Ubuntu
xfree86 package

  1. Bug #10973
  2. Comment #21

Comment 21 for bug 10973

Revision history for this message
In , Branden Robinson (branden) wrote : Re: Bug#284448: xserver-xfree86: xserver (ATI or Radeon something 7500) crashes on variouslaunches of programcs from within X.

reassign 284448 xfree86
retitle 284448 xfree86: font library has very poor bounds-checking and can SEGV xfs and the X server
tag 284448 = upstream fixed-upstream patch
thanks

On Fri, Dec 17, 2004 at 12:22:25PM +0100, Thomas Winischhofer wrote:
> This looks like an Xlibs bug.

Yeah, it's one of those annoying static libraries that is linked both into
xfs and the X server.

> From the fact that "pd" is set to a legal value in the debugging
> output, while "buf" (after adding "pi->data_len") is "out of bounds" I
> would very much assume that "pi->data_len" contains garbage.
>
> As regards why it does this, I have no idea.
>
> Are these patches in the Debian SVN:
>
> http://freedesktop.org/cgi-bin/viewcvs.cgi/xlibs/Xfont/fc/fserve.c?r1=3.22&r2=3.22.2.1
> http://freedesktop.org/cgi-bin/viewcvs.cgi/xlibs/Xfont/fc/fserve.c?r1=3.23&r2=3.24
> http://cvsweb.xfree86.org/cvsweb/xc/lib/font/fc/fserve.c.diff?r1=3.26&r2=3.27

No. Fortunately all of the above predate the XFree86 1.1 relicensing.

I'm attaching a patch that should be bolted onto
debian/patches/000_stolen_from_HEAD.diff.

--
G. Branden Robinson | Damnit, we're all going to die;
Debian GNU/Linux | let's die doing something *useful*!
<email address hidden> | -- Hal Clement, on comments that
http://people.debian.org/~branden/ | space exploration is dangerous