Home » Hacking News » Bad Bug in XFree86 4.0.2

Bad Bug in XFree86 4.0.2

by platon on February 26th, 2001 A new bug in XFree86 4.0.2. Taken from the BT mailing list...

----- Original Message -----
From: "Wolfgang Wieser"
Sent: Sunday, February 25, 2001 11:41 AM
Subject: Bad Bug in XFree86 4.0.2

> While originally looking for bugs in KDE 2.1, I found a severe bug in
> XFree86 4.0.2. (server crash; possibly even exploitable remotely)
> I just can't figure out which function causes it (gdb reports an address
> cannot resolve the function although debugging symbols were compiled in.)
> And I do not know which client-side action (Xlib function call) provokes
> bug. (Help appreciated.)
> Here is how to reproduce it:
> (Please try out and drop me some feedback;
> XFree86 < 4.0.0 does not seem to be affected.)
> - Load konqueror (I'm doing this with konqueror 2.1 and
> fvwm as windowmanager).
> - Insert 1024 `a' in a text editor (I'm using NEdit).
> - Select the 1024 `a' (without tailing newline).
> - Press the middle mouse button in konqueror's location bar
> four times (be sure not to perform a double-click).
> - Now, Press the `Pos1' or `Home' key to get to the beginning of
> the location bar, then press the right arrow to get one letter rigt
> (maybe not necessary).
> - Now paste again two times the `a's using the middle mouse button.
> - Now press the `End'-key (the one doing the opposite of the `Home'
> key) to get to the end of the location bar's text again.
> This causes my XFree86-4.0.2 to catch a SIGSEGV and it exits
> (cleaning up the terminal without problems so you just have to
> start it again). I've done this frequently in the last day and it worked
> always. It may even work with fewer characters; didn't test that.
> Regards,
> wwieser
> --
> /" | Wolfgang
> / ASCII Ribbon Campaign | Wieser
> X Against HTML Mail |
> / |

> Some operating systems are called ``user friendly''.
> Linux, however, is ``expert friendly''.

