Date: Sat, 21 Sep 2013 11:18:21 GMT From: Francois Tigeot <ftigeot@wolfpond.org> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/182279: x11-wm/windowmaker: Fix a typo causing memory to be overwritten Message-ID: <201309211118.r8LBILnR075775@oldred.freebsd.org> Resent-Message-ID: <201309211120.r8LBK0FE004808@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 182279 >Category: ports >Synopsis: x11-wm/windowmaker: Fix a typo causing memory to be overwritten >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Sep 21 11:20:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Francois Tigeot >Release: DragonFly 3.5-DEVELOPMENT >Organization: >Environment: DragonFly sekishi.zefyris.com 3.5-DEVELOPMENT DragonFly v3.5.0.961.gd8b0268-DEVELOPMENT #183: Fri Sep 20 09:48:57 CEST 2013 ftigeot@sekishi.zefyris.com:/usr/obj/usr/src/sys/X86_64_GENERIC x86_64 >Description: This patch fixes an array-out-of-bounds memory access issue. I stumbled upon this bug by pure chance after constantly getting signal 11s from a WindowMaker built with gcc 4.7 (I used 4.4 until now). gcc 4.4 and previous versions didn't show any obvious issue even though some memory has always been overwritten. >How-To-Repeat: The problem has always been there. Try running an x11-wm/windowmaker binary built with gcc-4.7 for instant crashes. >Fix: Patch attached with submission follows: --- src/osdep_bsd.c.orig 2013-09-12 21:43:54.000000000 +0000 +++ src/osdep_bsd.c @@ -86,7 +86,7 @@ Bool GetCommandForPid(int pid, char ***a mib[0] = CTL_KERN; mib[1] = KERN_ARGMAX; mib[2] = 0; - mib[4] = 0; + mib[3] = 0; count = sizeof(argmax); if (sysctl(mib, 2, &argmax, &count, NULL, 0) == -1) >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309211118.r8LBILnR075775>