Hello,
I continued debugging from looking at #855167 and came up now with
the 6 attached patches.
With these applied olwm and olvwm are not crashing anymore inside my
minimal test vm.
Probably you want to give them a try.
> Unless there is an automated way to identify all the cases of
> integer/pointer confusion, ...
There is probably no automatic way because functions are declared implicit
or declarations are incomplete in header files.
E.g.:
warning: implicit declaration of function ‘...’
[-Wimplicit-function-declaration]
or
extern void *GetWindowProperty();
Kind regards,
Bernhard
From 3f76cdcbedf4e825f97fff9f18e32bd549f87cc9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= <bernha...@mailbox.org>
Date: Fri, 10 Mar 2017 19:54:04 +0100
Subject: Use Debian default CFLAGS to get stack-protector enabled.
- _DEFAULT_SOURCE:
To avoid "#warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" [-Wcpp]"
- no-format-security:
There is at least one place that uses sprintf without literal format string.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852532
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855167
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855168
---
debian/rules | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/debian/rules b/debian/rules
index fa82118..24e60fc 100755
--- a/debian/rules
+++ b/debian/rules
@@ -5,10 +5,9 @@ export OPENWINHOME = /usr
export X11DIR= /usr
+export EXTRA_CFLAGS = $(shell dpkg-buildflags --get CFLAGS) -D_DEFAULT_SOURCE -Wno-format-security
ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
- export EXTRA_CFLAGS = -O0
-else
- export EXTRA_CFLAGS =
+ export EXTRA_CFLAGS += -O0
endif
--
2.11.0
From d3fe1411e9a08fb5a620237b88d103a5fb79ef21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= <bernha...@mailbox.org>
Date: Sat, 11 Mar 2017 15:06:57 +0100
Subject: Avoid SIGSEGV by adding type to paramter dpy in parseKeySpec.
(gdb) bt
#0 XKeysymToKeycode (dpy=dpy@entry=0x557a1040, ks=65511) at ../../../src/xkb/XKBBind.c:157
#1 0x0000555555562dab in stringToModifier (dpy=0x557a1040, word=0x7fffffffd86e "Meta") at evbind.c:717
#2 0x000055555556302d in parseKeySpec (syms=0x7fffffffd800, specifier=<optimized out>, dpy=1434062912) at evbind.c:821
#3 establishKeyBindings (dpy=dpy@entry=0x5555557a1040, rdb=0x5555557b05c0) at evbind.c:905
#4 0x0000555555563cf3 in InitBindings (dpy=0x5555557a1040) at evbind.c:1324
#5 0x000055555555e731 in main (argc=<optimized out>, argv=<optimized out>) at olwm.c:290
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852532
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855167
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855168
---
clients/olwm/evbind.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/clients/olwm/evbind.c b/clients/olwm/evbind.c
index 818096b..d9b9ddf 100644
--- a/clients/olwm/evbind.c
+++ b/clients/olwm/evbind.c
@@ -764,6 +764,7 @@ polyStringToModifier(dpy, str)
*/
static int
parseKeySpec(dpy, specifier, syms)
+ Display *dpy;
char *specifier;
modsym *syms;
{
--
2.11.0
From f001eb1c8dc16fdd7fd2090895ad65967e0a1ea1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= <bernha...@mailbox.org>
Date: Sat, 11 Mar 2017 15:21:39 +0100
Subject: Avoid stack smashing by calling GetWindowProperty with unsigned long
instead unsigned int.
(gdb) bt
#0 0x00007ffff76a0225 in XGetWindowProperty (dpy=dpy@entry=0x5555557a1040, w=669, property=349, offset=offset@entry=0, length=length@entry=33, delete=delete@entry=0, req_type=19, actual_type=0x7fffffffd9d0, actual_format=0x7fffffffd9c4, nitems=0x7fffffffda20, bytesafter=0x7fffffffda24, prop=0x7fffffffd9c8) at ../../src/GetProp.c:56
#1 0x000055555556e5b6 in GetWindowProperty (dpy=dpy@entry=0x5555557a1040, w=<optimized out>, property=<optimized out>, long_offset=long_offset@entry=0, long_length=long_length@entry=33, req_type=req_type@entry=19, req_fmt=32, nitems=0x7fffffffda20, bytes_after=0x7fffffffda24) at properties.c:95
#2 0x000055555555f2a3 in initClientState (dpy=0x5555557a1040) at client.c:186
#3 InitClients (dpy=0x5555557a1040) at client.c:228
#4 0x000055555555e7fd in main (argc=<optimized out>, argv=<optimized out>) at olwm.c:299
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852532
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855167
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855168
---
clients/olvwm-4.1/client.c | 5 +++--
clients/olwm/client.c | 5 +++--
clients/olwm/properties.c | 4 ++--
3 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/clients/olvwm-4.1/client.c b/clients/olvwm-4.1/client.c
index 999222e..410f8d4 100644
--- a/clients/olvwm-4.1/client.c
+++ b/clients/olvwm-4.1/client.c
@@ -179,7 +179,7 @@ Display *dpy;
{
int *ledMap;
int i,numLeds;
- unsigned int nitems,nremain;
+ unsigned long nitems,nremain;
DoingWindowState = False;
@@ -780,7 +780,8 @@ ClientProcessDragDropInterest(cli, state)
int state; /* PropertyNewValue or PropertyDelete */
{
unsigned long *data;
- int nitems, remain, nsites, i, areatype, nelts;
+ unsigned long nitems, remain;
+ int nsites, i, areatype, nelts;
int cur = 0;
Window wid;
unsigned long sid, flags;
diff --git a/clients/olwm/client.c b/clients/olwm/client.c
index 5a80906..2937021 100644
--- a/clients/olwm/client.c
+++ b/clients/olwm/client.c
@@ -175,7 +175,7 @@ Display *dpy;
{
int *ledMap;
int i,numLeds,led;
- unsigned int nitems,nremain;
+ unsigned long nitems,nremain;
XKeyboardControl kbdvalue;
DoingWindowState = False;
@@ -774,7 +774,8 @@ ClientProcessDragDropInterest(cli, state)
int state; /* PropertyNewValue or PropertyDelete */
{
unsigned long *data;
- int nitems, remain, nsites, i, areatype, nelts;
+ unsigned long nitems, remain;
+ int nsites, i, areatype, nelts;
int cur = 0;
Window wid;
unsigned long sid, flags;
diff --git a/clients/olwm/properties.c b/clients/olwm/properties.c
index eb5c93b..b682962 100644
--- a/clients/olwm/properties.c
+++ b/clients/olwm/properties.c
@@ -507,7 +507,7 @@ PropGetWMState(dpy,win,state,iconwin)
int *state; /* RETURN */
Window *iconwin; /* RETURN */
{
- unsigned int nItems,remain;
+ unsigned long nItems,remain;
int *data;
if (!PropAvailable(win,WMStateAvail))
@@ -568,7 +568,7 @@ PropGetOLWindowState(dpy,win,winState)
OLWindowState *winState; /* RETURN */
{
OLWindowState *newState;
- unsigned int nItems,remain;
+ unsigned long nItems,remain;
if (!PropAvailable(win,OLWindowStateAvail))
return False;
--
2.11.0
From 6f591f9e20d5254b7dfa7793ea9af97a796b79d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= <bernha...@mailbox.org>
Date: Sat, 11 Mar 2017 15:50:57 +0100
Subject: Avoid stack smashing by calling st_lookup with pointer to long
instead of int.
(gdb) bt
#0 st_lookup (table=0x555555809050, key=key@entry=0x55555580f2f0 "OLC_basic", value=value@entry=0x7fffffffd784) at st.c:137
#1 0x00005555555657e6 in initPointer (dpy=dpy@entry=0x5555557d8f80, cmap=cmap@entry=88, data=<optimized out>, pointer=0x5555557d47c8 <GRV+136>) at cursors.c:277
#2 0x00005555555659b5 in initOtherPointers (cmap=88, dpy=0x5555557d8f80) at cursors.c:321
#3 InitCursors (dpy=dpy@entry=0x5555557d8f80, scrInfo=scrInfo@entry=0x5555557fc650) at cursors.c:431
#4 0x000055555558686c in initScreenInfo (dpy=dpy@entry=0x5555557d8f80, screenno=screenno@entry=0, visInfo=visInfo@entry=0x555555803c40, nvis=<optimized out>) at screen.c:2590
#5 0x000055555558727e in InitScreens (dpy=0x5555557d8f80) at screen.c:2659
#6 0x00005555555629a8 in main (argc=<optimized out>, argv=<optimized out>) at olwm.c:336
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852532
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855167
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855168
---
clients/olvwm-4.1/cursors.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/clients/olvwm-4.1/cursors.c b/clients/olvwm-4.1/cursors.c
index 1a4d7de..f92f161 100644
--- a/clients/olvwm-4.1/cursors.c
+++ b/clients/olvwm-4.1/cursors.c
@@ -262,6 +262,7 @@ initPointer(dpy, cmap, data, pointer)
char *our_copy, *ptr;
Bool end = False;
int cursor_id;
+ long cursor_id_long;
char *font_file = NULL;
char *cursor_id_p;
@@ -274,7 +275,8 @@ initPointer(dpy, cmap, data, pointer)
end = True;
else *ptr = '\0';
- if (st_lookup(cursorTable, our_copy, &cursor_id)) {
+ if (st_lookup(cursorTable, our_copy, &cursor_id_long)) { /* st_lookup wants memory of the size of a pointer */
+ cursor_id_long = cursor_id;
if (our_copy[0] == 'X')
font_file = "cursor";
else if (our_copy[0] == 'O')
--
2.11.0
From 85c22711fbdfaa3c5dc0fc52cea8dc9b8afc1723 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= <bernha...@mailbox.org>
Date: Sat, 11 Mar 2017 16:26:06 +0100
Subject: Avoid SIGSEGV by giving the needed types to st_insert. (By Adam M.
Costello)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852532
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855167
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855168
---
clients/olvwm-4.1/cursors.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/clients/olvwm-4.1/cursors.c b/clients/olvwm-4.1/cursors.c
index f92f161..986b369 100644
--- a/clients/olvwm-4.1/cursors.c
+++ b/clients/olvwm-4.1/cursors.c
@@ -425,7 +425,7 @@ struct _cursor_data *p;
cursorTable = st_init_table(strcmp, cursorHash);
for (p = cursor_names; p->name; p++)
- st_insert(cursorTable, (int) p->name, (char *) p->num);
+ st_insert(cursorTable, p->name, (char *) p->num);
if (!initResizePointers(dpy, cmap))
GRV.SpecialResizePointers = False;
--
2.11.0
From 215e628de7d6a499e5c88267a9c2b8c5eb403112 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= <bernha...@mailbox.org>
Date: Sat, 11 Mar 2017 16:05:09 +0100
Subject: Avoid SIGSEGV by including mem.h to avoid truncated pointer from
MemAlloc. (By Adam M. Costello)
(gdb) bt
#0 0x000055555556ac8d in MakeOpenButton (dpy=dpy@entry=0x5555557d8f80, scrInfo=scrInfo@entry=0x5555557fc650) at images.c:739
#1 0x00005555555902f7 in initMenuButtons (dpy=0x5555557d8f80, scrInfo=0x5555557fc650) at usermenu.c:2043
#2 0x00005555555904da in InitMenus (dpy=dpy@entry=0x5555557d8f80, scrInfo=scrInfo@entry=0x5555557fc650) at usermenu.c:2082
#3 0x0000555555586869 in initScreenInfo (dpy=dpy@entry=0x5555557d8f80, screenno=screenno@entry=0, visInfo=visInfo@entry=0x555555803c40, nvis=<optimized out>) at screen.c:2595
#4 0x000055555558726e in InitScreens (dpy=0x5555557d8f80) at screen.c:2659
#5 0x00005555555629a8 in main (argc=<optimized out>, argv=<optimized out>) at olwm.c:336
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852532
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855167
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855168
---
clients/olvwm-4.1/images.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/clients/olvwm-4.1/images.c b/clients/olvwm-4.1/images.c
index 94e55b0..b7c5781 100644
--- a/clients/olvwm-4.1/images.c
+++ b/clients/olvwm-4.1/images.c
@@ -22,6 +22,7 @@
#include "globals.h"
#include "win.h"
#include "menu.h"
+#include "mem.h"
/*
* Frame/icon menu action procs
--
2.11.0
