Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Kvt bug

From: dominik_vogt () HP COM (Dominik Vogt)
Date: Mon, 4 Oct 1999 11:42:13 +0200


On 30 Sep 99 at 11:56, pioppo () FERRARA LINUX IT wrote:


Wed, 29 Sep 1999, in a message titled "Kvt bug", Sebastian Wain wrote:


In the xterm there is a feature to change the title of the window
You can change the title of the window sending one of the escape codes of the
xterm.
(linux: man console_codes)



By Example:



ESC]2;This is my Xterm^G



This escape code changes the xterm's title to "This is my Xterm"



Obviously You can do the same using the kvt (Kde Virtual Terminal).
But the kvt has a buffer overflow. If the size of the new title of the
window is big enough then the kvt will do a core dump.


xterm too (version 3.3.2.3) coredumps...
I tried this with echo -e "\033]2;(60e+06 times 'a')\007"


    Tried the same with xterm 3.3.3 on i586, 64M RAM, 128M swap, continuously
increasing the number of 'a's (perl -e 'print "a" x 60000', 600000,
600000...).  But instead of xterm crash got Fvwm2 hangup after 6e6 "a"s.
I.e. everything else works -- I ould even press the "play" button in x11amp
with mouse, except Fvwm2.

    "strace -p <fvwm2pid>" shows that Fvwm2 waits infinitely on select().

    The only choice was to kill the window manager.

    All progs are from stock RedHat 6.0/i386 -- "Fvwm Version 2.2 compiled on
Apr  9 1999 at 16:15:38".


Sorry, I must apologize for the screwed up patch I sent on the weekend.
I made a cut-and-past error when moving the patch from our development
sources to the stable version.  The correct (and tested) patch to
fvwm-2.2.2 is attached.

Bye

Dominik ^_^

--
Dominik Vogt, Hewlett-Packard GmbH, Dept. BVS
Herrenberger Str.130, 71034 Boeblingen, Germany
phone: 07031/14-4596, fax: 07031/14-3883, dominik_vogt () hp com


*** events.c.orig       Mon Oct  4 11:36:49 1999
--- events.c    Sun Oct  3 01:28:41 1999
***************
*** 476,481 ****
--- 476,485 ----
        free_window_names (Tmp_win, True, False);

        Tmp_win->name = (char *)text_prop.value;
+       if (Tmp_win->name && strlen(Tmp_win->name) > 200)
+       /* limit to prevent hanging X server */
+       Tmp_win->name[200] = 0;
+
        if (Tmp_win->name == NULL)
          Tmp_win->name = NoName;
        BroadcastName(M_WINDOW_NAME,Tmp_win->w,Tmp_win->frame,
***************
*** 503,508 ****
--- 507,515 ----
        return;
        free_window_names (Tmp_win, False, True);
        Tmp_win->icon_name = (char *) text_prop.value;
+       if (Tmp_win->icon_name && strlen(Tmp_win->icon_name) > 200)
+       /* limit to prevent hanging X server */
+       Tmp_win->icon_name[200] = 0;
        if (Tmp_win->icon_name == NULL)
          Tmp_win->icon_name = NoName;
        BroadcastName(M_ICON_NAME,Tmp_win->w,Tmp_win->frame,
Previous By Date Next
Previous By Thread Next

Current thread: