Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Bad Bug in XFree86 4.0.2

Bad Bug in XFree86 4.0.2

by platon on February 26th, 2001 A new bug in XFree86 4.0.2. Taken from the BT mailing list...


----- Original Message -----
From: "Wolfgang Wieser"
To:
Sent: Sunday, February 25, 2001 11:41 AM
Subject: Bad Bug in XFree86 4.0.2


> While originally looking for bugs in KDE 2.1, I found a severe bug in
> XFree86 4.0.2. (server crash; possibly even exploitable remotely)
>
> I just can't figure out which function causes it (gdb reports an address
but
> cannot resolve the function although debugging symbols were compiled in.)
> And I do not know which client-side action (Xlib function call) provokes
the
> bug. (Help appreciated.)
>
> Here is how to reproduce it:
> (Please try out and drop me some feedback;
> XFree86 < 4.0.0 does not seem to be affected.)
>
> - Load konqueror (I'm doing this with konqueror 2.1 and
> fvwm as windowmanager).
> - Insert 1024 `a' in a text editor (I'm using NEdit).
> - Select the 1024 `a' (without tailing newline).
> - Press the middle mouse button in konqueror's location bar
> four times (be sure not to perform a double-click).
> - Now, Press the `Pos1' or `Home' key to get to the beginning of
> the location bar, then press the right arrow to get one letter rigt
> (maybe not necessary).
> - Now paste again two times the `a's using the middle mouse button.
> - Now press the `End'-key (the one doing the opposite of the `Home'
> key) to get to the end of the location bar's text again.
>
> This causes my XFree86-4.0.2 to catch a SIGSEGV and it exits
> (cleaning up the terminal without problems so you just have to
> start it again). I've done this frequently in the last day and it worked
> always. It may even work with fewer characters; didn't test that.
>
> Regards,
> wwieser
>
> --
> /" | Wolfgang
> / ASCII Ribbon Campaign | Wieser
> X Against HTML Mail |
> / |

> Some operating systems are called ``user friendly''.
> Linux, however, is ``expert friendly''.
>


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »