I also observe this bug with Ubuntu-8.10. It's very easy to reproduce. 1/ start xfig without argument: $ xfig 2/ Click in the canvas to give it focus then press z (lower case) several times until xfig crashes. On my machine it always crashes after pressing z 9 times. Observe the following error: $ xfig *** buffer overflow detected ***: xfig terminated ======= Backtrace: ========= /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7e936d8] /lib/tls/i686/cmov/libc.so.6[0xb7e91800] /lib/tls/i686/cmov/libc.so.6[0xb7e90ef8] /lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0xb7e06a78] /lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0x371b)[0xb7ddc0db] /lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0xb7e90fa4] /lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xb7e90eed] xfig[0x80f76cd] xfig[0x80f81ab] xfig[0x80dc585] xfig[0x80dd061] /usr/lib/libXt.so.6[0xb7d8c4c1] /usr/lib/libXt.so.6[0xb7d8c89b] /usr/lib/libXt.so.6(_XtTranslateEvent+0x5e8)[0xb7d8ce98] /usr/lib/libXt.so.6(XtDispatchEventToWidget+0x4c2)[0xb7d63672] /usr/lib/libXt.so.6[0xb7d63e8a] /usr/lib/libXt.so.6(XtDispatchEvent+0xc7)[0xb7d62cf7] xfig[0x808916d] /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7daf685] xfig[0x804dd91] ======= Memory map: ======== 08048000-08142000 r-xp 00000000 08:04 2184158 /usr/bin/xfig 08142000-08143000 r--p 000fa000 08:04 2184158 /usr/bin/xfig 08143000-08160000 rw-p 000fb000 08:04 2184158 /usr/bin/xfig 08160000-08200000 rw-p 08160000 00:00 0 08a07000-08a8c000 rw-p 08a07000 00:00 0 [heap] b7c99000-b7ca6000 r-xp 00000000 08:04 1894074 /lib/libgcc_s.so.1 b7ca6000-b7ca7000 r--p 0000c000 08:04 1894074 /lib/libgcc_s.so.1 b7ca7000-b7ca8000 rw-p 0000d000 08:04 1894074 /lib/libgcc_s.so.1 b7ca8000-b7cac000 r-xp 00000000 08:04 2180417 /usr/lib/libXfixes.so.3.1.0 b7cac000-b7cad000 rw-p 00003000 08:04 2180417 /usr/lib/libXfixes.so.3.1.0 b7cad000-b7cb5000 r-xp 00000000 08:04 2181518 /usr/lib/libXrender.so.1.3.0 b7cb5000-b7cb6000 r--p 00007000 08:04 2181518 /usr/lib/libXrender.so.1.3.0 b7cb6000-b7cb7000 rw-p 00008000 08:04 2181518 /usr/lib/libXrender.so.1.3.0 b7cb7000-b7cbf000 r-xp 00000000 08:04 2180407 /usr/lib/libXcursor.so.1.0.2 b7cbf000-b7cc0000 rw-p 00007000 08:04 2180407 /usr/lib/libXcursor.so.1.0.2 b7cc0000-b7cc2000 rw-p b7cc0000 00:00 0 b7cc2000-b7cc6000 r-xp 00000000 08:04 2181398 /usr/lib/libXdmcp.so.6.0.0 b7cc6000-b7cc7000 rw-p 00003000 08:04 2181398 /usr/lib/libXdmcp.so.6.0.0 b7cc7000-b7cc9000 r-xp 00000000 08:04 2180573 /usr/lib/libXau.so.6.0.0 b7cc9000-b7cca000 rw-p 00001000 08:04 2180573 /usr/lib/libXau.so.6.0.0 b7cca000-b7ccc000 r-xp 00000000 08:04 1909306 /lib/tls/i686/cmov/libdl-2.8.90 .so b7ccc000-b7ccd000 r--p 00001000 08:04 1909306 /lib/tls/i686/cmov/libdl-2.8.90 .so b7ccd000-b7cce000 rw-p 00002000 08:04 1909306 /lib/tls/i686/cmov/libdl-2.8.90 .so b7cce000-b7ce5000 r-xp 00000000 08:04 2181505 /usr/lib/libxcb.so.1.0.0 b7ce5000-b7ce6000 r--p 00016000 08:04 2181505 /usr/lib/libxcb.so.1.0.0 b7ce6000-b7ce7000 rw-p 00017000 08:04 2181505 /usr/lib/libxcb.so.1.0.0 b7ce7000-b7ce8000 r-xp 00000000 08:04 2181509 /usr/lib/libxcb-xlib.so.0.0.0 b7ce8000-b7ce9000 r--p 00000000 08:04 2181509 /usr/lib/libxcb-xlib.so.0.0.0 b7ce9000-b7cea000 rw-p 00001000 08:04 2181509 /usr/lib/libxcb-xlib.so.0.0.0 b7cea000-b7ceb000 rw-p b7cea000 00:00 0 b7ceb000-b7d00000 r-xp 00000000 08:04 2180364 /usr/lib/libICE.so.6.3.0 b7d00000-b7d01000 rw-p 00014000 08:04 2180364 /usr/lib/libICE.so.6.3.0 b7d01000-b7d03000 rw-p b7d01000 00:00 0 b7d03000-b7d0a000 r-xp 00000000 08:04 2179449 /usr/lib/libSM.so.6.0.0 b7d0a000-b7d0b000 r--p 00006000 08:04 2179449 /usr/lib/libSM.so.6.0.0 b7d0b000-b7d0c000 rw-p 00007000 08:04 2179449 /usr/lib/libSM.so.6.0.0 b7d0c000-b7d21000 r-xp 00000000 08:04 2180427 /usr/lib/libXmu.so.6.2.0 b7d21000-b7d22000 rw-p 00015000 08:04 2180427 /usr/lib/libXmu.so.6.2.0 b7d22000-b7d2f000 r-xp 00000000 08:04 2180024 /usr/lib/libXext.so.6.4.0 b7d2f000-b7d31000 rw-p 0000c000 08:04 2180024 /usr/lib/libXext.so.6.4.0 b7d31000-b7d45000 r-xp 00000000 08:04 2179310 /usr/lib/libz.so.1.2.3.3 b7d45000-b7d47000 rw-p 00013000 08:04 2179310 /usr/lib/libz.so.1.2.3.3 b7d47000-b7d48000 rw-p b7d47000 00:00 0 b7d48000-b7d95000 r-xp 00000000 08:04 2180441 /usr/lib/libXt.so.6.0.0 b7d95000-b7d99000 rw-p 0004c000 08:04 2180441 /usr/lib/libXt.so.6.0.0 b7d990Aborted (core dumped) Since I see "fortify" in the stack, it might either be: - a bug in xfig caught with fortify option of gcc (since Ubuntu compiles by default with -D_FORTIFY_SOURCE=2 I think). - or xfig is fine bug -D_FORTIFY_SOURCE=2 detects a spirious issue (which is possible). In that case, recompiling xfig with -D_FORTIFY_SOURCE=1 should be OK. In "man gcc", you can see the following: NOTE: In Ubuntu 8.10 and later versions, -D_FORTIFY_SOURCE=2 is set by default, and is activated when -O is set to 2 or higher. This enables additional compile-time and run-time checks for several libc functions. To disable, specify either -U_FORTIFY_SOURCE or -D_FORTIFY_SOURCE=0. I will try to reproduce it on Ubuntu-9.04 as soon as I have access to such a machine.