Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Nov 2015 13:44:03 +1100
From: Tim <timc@...wb.ro>
To: oss-security@...ts.openwall.com
Subject: Re: suckless sent and libxft-dev 2.3.2-1 crash

On 17/11/15 09:47, Simon . wrote:
> Hi,
>
> please review, whether this needs a CVE.
>
> Greetings
> Simon
> .
>
> ---------- Forwarded message ----------
> From: "Simon ." <bofh666ftw@...glemail.com>
> Date: Mon, 16 Nov 2015 23:37:57 +0100
> Subject: sent segfaults Xft
> To: dev@...kless.org
>
> Hi,
>
> installing "sent" failed for me. I needed to install libpng-dev + libxft-dev.
> Running "sent" on some file:
>
> simon@...hi3000:~/archive/sent$ file sent
> sent: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically
> linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32,
> BuildID[sha1]=e3a0864f2be10dd5e1f749ed9443b8391d885c9b, not stripped
> simon@...hi3000:~/archive/sent$ ls
> arg.h         config.mk       drw.h    LICENSE   README.md  sent.o  util.o
> config.def.h  core.9840.9840  drw.o    Makefile  sent       util.c
> config.h      drw.c           example  nyan.png  sent.c     util.h
> simon@...hi3000:~/archive/sent$ ./sent /etc/passwd
> Segmentation fault (core dumped)
> simon@...hi3000:~/archive/sent$ gdb -q sent
> Reading symbols from sent...done.
> (gdb) r /etc/passwd
> Starting program: /home/sk/archive/sent/sent /etc/passwd
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff74ff660 in XftCharExists ()
>     from /usr/lib/x86_64-linux-gnu/libXft.so.2
> (gdb) l
> 655				shortcuts[i].func(&(shortcuts[i].arg));
> 656	}
> 657	
> 658	void configure(XEvent *e)
> 659	{
> 660		resize(e->xconfigure.width, e->xconfigure.height);
> 661		if (slides[idx].img)
> 662			slides[idx].img->state &= ~(DRAWN | SCALED);
> 663		xdraw();
> 664	}
> (gdb) disas 0x7ffff74ff660
> Dump of assembler code for function XftCharExists:
> => 0x00007ffff74ff660 <+0>:	mov    0x10(%rsi),%rdi
>     0x00007ffff74ff664 <+4>:	test   %rdi,%rdi
>     0x00007ffff74ff667 <+7>:	je     0x7ffff74ff670 <XftCharExists+16>
>     0x00007ffff74ff669 <+9>:	mov    %edx,%esi
>     0x00007ffff74ff66b <+11>:	jmpq   0x7ffff74f5dc0 <FcCharSetHasChar@...>
>     0x00007ffff74ff670 <+16>:	xor    %eax,%eax
>     0x00007ffff74ff672 <+18>:	retq
> End of assembler dump.
>
>
> Can anyone else reproduce?
>
> Greetings
> Simon
> .

Hey Simon,

I cannot replicate your issue.

$ git show
git SHA that I built off: 448fe33370e1252ea5755066c0623b2c67818357

(Already had dependencies installed before I built. Ubuntu fyi)
$ dpkg --list | grep -e libpng -e libxft
libxft2:amd64                                           2.3.1-2
libxft2:i386                                               2.3.1-2
libxft-dev                                                  2.3.1-2
libpng12-0:amd64                                    1.2.50-1ubuntu2
libpng12-0:i386 1.2.50-1ubuntu2
libpng12-dev 1.2.50-1ubuntu2

$ file sent
sent: ELF 64-bit LSB  executable, x86-64, version 1 (SYSV), dynamically 
linked (uses shared libs), for GNU/Linux 2.6.24, 
BuildID[sha1]=1c6ce33244594ecadcea86a39de4cfc649832b2a, not stripped

Let me know off-list if I can be of any more help.

Cheers,

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ