Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 16 Nov 2015 23:47:16 +0100
From: "Simon ." <bofh666ftw@...glemail.com>
To: oss-security@...ts.openwall.com
Subject: suckless sent and libxft-dev 2.3.2-1 crash

Hi,

please review, whether this needs a CVE.

Greetings
Simon
.

---------- Forwarded message ----------
From: "Simon ." <bofh666ftw@...glemail.com>
Date: Mon, 16 Nov 2015 23:37:57 +0100
Subject: sent segfaults Xft
To: dev@...kless.org

Hi,

installing "sent" failed for me. I needed to install libpng-dev + libxft-dev.
Running "sent" on some file:

simon@...hi3000:~/archive/sent$ file sent
sent: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically
linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32,
BuildID[sha1]=e3a0864f2be10dd5e1f749ed9443b8391d885c9b, not stripped
simon@...hi3000:~/archive/sent$ ls
arg.h         config.mk       drw.h    LICENSE   README.md  sent.o  util.o
config.def.h  core.9840.9840  drw.o    Makefile  sent       util.c
config.h      drw.c           example  nyan.png  sent.c     util.h
simon@...hi3000:~/archive/sent$ ./sent /etc/passwd
Segmentation fault (core dumped)
simon@...hi3000:~/archive/sent$ gdb -q sent
Reading symbols from sent...done.
(gdb) r /etc/passwd
Starting program: /home/sk/archive/sent/sent /etc/passwd
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff74ff660 in XftCharExists ()
   from /usr/lib/x86_64-linux-gnu/libXft.so.2
(gdb) l
655				shortcuts[i].func(&(shortcuts[i].arg));
656	}
657	
658	void configure(XEvent *e)
659	{
660		resize(e->xconfigure.width, e->xconfigure.height);
661		if (slides[idx].img)
662			slides[idx].img->state &= ~(DRAWN | SCALED);
663		xdraw();
664	}
(gdb) disas 0x7ffff74ff660
Dump of assembler code for function XftCharExists:
=> 0x00007ffff74ff660 <+0>:	mov    0x10(%rsi),%rdi
   0x00007ffff74ff664 <+4>:	test   %rdi,%rdi
   0x00007ffff74ff667 <+7>:	je     0x7ffff74ff670 <XftCharExists+16>
   0x00007ffff74ff669 <+9>:	mov    %edx,%esi
   0x00007ffff74ff66b <+11>:	jmpq   0x7ffff74f5dc0 <FcCharSetHasChar@...>
   0x00007ffff74ff670 <+16>:	xor    %eax,%eax
   0x00007ffff74ff672 <+18>:	retq
End of assembler dump.


Can anyone else reproduce?

Greetings
Simon
.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ