Menu
▾
▴
[Scim-user] [ scim-Bugs-1837071 ] SCIM segfaults during startup
|
From: SourceForge.net <no...@so...> - 2012-09-19 11:25:27
|
Bugs item #1837071, was opened at 2007-11-23 06:11 Message generated for change (Comment added) made by leggewie You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=650539&aid=1837071&group_id=108454 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Dark_Mail (dark_mail) Assigned to: Nobody/Anonymous (nobody) Summary: SCIM segfaults during startup Initial Comment: Trying to launch SCIM fails due to a segfault, gdb can't get a backtrace, it simply says "no stack". I tried version 1.4.5 and 1.4.7, same result for both. I'm using Gentoo linux with kernel 2.6.23, XFCE 4.4, Xorg 1.4 on a unicode system (x86 arch). Attached are the command line outputs of three different attempts to start SCIM with different arguments. Each time SCIM segfault it leaves an entry in the log of the following schema: [kernel] scim-launcher[some id]: segfault an <some address> eip <some address> esp <some address> error 4 The id and the addresses differ between runs. I know this is not too much information, but I don't know how to gather additional information. Any idea how to approach this problem? Regards Dark Mail ---------------------------------------------------------------------- >Comment By: Rolf (leggewie) Date: 2012-09-19 04:25 Message: We no longer ship the file to be patched. Is the original problem still an issue at all? ---------------------------------------------------------------------- Comment By: Lucas C. Villa Real (lucasvr) Date: 2008-01-26 04:20 Message: Logged In: YES user_id=649659 Originator: NO This patch is necessary to fix a buffer overflow that happens when a malformed libtool .la file is read (with unbalanced "'" quotes). Signed-off-by: Lucas C. Villa Real <lucasvr at gobolinux.org> --- scim-1.4.7/src/ltdl.cpp.orig 2008-01-26 01:32:27.000000000 -0800 +++ scim-1.4.7/src/ltdl.cpp 2008-01-26 03:15:22.000000000 -0800 @@ -2907,19 +2907,24 @@ trim ( { /* remove the leading and trailing "'" from str and store the result in dest */ + const char *start = strchr (str, '\''); const char *end = strrchr (str, '\''); size_t len = LT_STRLEN (str); char *tmp; LT_DLFREE (*dest); + + if (start == end) + end = &str[len-1]; - if (len > 3 && str[0] == '\'') + if (len > 3 && start[0] == '\'') { - tmp = LT_EMALLOC (char, end - str); + tmp = LT_EMALLOC (char, len); if (!tmp) return 1; - strncpy(tmp, &str[1], (end - str) - 1); + memset(tmp, 0, len); + strncpy(tmp, &start[1], (end - str) - 1); tmp[len-3] = LT_EOS_CHAR; *dest = tmp; } ---------------------------------------------------------------------- Comment By: Lucas C. Villa Real (lucasvr) Date: 2008-01-26 04:18 Message: Logged In: YES user_id=649659 Originator: NO While preparing and testing a package for Scim, I've got segfaults when launching scim-setup all the times. It turns out that I had a broken libtool archive that was being scanned by trim() -- a variable assignment in anthy.la had a single starting quote, but didn't have a closing one (as in "dependency_libs='foo bar "). In that case, the variable 'end' was always pointing to the first (and only) quote in the start of the string, and then "(end-str)-1" resulted in a negative value (and since size_t is unsigned, the copy was actually performed way after the end of the string's boundaries). The attached patch fixes that, by ignoring the balancing error and simply parsing the string from the first quote until its end ('\0') in those cases. Please consider applying it. Kind regards, and thanks for all your work on Scim! ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=650539&aid=1837071&group_id=108454 |
