Skip to content
GitLab
Closed
Issue created by Jani Välimaa@wally-mageia

xfwm4 4.14.2 buffer overflows and crashes

I'm suspecting that glib 2.56.0 causes the crash. It started to happen right after glib was updated to 2.56.0 in Mageia Cauldron, the development version of Mageia Linux.

Thread 1 "xfwm4" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50	../sysdeps/unix/sysv/linux/raise.c: Tiedostoa tai hakemistoa ei ole.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff6dbe527 in __GI_abort () at abort.c:79
#2  0x00007ffff6e138b8 in __libc_message
    (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff6f1b3c3 "*** %s ***: terminated\n")
    at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007ffff6e9e7a2 in __GI___fortify_fail (msg=msg@entry=0x7ffff6f1b359 "buffer overflow detected") at fortify_fail.c:26
#4  0x00007ffff6e9d270 in __GI___chk_fail () at chk_fail.c:28
#5  0x00007ffff6e9cbf2 in __strcpy_chk
    (dest=dest@entry=0x7fffffffc5d0 "#C0C0C0", src=0x7467f0 "/* XPM */\nstatic char * left_active_xpm[] = {\n\"5 24 3 1\",\n\"       c None\",\n\"#      c #C0C0C0 s inactive_color_2\",\n\"@      c #C0C0FF s inactive_color_2\",\n\"@@@@@\",\n\"@@@@@\",\n\"@@@@@\",\n\"@@@@@\",\n\"@@@@@\",\n\"@"..., destlen=destlen@entry=129) at strcpy_chk.c:30
#6  0x000000000043228a in strcpy (__src=<optimized out>, __dest=0x7fffffffc5d0 "#C0C0C0")
    at /usr/include/bits/string_fortified.h:90
#7  xpm_extract_color (color_sym=0x7fffffffcb10, buffer=<optimized out>) at mypixmap.c:441
#8  pixbuf_create_from_xpm (color_sym=0x7fffffffcb10, handle=0x7fffffffc090) at mypixmap.c:599
#9  xpm_image_load
    (filename=filename@entry=0x745730 "/usr/share/themes/Default/xfwm4/left-active.xpm", color_sym=color_sym@entry=0x7fffffffcb10) at mypixmap.c:706
#10 0x0000000000432cf5 in xfwmPixmapLoad
    (screen_info=screen_info@entry=0x72f1d0, pm=pm@entry=0x72fd10, dir=dir@entry=0x49e5e0 "/usr/share/themes/Default/xfwm4", file=file@entry=0x7fffffffd9e0 "left-active", cs=cs@entry=0x7fffffffcb10) at mypixmap.c:972
#11 0x000000000043d948 in loadTheme (rc=0x7fffffffcca0, screen_info=0x72f1d0) at settings.c:486
#12 loadSettings (screen_info=screen_info@entry=0x72f1d0) at settings.c:755
#13 0x000000000043fee7 in initSettings (screen_info=screen_info@entry=0x72f1d0) at settings.c:1072
#14 0x000000000040ec22 in initialize (replace_wm=1, compositor_mode=2) at main.c:649
#15 main (argc=<optimized out>, argv=<optimized out>) at main.c:803

Attached GDB full backtrace GDB full backtrace

I'm using Default theme with xfwm4 and I can bypass the issue by removing all " s inactive_color_2" entries from .xpm files under /usr/share/themes/Default/xfwm4/. However this only allows to xfwm4 to run without crashes, but theming is somehow broken.

$ xfwm4 -V
Logging to xfwm4-debug-6640.log
	This is xfwm4 version 4.14.2 (revision bb38fd909) for Xfce 4.15
	Released under the terms of the GNU General Public License.
	Compiled against GTK+-3.24.21, using GTK+-3.24.21.

	Build configuration and supported features:
	- Startup notification support:                 Yes
	- XSync support:                                Yes
	- Render support:                               Yes
	- Xrandr support:                               Yes
	- Xpresent support:                             Yes
	- Embedded compositor:                          Yes
	- Epoxy support:                                Yes
	- KDE systray proxy (deprecated):               No