04 2180417 /usr/lib/libXfixes.so.3.1.0
b7cad000-b7cb5000 r-xp 00000000 08:04 2181518 /usr/lib/libXrender.so.1.3.0
b7cb5000-b7cb6000 r--p 00007000 08:04 2181518 /usr/lib/libXrender.so.1.3.0
b7cb6000-b7cb7000 rw-p 00008000 08:04 2181518 /usr/lib/libXrender.so.1.3.0
b7cb7000-b7cbf000 r-xp 00000000 08:04 2180407 /usr/lib/libXcursor.so.1.0.2
b7cbf000-b7cc0000 rw-p 00007000 08:04 2180407 /usr/lib/libXcursor.so.1.0.2
b7cc0000-b7cc2000 rw-p b7cc0000 00:00 0
b7cc2000-b7cc6000 r-xp 00000000 08:04 2181398 /usr/lib/libXdmcp.so.6.0.0
b7cc6000-b7cc7000 rw-p 00003000 08:04 2181398 /usr/lib/libXdmcp.so.6.0.0
b7cc7000-b7cc9000 r-xp 00000000 08:04 2180573 /usr/lib/libXau.so.6.0.0
b7cc9000-b7cca000 rw-p 00001000 08:04 2180573 /usr/lib/libXau.so.6.0.0
b7cca000-b7ccc000 r-xp 00000000 08:04 1909306 /lib/tls/i686/cmov/libdl-2.8.90
.so
b7ccc000-b7ccd000 r--p 00001000 08:04 1909306 /lib/tls/i686/cmov/libdl-2.8.90
.so
b7ccd000-b7cce000 rw-p 00002000 08:04 1909306 /lib/tls/i686/cmov/libdl-2.8.90
.so
b7cce000-b7ce5000 r-xp 00000000 08:04 2181505 /usr/lib/libxcb.so.1.0.0
b7ce5000-b7ce6000 r--p 00016000 08:04 2181505 /usr/lib/libxcb.so.1.0.0
b7ce6000-b7ce7000 rw-p 00017000 08:04 2181505 /usr/lib/libxcb.so.1.0.0
b7ce7000-b7ce8000 r-xp 00000000 08:04 2181509 /usr/lib/libxcb-xlib.so.0.0.0
b7ce8000-b7ce9000 ...

This bug still happens with latest release Ubuntu-9.04 (as well as 8.10).
Very easy to reproduce as explain in previous comment.

The bug is with the size of the 'number' strings defined at w_rulers.c:1169 and w_rulers.c:1428.
These strings store the numbers and units that appear on the rulers. If you zoom out enough you will get something like '-1000cm' which is 7 characters long. The strings only store 6. Therefore the size of those strings must be raised to at least 8 and to prevent further problems sprintf should be replaced with snprintf if complete ANSI compliance is not a primary concern.
If the package maintainer could do this it would be great.

I've created a dpatch that fixes the bug in the aforementioned way.

This was still happening in Ubuntu 9.10 when I did an upgrade. I originally experienced it in 8.XX and got with the author who provided me with a fix/patch that can be recompiled into Xfig and gets it working. Is there any way to go about getting this patch into the deb file so that it can be installed with apt-get rather than having to go out side the package system and use a compile? (the compile is rather complex for new users and I would hate to see Xfig go by way of the Dodo since there is nothing even close to it for speed and functionality).

I am having this crash problems. I use ubuntu and that is for a reason! I do not know how to patch the xfig program. Please help me and my xfig!

Tested on Ubuntu 9.04

Start an xterm (or other terminal)
In the Terminal:

Create a Folder for xfig
    mkdir xfig
change into that folder
    cd xfig
download the xfig source
    apt-get source xfig
download tools/libraries necessary for xfig
    apt-get build-dep xfig
change into the source folder
    cd xfig-*
change into the folder for the patches
    cd debian/patches
download the patch posted three posts up
    wget http://launchpadlibrarian.net/26764274/25_rulers_overflow_fix.dpatch
add patch to the list of patches to be applied
    echo 25_rulers_overflow_fix.dpatch >> 00list
change back to the main folder
    cd ../..
compile
    fakeroot debian/rules binary
the new packages are in the xfig folder
    cd ..
install the new packages
    sudo dpkg -i xfig*.deb

You now have a patched xfig that no longer crashes at that point

Just for the records: This bug should be fixed since 1:3.2.5.a-1, while Debian sid and squeeze already ship 1:3.2.5.a-2. So Ubuntu should think about upgrading the package.

Wonderful. Thank you very much for making the patch and a guide of how to patch it. I can confirm that its working flawless now. My xfig and I are very happy now!

pemehe (or whoever else) : is it possible to include the patched package on ubuntu mirrors ? so that one can simply install the binary, and not recompile from the source (since it's annoying to find and install all the libraries sources needed to compile xfig)...It would be great...(I'm turned to inkscape since this bug prevent me to use my lovely xfig...)

Inkscape fell short for my needs - and the size of my physical plan
layout was too large for it to handle - I would also love to see the
patched version of Xfig added to the repositories, but I still have
not seen anything that compares to it - maybe QCad - but really XFig
is better IMHO.

On Thu, Aug 6, 2009 at 8:41 AM, thomas<email address hidden> wrote:
> pemehe (or whoever else) : is it possible to include the patched package
> on ubuntu mirrors ? so that one can simply install the binary, and not
> recompile from the source (since it's annoying to find and install all
> the libraries sources needed to compile xfig)...It would be great...(I'm
> turned to inkscape since this bug prevent me to use my lovely xfig...)
>
> --
> *** buffer overflow detected ***: xfig terminated
> https://bugs.launchpad.net/bugs/318812
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
We are all atheists about most of the gods that humanity has ever
believed in. Some of us just go one god further." - R. Dawkins

I can't reproduce this bug anymore in Ubuntu-9.10 (Karmic Koala) so it appears to have been fixed.

$ xfig -v
Xfig 3.2 patchlevel 5a (Protocol 3.2)

The bug "buffer overflow" of xfig is worse than ever in Ubuntu-9.10 (Karmic Koala)
whenever I push the "done" button (for example after editing) or the "set" button (after zooming)
xfig crashes!

My linux kernel is Linux lancelot 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:05:01 UTC 2009 x86_64 GNU/Linux

A.Leroux

This should be fixed since 3.2.5.a, why isn't this bug report closed?