Thank you, I have just committed a fix for this to the github repository,
https://github.com/fbergo/eboard
On Tue, Jul 31, 2018 at 2:54 PM Bernhard Übelacker <bernha...@mailbox.org>
wrote:
> Hello,
> just tried to reproduce the stack smashing.
>
> It looks like the variable "gdouble c[3];" in colorb_csok
> needs to be a "gdouble c[4];".
>
> Did not find an related upstream ticket, neither in old SF nor at Github.
> Also at Github this function was not yet changed, so this should be
> forwarded to upstream.
>
> See details below.
>
> Kind regards,
> Bernhard
>
>
>
>
> # With a locally rebuild version to get debug information.
>
> (gdb) cont
> Continuing.
>
> Hardware watchpoint 2: *0x7fffffffd428
>
> Old value = -1459212032
> New value = 0
> gtk_color_selection_get_color (colorsel=0x555555992370,
> color=0x7fffffffd410) at ./gtk/gtkcolorsel.c:2579
> 2579 ./gtk/gtkcolorsel.c: Datei oder Verzeichnis nicht gefunden.
> 1: x/i $pc
> => 0x7ffff7a01c6e <gtk_color_selection_get_color+110>: add $0x8,%rsp
> (gdb) bt
> #0 0x00007ffff7a01c6e in gtk_color_selection_get_color
> (colorsel=0x555555992370, color=0x7fffffffd410) at ./gtk/gtkcolorsel.c:2579
> #1 0x00005555555e6cdc in colorb_csok(_GtkWidget*, void*) (b=<optimized
> out>, data=0x5555558ec810) at widgetproxy.cc:364
> #2 0x00007ffff64f0f6d in g_closure_invoke () at
> /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> #3 0x00007ffff6503d3e in () at
> /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> #4 0x00007ffff650c3f5 in g_signal_emit_valist () at
> /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> #5 0x00007ffff650ce0f in g_signal_emit () at
> /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> #6 0x00007ffff79e7785 in gtk_real_button_released (button=0x5555559564e0)
> at ./gtk/gtkbutton.c:1712
> #7 0x00007ffff64f0f6d in g_closure_invoke () at
> /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> #8 0x00007ffff6503e0e in () at
> /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> #9 0x00007ffff650c3f5 in g_signal_emit_valist () at
> /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> #10 0x00007ffff650ce0f in g_signal_emit () at
> /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> #11 0x00007ffff79e6709 in gtk_button_button_release
> (widget=widget@entry=0x5555559564e0,
> event=<optimized out>) at ./gtk/gtkbutton.c:1604
> #12 0x00007ffff7a8c2bb in _gtk_marshal_BOOLEAN__BOXED
> (closure=0x5555556afa50, return_value=0x7fffffffdec0,
> n_param_values=<optimized out>, param_values=0x7fffffffdf20,
> invocation_hint=<optimized out>, marshal_data=<optimized out>) at
> ./gtk/gtkmarshalers.c:84
> #13 0x00007ffff64f0f6d in g_closure_invoke () at
> /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> #14 0x00007ffff6503ac8 in () at
> /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> #15 0x00007ffff650bd8f in g_signal_emit_valist () at
> /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> #16 0x00007ffff650ce0f in g_signal_emit () at
> /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> #17 0x00007ffff7ba227c in gtk_widget_event_internal
> (widget=widget@entry=0x5555559564e0,
> event=event@entry=0x555555a0f560) at ./gtk/gtkwidget.c:5010
> #18 0x00007ffff7ba2517 in IA__gtk_widget_event
> (widget=widget@entry=0x5555559564e0,
> event=event@entry=0x555555a0f560) at ./gtk/gtkwidget.c:4807
> #19 0x00007ffff7a8a55c in IA__gtk_propagate_event (widget=0x5555559564e0,
> event=0x555555a0f560) at ./gtk/gtkmain.c:2503
> #20 0x00007ffff7a8a95b in IA__gtk_main_do_event (event=<optimized out>) at
> ./gtk/gtkmain.c:1698
> #21 0x00007ffff770005c in gdk_event_dispatch (source=<optimized out>,
> callback=<optimized out>, user_data=<optimized out>) at
> ./gdk/x11/gdkevents-x11.c:2425
> #22 0x00007ffff6215287 in g_main_context_dispatch () at
> /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
> #23 0x00007ffff62154c0 in () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
> #24 0x00007ffff62157d2 in g_main_loop_run () at
> /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
> #25 0x00007ffff7a89987 in IA__gtk_main () at ./gtk/gtkmain.c:1270
> #26 0x000055555557d854 in main (argc=<optimized out>, argv=<optimized
> out>) at main.cc:108
> #27 0x00007ffff55b0b17 in __libc_start_main (main=0x55555557d630 <main>,
> argc=1, argv=0x7fffffffe578, init=<optimized out>, fini=<optimized out>,
> rtld_fini=<optimized out>, stack_end=0x7fffffffe568)
> at ../csu/libc-start.c:310
> #28 0x000055555557dfea in _start () at main.cc:97
> (gdb)
>
>
>
>
>
> (gdb) list gtk_color_selection_get_color
> 2566 void
> 2567 gtk_color_selection_get_color (GtkColorSelection *colorsel,
> 2568 gdouble *color)
> 2569 {
> 2570 ColorSelectionPrivate *priv;
> 2571
> 2572 g_return_if_fail (GTK_IS_COLOR_SELECTION (colorsel));
> 2573
> 2574 priv = colorsel->private_data;
> 2575 color[0] = priv->color[COLORSEL_RED];
> 2576 color[1] = priv->color[COLORSEL_GREEN];
> 2577 color[2] = priv->color[COLORSEL_BLUE];
> 2578 color[3] = priv->has_opacity ? priv->color[COLORSEL_OPACITY] :
> 65535; <--- Here we access memory beyond the variable
> "gdouble c[3];"
> 2579 }
>
>
>
>
> (gdb) list colorb_csok
> 358
> 359 void colorb_csok(GtkWidget *b,gpointer data) {
> 360 ColorButton *me;
> 361 me=(ColorButton *)data;
> 362 gdouble c[3];
> 363 int v[3];
> 364
>
> gtk_color_selection_get_color(GTK_COLOR_SELECTION(GTK_COLOR_SELECTION_DIALOG(me->colordlg)->colorsel),c);
> 365 v[0]=(int)(c[0]*255.0);
> 366 v[1]=(int)(c[1]*255.0);
> 367 v[2]=(int)(c[2]*255.0);
> 368 me->ColorValue=(v[0]<<16)|(v[1]<<8)|v[2];
> 369 gtk_grab_remove(me->colordlg);
> 370 gtk_widget_destroy(me->colordlg);
> 371 me->updateButtonFace();
> 372 }
>
>
>
>
>
> https://developer.gnome.org/gtk2/stable/GtkColorSelection.html#gtk-color-selection-get-color
> Parameters
> ...
> color: an array of 4 gdouble to fill in with the current color.
>
--
-- Felipe
