I also observe this bug with Ubuntu-8.10. It's very easy to reproduce.
1/ start xfig without argument:
$ xfig
2/ Click in the canvas to give it focus then press z (lower case) several times until xfig crashes.
On my machine it always crashes after pressing z 9 times.
Since I see "fortify" in the stack, it might either be:
- a bug in xfig caught with fortify option of gcc (since Ubuntu compiles
by default with -D_FORTIFY_SOURCE=2 I think).
- or xfig is fine bug -D_FORTIFY_SOURCE=2 detects a spirious issue
(which is possible). In that case, recompiling xfig with -D_FORTIFY_SOURCE=1
should be OK.
In "man gcc", you can see the following:
NOTE: In Ubuntu 8.10 and later versions, -D_FORTIFY_SOURCE=2 is set
by default, and is activated when -O is set to 2 or higher. This
enables additional compile-time and run-time checks for several
libc functions. To disable, specify either -U_FORTIFY_SOURCE or -D_FORTIFY_SOURCE=0.
I will try to reproduce it on Ubuntu-9.04 as soon as I have access to
such a machine.
I also observe this bug with Ubuntu-8.10. It's very easy to reproduce.
1/ start xfig without argument:
$ xfig
2/ Click in the canvas to give it focus then press z (lower case) several times until xfig crashes.
On my machine it always crashes after pressing z 9 times.
Observe the following error:
$ xfig i686/cmov/ libc.so. 6(__fortify_ fail+0x48) [0xb7e936d8] i686/cmov/ libc.so. 6[0xb7e91800] i686/cmov/ libc.so. 6[0xb7e90ef8] i686/cmov/ libc.so. 6(_IO_default_ xsputn+ 0xc8)[0xb7e06a7 8] i686/cmov/ libc.so. 6(_IO_vfprintf+ 0x371b) [0xb7ddc0db] i686/cmov/ libc.so. 6(__vsprintf_ chk+0xa4) [0xb7e90fa4] i686/cmov/ libc.so. 6(__sprintf_ chk+0x2d) [0xb7e90eed] libXt.so. 6[0xb7d8c4c1] libXt.so. 6[0xb7d8c89b] libXt.so. 6(_XtTranslateE vent+0x5e8) [0xb7d8ce98] libXt.so. 6(XtDispatchEve ntToWidget+ 0x4c2)[ 0xb7d63672] libXt.so. 6[0xb7d63e8a] libXt.so. 6(XtDispatchEve nt+0xc7) [0xb7d62cf7] i686/cmov/ libc.so. 6(__libc_ start_main+ 0xe5)[0xb7daf68 5] libXfixes. so.3.1. 0 libXfixes. so.3.1. 0 libXrender. so.1.3. 0 libXrender. so.1.3. 0 libXrender. so.1.3. 0 libXcursor. so.1.0. 2 libXcursor. so.1.0. 2 libXdmcp. so.6.0. 0 libXdmcp. so.6.0. 0 libXau. so.6.0. 0 libXau. so.6.0. 0 i686/cmov/ libdl-2. 8.90 i686/cmov/ libdl-2. 8.90 i686/cmov/ libdl-2. 8.90 libxcb. so.1.0. 0 libxcb. so.1.0. 0 libxcb. so.1.0. 0 libxcb- xlib.so. 0.0.0 libxcb- xlib.so. 0.0.0 libxcb- xlib.so. 0.0.0 libICE. so.6.3. 0 libICE. so.6.3. 0 libSM.so. 6.0.0 libSM.so. 6.0.0 libSM.so. 6.0.0 libXmu. so.6.2. 0 libXmu. so.6.2. 0 libXext. so.6.4. 0 libXext. so.6.4. 0 libz.so. 1.2.3.3 libz.so. 1.2.3.3 libXt.so. 6.0.0 libXt.so. 6.0.0
*** buffer overflow detected ***: xfig terminated
======= Backtrace: =========
/lib/tls/
/lib/tls/
/lib/tls/
/lib/tls/
/lib/tls/
/lib/tls/
/lib/tls/
xfig[0x80f76cd]
xfig[0x80f81ab]
xfig[0x80dc585]
xfig[0x80dd061]
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
xfig[0x808916d]
/lib/tls/
xfig[0x804dd91]
======= Memory map: ========
08048000-08142000 r-xp 00000000 08:04 2184158 /usr/bin/xfig
08142000-08143000 r--p 000fa000 08:04 2184158 /usr/bin/xfig
08143000-08160000 rw-p 000fb000 08:04 2184158 /usr/bin/xfig
08160000-08200000 rw-p 08160000 00:00 0
08a07000-08a8c000 rw-p 08a07000 00:00 0 [heap]
b7c99000-b7ca6000 r-xp 00000000 08:04 1894074 /lib/libgcc_s.so.1
b7ca6000-b7ca7000 r--p 0000c000 08:04 1894074 /lib/libgcc_s.so.1
b7ca7000-b7ca8000 rw-p 0000d000 08:04 1894074 /lib/libgcc_s.so.1
b7ca8000-b7cac000 r-xp 00000000 08:04 2180417 /usr/lib/
b7cac000-b7cad000 rw-p 00003000 08:04 2180417 /usr/lib/
b7cad000-b7cb5000 r-xp 00000000 08:04 2181518 /usr/lib/
b7cb5000-b7cb6000 r--p 00007000 08:04 2181518 /usr/lib/
b7cb6000-b7cb7000 rw-p 00008000 08:04 2181518 /usr/lib/
b7cb7000-b7cbf000 r-xp 00000000 08:04 2180407 /usr/lib/
b7cbf000-b7cc0000 rw-p 00007000 08:04 2180407 /usr/lib/
b7cc0000-b7cc2000 rw-p b7cc0000 00:00 0
b7cc2000-b7cc6000 r-xp 00000000 08:04 2181398 /usr/lib/
b7cc6000-b7cc7000 rw-p 00003000 08:04 2181398 /usr/lib/
b7cc7000-b7cc9000 r-xp 00000000 08:04 2180573 /usr/lib/
b7cc9000-b7cca000 rw-p 00001000 08:04 2180573 /usr/lib/
b7cca000-b7ccc000 r-xp 00000000 08:04 1909306 /lib/tls/
.so
b7ccc000-b7ccd000 r--p 00001000 08:04 1909306 /lib/tls/
.so
b7ccd000-b7cce000 rw-p 00002000 08:04 1909306 /lib/tls/
.so
b7cce000-b7ce5000 r-xp 00000000 08:04 2181505 /usr/lib/
b7ce5000-b7ce6000 r--p 00016000 08:04 2181505 /usr/lib/
b7ce6000-b7ce7000 rw-p 00017000 08:04 2181505 /usr/lib/
b7ce7000-b7ce8000 r-xp 00000000 08:04 2181509 /usr/lib/
b7ce8000-b7ce9000 r--p 00000000 08:04 2181509 /usr/lib/
b7ce9000-b7cea000 rw-p 00001000 08:04 2181509 /usr/lib/
b7cea000-b7ceb000 rw-p b7cea000 00:00 0
b7ceb000-b7d00000 r-xp 00000000 08:04 2180364 /usr/lib/
b7d00000-b7d01000 rw-p 00014000 08:04 2180364 /usr/lib/
b7d01000-b7d03000 rw-p b7d01000 00:00 0
b7d03000-b7d0a000 r-xp 00000000 08:04 2179449 /usr/lib/
b7d0a000-b7d0b000 r--p 00006000 08:04 2179449 /usr/lib/
b7d0b000-b7d0c000 rw-p 00007000 08:04 2179449 /usr/lib/
b7d0c000-b7d21000 r-xp 00000000 08:04 2180427 /usr/lib/
b7d21000-b7d22000 rw-p 00015000 08:04 2180427 /usr/lib/
b7d22000-b7d2f000 r-xp 00000000 08:04 2180024 /usr/lib/
b7d2f000-b7d31000 rw-p 0000c000 08:04 2180024 /usr/lib/
b7d31000-b7d45000 r-xp 00000000 08:04 2179310 /usr/lib/
b7d45000-b7d47000 rw-p 00013000 08:04 2179310 /usr/lib/
b7d47000-b7d48000 rw-p b7d47000 00:00 0
b7d48000-b7d95000 r-xp 00000000 08:04 2180441 /usr/lib/
b7d95000-b7d99000 rw-p 0004c000 08:04 2180441 /usr/lib/
b7d990Aborted (core dumped)
Since I see "fortify" in the stack, it might either be:
- a bug in xfig caught with fortify option of gcc (since Ubuntu compiles
by default with -D_FORTIFY_SOURCE=2 I think).
- or xfig is fine bug -D_FORTIFY_SOURCE=2 detects a spirious issue
(which is possible). In that case, recompiling xfig with -D_FORTIFY_SOURCE=1
should be OK.
In "man gcc", you can see the following:
NOTE: In Ubuntu 8.10 and later versions, -D_FORTIFY_SOURCE=2 is set
-D_ FORTIFY_ SOURCE= 0.
by default, and is activated when -O is set to 2 or higher. This
enables additional compile-time and run-time checks for several
libc functions. To disable, specify either -U_FORTIFY_SOURCE or
I will try to reproduce it on Ubuntu-9.04 as soon as I have access to
such a machine.