Ubuntu
xfig package

  1. Bug #318812
  2. Comment #3

Comment 3 for bug 318812

Revision history for this message
Dominique Pellé (dominique-pelle) wrote :

I also observe this bug with Ubuntu-8.10. It's very easy to reproduce.

1/ start xfig without argument:
    $ xfig

2/ Click in the canvas to give it focus then press z (lower case) several times until xfig crashes.
    On my machine it always crashes after pressing z 9 times.

Observe the following error:

$ xfig
*** buffer overflow detected ***: xfig terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7e936d8]
/lib/tls/i686/cmov/libc.so.6[0xb7e91800]
/lib/tls/i686/cmov/libc.so.6[0xb7e90ef8]
/lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0xb7e06a78]
/lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0x371b)[0xb7ddc0db]
/lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0xb7e90fa4]
/lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xb7e90eed]
xfig[0x80f76cd]
xfig[0x80f81ab]
xfig[0x80dc585]
xfig[0x80dd061]
/usr/lib/libXt.so.6[0xb7d8c4c1]
/usr/lib/libXt.so.6[0xb7d8c89b]
/usr/lib/libXt.so.6(_XtTranslateEvent+0x5e8)[0xb7d8ce98]
/usr/lib/libXt.so.6(XtDispatchEventToWidget+0x4c2)[0xb7d63672]
/usr/lib/libXt.so.6[0xb7d63e8a]
/usr/lib/libXt.so.6(XtDispatchEvent+0xc7)[0xb7d62cf7]
xfig[0x808916d]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7daf685]
xfig[0x804dd91]
======= Memory map: ========
08048000-08142000 r-xp 00000000 08:04 2184158 /usr/bin/xfig
08142000-08143000 r--p 000fa000 08:04 2184158 /usr/bin/xfig
08143000-08160000 rw-p 000fb000 08:04 2184158 /usr/bin/xfig
08160000-08200000 rw-p 08160000 00:00 0
08a07000-08a8c000 rw-p 08a07000 00:00 0 [heap]
b7c99000-b7ca6000 r-xp 00000000 08:04 1894074 /lib/libgcc_s.so.1
b7ca6000-b7ca7000 r--p 0000c000 08:04 1894074 /lib/libgcc_s.so.1
b7ca7000-b7ca8000 rw-p 0000d000 08:04 1894074 /lib/libgcc_s.so.1
b7ca8000-b7cac000 r-xp 00000000 08:04 2180417 /usr/lib/libXfixes.so.3.1.0
b7cac000-b7cad000 rw-p 00003000 08:04 2180417 /usr/lib/libXfixes.so.3.1.0
b7cad000-b7cb5000 r-xp 00000000 08:04 2181518 /usr/lib/libXrender.so.1.3.0
b7cb5000-b7cb6000 r--p 00007000 08:04 2181518 /usr/lib/libXrender.so.1.3.0
b7cb6000-b7cb7000 rw-p 00008000 08:04 2181518 /usr/lib/libXrender.so.1.3.0
b7cb7000-b7cbf000 r-xp 00000000 08:04 2180407 /usr/lib/libXcursor.so.1.0.2
b7cbf000-b7cc0000 rw-p 00007000 08:04 2180407 /usr/lib/libXcursor.so.1.0.2
b7cc0000-b7cc2000 rw-p b7cc0000 00:00 0
b7cc2000-b7cc6000 r-xp 00000000 08:04 2181398 /usr/lib/libXdmcp.so.6.0.0
b7cc6000-b7cc7000 rw-p 00003000 08:04 2181398 /usr/lib/libXdmcp.so.6.0.0
b7cc7000-b7cc9000 r-xp 00000000 08:04 2180573 /usr/lib/libXau.so.6.0.0
b7cc9000-b7cca000 rw-p 00001000 08:04 2180573 /usr/lib/libXau.so.6.0.0
b7cca000-b7ccc000 r-xp 00000000 08:04 1909306 /lib/tls/i686/cmov/libdl-2.8.90
.so
b7ccc000-b7ccd000 r--p 00001000 08:04 1909306 /lib/tls/i686/cmov/libdl-2.8.90
.so
b7ccd000-b7cce000 rw-p 00002000 08:04 1909306 /lib/tls/i686/cmov/libdl-2.8.90
.so
b7cce000-b7ce5000 r-xp 00000000 08:04 2181505 /usr/lib/libxcb.so.1.0.0
b7ce5000-b7ce6000 r--p 00016000 08:04 2181505 /usr/lib/libxcb.so.1.0.0
b7ce6000-b7ce7000 rw-p 00017000 08:04 2181505 /usr/lib/libxcb.so.1.0.0
b7ce7000-b7ce8000 r-xp 00000000 08:04 2181509 /usr/lib/libxcb-xlib.so.0.0.0
b7ce8000-b7ce9000 r--p 00000000 08:04 2181509 /usr/lib/libxcb-xlib.so.0.0.0
b7ce9000-b7cea000 rw-p 00001000 08:04 2181509 /usr/lib/libxcb-xlib.so.0.0.0
b7cea000-b7ceb000 rw-p b7cea000 00:00 0
b7ceb000-b7d00000 r-xp 00000000 08:04 2180364 /usr/lib/libICE.so.6.3.0
b7d00000-b7d01000 rw-p 00014000 08:04 2180364 /usr/lib/libICE.so.6.3.0
b7d01000-b7d03000 rw-p b7d01000 00:00 0
b7d03000-b7d0a000 r-xp 00000000 08:04 2179449 /usr/lib/libSM.so.6.0.0
b7d0a000-b7d0b000 r--p 00006000 08:04 2179449 /usr/lib/libSM.so.6.0.0
b7d0b000-b7d0c000 rw-p 00007000 08:04 2179449 /usr/lib/libSM.so.6.0.0
b7d0c000-b7d21000 r-xp 00000000 08:04 2180427 /usr/lib/libXmu.so.6.2.0
b7d21000-b7d22000 rw-p 00015000 08:04 2180427 /usr/lib/libXmu.so.6.2.0
b7d22000-b7d2f000 r-xp 00000000 08:04 2180024 /usr/lib/libXext.so.6.4.0
b7d2f000-b7d31000 rw-p 0000c000 08:04 2180024 /usr/lib/libXext.so.6.4.0
b7d31000-b7d45000 r-xp 00000000 08:04 2179310 /usr/lib/libz.so.1.2.3.3
b7d45000-b7d47000 rw-p 00013000 08:04 2179310 /usr/lib/libz.so.1.2.3.3
b7d47000-b7d48000 rw-p b7d47000 00:00 0
b7d48000-b7d95000 r-xp 00000000 08:04 2180441 /usr/lib/libXt.so.6.0.0
b7d95000-b7d99000 rw-p 0004c000 08:04 2180441 /usr/lib/libXt.so.6.0.0
b7d990Aborted (core dumped)

Since I see "fortify" in the stack, it might either be:
- a bug in xfig caught with fortify option of gcc (since Ubuntu compiles
  by default with -D_FORTIFY_SOURCE=2 I think).

- or xfig is fine bug -D_FORTIFY_SOURCE=2 detects a spirious issue
  (which is possible). In that case, recompiling xfig with -D_FORTIFY_SOURCE=1
  should be OK.

In "man gcc", you can see the following:

           NOTE: In Ubuntu 8.10 and later versions, -D_FORTIFY_SOURCE=2 is set
           by default, and is activated when -O is set to 2 or higher. This
           enables additional compile-time and run-time checks for several
           libc functions. To disable, specify either -U_FORTIFY_SOURCE or
           -D_FORTIFY_SOURCE=0.

I will try to reproduce it on Ubuntu-9.04 as soon as I have access to
such a machine.