Ubuntu
gtkterm package

gtkterm segfaults on send hexadecimal data

Bug #60400 reported by Elie De Brauwer on 2006-09-14

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	gtkterm (Ubuntu)	Fix Released	Low	Unassigned

Bug Description

Binary package hint: gtkterm

apt-get install gtkterm

edb@lapedb:~$ dpkg -s gtkterm
Package: gtkterm
Status: install ok installed
Priority: optional
Section: comm
Installed-Size: 228
Maintainer: Sebastien Bacher <email address hidden>
Architecture: i386
Version: 0.99.5-1

Launch it menu -> "View" -> "Send hexadecimal data". A new input box appears, click in it and press "enter" without entering data. It segfault ;-)

Program received signal SIGSEGV, Segmentation fault.
0x080545f4 in ?? ()
(gdb) bt
#0 0x080545f4 in ?? ()
#1 0x00000000 in ?? ()

When I apt-get source it and compile it:
Program received signal SIGSEGV, Segmentation fault.
Send_Hexadecimal (widget=0x80a04a8, event=0x0, pointer=0xb77085d1)
    at widgets.c:613
613 all_written[0] = 0;
(gdb) bt
#0 Send_Hexadecimal (widget=0x80a04a8, event=0x0, pointer=0xb77085d1)
    at widgets.c:613
#1 0xb7a2c423 in g_cclosure_marshal_VOID__VOID ()
   from /usr/lib/libgobject-2.0.so.0
#2 0xb7a2079f in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#3 0xb7a2f2ea in g_signal_stop_emission () from /usr/lib/libgobject-2.0.so.0
#4 0xb7a30268 in g_signal_emitv () from /usr/lib/libgobject-2.0.so.0
#5 0xb7d4414c in gtk_bin_get_child () from /usr/lib/libgtk-x11-2.0.so.0
#6 0xb7d45047 in gtk_binding_set_by_class () from /usr/lib/libgtk-x11-2.0.so.0
#7 0xb7d452b7 in gtk_binding_set_by_class () from /usr/lib/libgtk-x11-2.0.so.0
#8 0xb7d454a7 in gtk_bindings_activate_event ()
   from /usr/lib/libgtk-x11-2.0.so.0
#9 0xb7eebc11 in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0
#10 0xb7d9f495 in gtk_entry_set_visibility () from /usr/lib/libgtk-x11-2.0.so.0
#11 0xb7e098e0 in _gtk_marshal_BOOLEAN__BOXED ()
   from /usr/lib/libgtk-x11-2.0.so.0
#12 0xb7a2016f in g_cclosure_new_swap () from /usr/lib/libgobject-2.0.so.0
#13 0xb7a2079f in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#14 0xb7a2f9ce in g_signal_stop_emission () from /usr/lib/libgobject-2.0.so.0
#15 0xb7a30886 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#16 0xb7a30e89 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#17 0xb7eebdcf in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0
#18 0xb7efb46d in gtk_window_propagate_key_event ()
#19 0xb7eff731 in gtk_window_activate_key () from /usr/lib/libgtk-x11-2.0.so.0
#20 0xb7e098e0 in _gtk_marshal_BOOLEAN__BOXED ()
   from /usr/lib/libgtk-x11-2.0.so.0
#21 0xb7a2016f in g_cclosure_new_swap () from /usr/lib/libgobject-2.0.so.0
#22 0xb7a2079f in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#23 0xb7a2f9ce in g_signal_stop_emission () from /usr/lib/libgobject-2.0.so.0
#24 0xb7a30886 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#25 0xb7a30e89 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#26 0xb7eebdcf in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0
#27 0xb7e08169 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
#28 0xb7e0846b in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#29 0xb7cabdec in _gdk_events_queue () from /usr/lib/libgdk-x11-2.0.so.0
#30 0xb79af8d6 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#31 0xb79b2996 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#32 0xb79b2cb8 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#33 0xb7e07765 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#34 0x08052a77 in main (argc=1, argv=0xbfae46f4) at gtkterm.c:68

Which is the following line:

all_written = g_malloc(strlen(text) * 2);
all_written[0] = 0;

Since I entered no text strlen(text)*2 equals zero. When you insert:

  if(strlen(text) ==0){
      message = g_strdup_printf(_("0 byte(s) sent !"));
      Put_temp_message(message, 1500);
      gtk_entry_set_text(GTK_ENTRY(widget), "");
      g_free(message);
      return FALSE;
  }

before the malloc (line 612) this fixes the issue.

Related branches

lp:ubuntu/lucid/gtkterm

Revision history for this message

ville palo (vi64pa) wrote on 2006-11-08:

Confirmed, happens on my edgy too.

Changed in gtkterm:
status:	Unconfirmed → Confirmed

Revision history for this message

ville palo (vi64pa) wrote on 2006-12-02:

Forwarded to upstream: http://sourceforge.net/tracker/index.php?func=detail&aid=1607331&group_id=43923&atid=437846

Revision history for this message

Elie De Brauwer (elie) wrote on 2006-12-02:

I also e-mailed the author myself but have not yet received any response to it.

Revision history for this message

ville palo (vi64pa) wrote on 2006-12-16:

Could you make a debdiff for this, so we could have this fixed in feisty?

Revision history for this message

Elie De Brauwer (elie) wrote on 2006-12-16: Re: [Bug 60400] Re: gtkterm segfaults on send hexadecimal data

Quoting ville palo <email address hidden>:

> Could you make a debdiff for this, so we could have this fixed in
> feisty?
>
> --
> gtkterm segfaults on send hexadecimal data
> https://launchpad.net/bugs/60400
>

Okay,

I'll take a look at this when I have some spare time (within a couple of days)

gr
E.

ville palo (vi64pa) on 2007-01-19

Changed in gtkterm:
assignee:	nobody → vi64pa
importance:	Undecided → Low

Revision history for this message

Elie De Brauwer (elie) wrote on 2007-01-19:

Fix Edit (523 bytes, text/plain)

Attached is the output from:

edb@lapedb:/tmp/gtkterm-0.99.5/src$ diff -u -3 -p widgets.c.orig widgets.c > output.diff

Revision history for this message

ville palo (vi64pa) wrote on 2007-01-19:

gtkter.debdiff Edit (1.7 KiB, text/plain)

Thanks, here's a debdiff for this

Revision history for this message

ville palo (vi64pa) wrote on 2007-01-19:

u-u-s subscribed

ville palo (vi64pa) on 2007-01-20

Changed in gtkterm:
status:	Confirmed → In Progress

Revision history for this message

Michael Bienia (geser) wrote on 2007-01-23:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.7
Date: Fri, 19 Jan 2007 19:21:00 +0200
Source: gtkterm
Binary: gtkterm
Architecture: source
Version: 0.99.5-1ubuntu1
Distribution: feisty
Urgency: low
Maintainer: Sebastien Bacher <email address hidden>
Changed-By: ville palo <email address hidden>
Description:
gtkterm - A simple GTK+ serial port terminal
Changes:
gtkterm (0.99.5-1ubuntu1) feisty; urgency=low
.
   * added 01_ubuntu_segfault.patch for fixing segfault when sending
     empty hexadecimal data.
     - Fix was created by Elie De Brauwer
     - Closes malone #60400
   * Added simple-patchsys.mk
Files:
63990f9edbafd99a3105bc2824eb7c5e 737 comm optional gtkterm_0.99.5-1ubuntu1.dsc
116cca3d21787d61fc1ee54a56f429ad 2658 comm optional gtkterm_0.99.5-1ubuntu1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (GNU/Linux)

iQCVAwUBRbYtRaPP1313boLqAQMg5gP/ehOzKEKrg0/roa7pcyLsYPq1Z4PgwOdY
QhSi+/Ylkf1AKSpQzhMSaD2glmhPmS/BlrQQ/0q2FkXTdz/PESdq0eiSX4P+78gQ
KPtVfDI7aF8BeS4oB4PKrU4hfiQdgAGuvKBdKRnbYHcEtwWHAPOiOErNE+ht6kzI
Nzkjzyg34kE=
=x18B
-----END PGP SIGNATURE-----

Changed in gtkterm:
assignee:	vi64pa → geser
status:	In Progress → Fix Committed

Michael Bienia (geser) on 2007-01-25

Changed in gtkterm:
status:	Fix Committed → Fix Released

Revision history for this message

sdaau (sd-imi) wrote on 2009-11-12:

#10

Hmm.. I just tried downloading from source, and building in karmic, Ubuntu 9.10 - and still got the same problem (http://sourceforge.net/tracker/?func=detail&aid=1607331&group_id=43923&atid=437846) ... Solved it by doing:

gchar written[4]; //was 3

in widgets.c:610

Cheers..

Revision history for this message

Luke Orland (orluke) wrote on 2009-12-04:

#11

I can confirm the fix in message #10. I applied that fix to gtkterm-0.99.5-1ubuntu3 and that line of code is on line 607. So it seems that a new fix needs to be released, correct?

Revision history for this message

Luke Orland (orluke) wrote on 2009-12-04:

#12

the karmic package still segfaults. I applied the change per message #10 below, and it fixed the problem.

Changed in gtkterm (Ubuntu):
status:	Fix Released → New

Michael Bienia (geser) on 2009-12-05

Changed in gtkterm (Ubuntu):
assignee:	Michael Bienia (geser) → nobody

Fabrice Coutadeur (fabricesp) on 2009-12-12

Changed in gtkterm (Ubuntu):
assignee:	nobody → Fabrice Coutadeur (fabricesp)
status:	New → In Progress

Fabrice Coutadeur (fabricesp) on 2009-12-12

Changed in gtkterm (Ubuntu):
assignee:	Fabrice Coutadeur (fabricesp) → nobody
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-12-12:

#13

This bug was fixed in the package gtkterm - 0.99.5-1ubuntu4

---------------
gtkterm (0.99.5-1ubuntu4) lucid; urgency=low

  * 02_ubuntu_segfault.patch: fix the length of the written buffer in
    src/widget.c to include the null termination of the string iand fix a
    segfault (LP: #60400). Thanks to sdaau (https://launchpad.net/~sd-imi) for
    the patch.
-- Fabrice Coutadeur <email address hidden> Sat, 12 Dec 2009 05:31:20 +0000