Bug#739962: xscreensaver: segfault if no PATH is set in environment

Bernhard Miklautz Mon, 24 Feb 2014 04:09:51 -0800

Package: xscreensaver
Version: 5.15-3
Severity: important
Tags: patch

This can easily be reproduced:


env -u PATH /usr/bin/xscreensaver

PATH is set in circumstances but it shouldn't crash otherwise.

-- System Information:
Debian Release: 7.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.12.0 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages xscreensaver depends on:
ii  libatk1.0-0         2.4.0-2
ii  libc6               2.13-38+deb7u1
ii  libcairo2           1.12.2-3
ii  libfontconfig1      2.9.0-7.1
ii  libfreetype6        2.4.9-1.1
ii  libgdk-pixbuf2.0-0  2.26.1-1
ii  libglade2-0         1:2.6.4-1
ii  libglib2.0-0        2.33.12+really2.32.4-5
ii  libgtk2.0-0         2.24.10-2
ii  libice6             2:1.0.8-2
ii  libpam0g            1.1.3-7.1
ii  libpango1.0-0       1.30.0-1
ii  libsm6              2:1.2.1-2
ii  libx11-6            2:1.5.0-1+deb7u1
ii  libxext6            2:1.3.1-2+deb7u1
ii  libxi6              2:1.6.1-1+deb7u1
ii  libxinerama1        2:1.1.2-1+deb7u1
ii  libxml2             2.8.0+dfsg1-7+nmu2
ii  libxmu6             2:1.1.1-1
ii  libxpm4             1:3.5.10-1
ii  libxrandr2          2:1.3.2-2+deb7u1
ii  libxrender1         1:0.9.7-1+deb7u1
ii  libxt6              1:1.1.3-1+deb7u1
ii  libxxf86vm1         1:1.1.2-1+deb7u1
ii  xscreensaver-data   5.15-3

Versions of packages xscreensaver recommends:
ii  libjpeg-progs         8d-1
ii  perl [perl5]          5.14.2-21+deb7u1
ii  wamerican [wordlist]  7.1-1

Versions of packages xscreensaver suggests:
ii  fortune-mod [fortune]             1:1.99.1-4
ii  gdm3                              3.4.1-8
ii  google-chrome-beta [www-browser]  33.0.1750.117-1
ii  iceweasel [www-browser]           17.0.10esr-1~deb7u1
pn  qcam | streamer                   <none>
ii  w3m [www-browser]                 0.5.3-8
pn  xdaliclock                        <none>
pn  xfishtank                         <none>
ii  xscreensaver-gl                   5.15-3

-- no debconf information

diff --git a/driver/subprocs.c b/driver/subprocs.c
index fb621cd..3b13ae0 100644
--- a/driver/subprocs.c
+++ b/driver/subprocs.c
@@ -1099,11 +1099,22 @@ hack_environment (saver_info *si)
   if (def_path && *def_path)
     {
       const char *opath = getenv("PATH");
-      char *npath = (char *) malloc(strlen(def_path) + strlen(opath) + 20);
+      char *npath;
+      unsigned int len;
+
+      if (opath)
+        len = strlen(def_path) + strlen(opath) + strlen("PATH=:") + 1;
+      else
+        len = strlen(def_path) + strlen("PATH=") + 1;
+      npath = (char *) malloc(len);
       strcpy (npath, "PATH=");
       strcat (npath, def_path);
-      strcat (npath, ":");
-      strcat (npath, opath);
+
+      if (opath)
+        {
+          strcat (npath, ":");
+          strcat (npath, opath);
+        }
 
       if (putenv (npath))
 	abort ();

Bug#739962: xscreensaver: segfault if no PATH is set in environment

Reply via email to