oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: suckless sent and libxft-dev 2.3.2-1 crash

From: Tim <timc () slowb ro>
Date: Tue, 17 Nov 2015 13:44:03 +1100
On 17/11/15 09:47, Simon . wrote:

Hi,

please review, whether this needs a CVE.

Greetings
Simon
.

---------- Forwarded message ----------
From: "Simon ." <bofh666ftw () googlemail com>
Date: Mon, 16 Nov 2015 23:37:57 +0100
Subject: sent segfaults Xft
To: dev () suckless org

Hi,

installing "sent" failed for me. I needed to install libpng-dev + libxft-dev.
Running "sent" on some file:

simon@zachi3000:~/archive/sent$ file sent
sent: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically
linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32,
BuildID[sha1]=e3a0864f2be10dd5e1f749ed9443b8391d885c9b, not stripped
simon@zachi3000:~/archive/sent$ ls
arg.h         config.mk       drw.h    LICENSE   README.md  sent.o  util.o
config.def.h  core.9840.9840  drw.o    Makefile  sent       util.c
config.h      drw.c           example  nyan.png  sent.c     util.h
simon@zachi3000:~/archive/sent$ ./sent /etc/passwd
Segmentation fault (core dumped)
simon@zachi3000:~/archive/sent$ gdb -q sent
Reading symbols from sent...done.
(gdb) r /etc/passwd
Starting program: /home/sk/archive/sent/sent /etc/passwd
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff74ff660 in XftCharExists ()
    from /usr/lib/x86_64-linux-gnu/libXft.so.2
(gdb) l
655                             shortcuts[i].func(&(shortcuts[i].arg));
656     }
657     
658     void configure(XEvent *e)
659     {
660             resize(e->xconfigure.width, e->xconfigure.height);
661             if (slides[idx].img)
662                     slides[idx].img->state &= ~(DRAWN | SCALED);
663             xdraw();
664     }
(gdb) disas 0x7ffff74ff660
Dump of assembler code for function XftCharExists:
=> 0x00007ffff74ff660 <+0>:    mov    0x10(%rsi),%rdi
    0x00007ffff74ff664 <+4>:      test   %rdi,%rdi
    0x00007ffff74ff667 <+7>:      je     0x7ffff74ff670 <XftCharExists+16>
    0x00007ffff74ff669 <+9>:      mov    %edx,%esi
    0x00007ffff74ff66b <+11>:     jmpq   0x7ffff74f5dc0 <FcCharSetHasChar@plt>
    0x00007ffff74ff670 <+16>:     xor    %eax,%eax
    0x00007ffff74ff672 <+18>:     retq
End of assembler dump.


Can anyone else reproduce?

Greetings
Simon
.


Hey Simon,

I cannot replicate your issue.

$ git show
git SHA that I built off: 448fe33370e1252ea5755066c0623b2c67818357

(Already had dependencies installed before I built. Ubuntu fyi)
$ dpkg --list | grep -e libpng -e libxft
libxft2:amd64                                           2.3.1-2
libxft2:i386                                               2.3.1-2
libxft-dev                                                  2.3.1-2
libpng12-0:amd64                                    1.2.50-1ubuntu2
libpng12-0:i386 1.2.50-1ubuntu2
libpng12-dev 1.2.50-1ubuntu2

$ file sent
sent: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=1c6ce33244594ecadcea86a39de4cfc649832b2a, not stripped 

Let me know off-list if I can be of any more help.

Cheers,
Previous By Date Next
Previous By Thread Next

Current thread: