Bug 390283

Summary: xfig crashes with a buffer overflow message when zooming out
Product: [openSUSE] openSUSE 10.3 Reporter: Andreas Ehliar <ehliar>
Component: X11 ApplicationsAssignee: Dr. Werner Fink <werner>
Status: RESOLVED FIXED QA Contact: Stefan Dirsch <sndirsch>
Severity: Minor    
Priority: P5 - None    
Version: Final   
Target Milestone: ---   
Hardware: i686   
OS: openSUSE 10.3   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Ehliar 2008-05-14 14:36:31 UTC 
To reproduce: open xfig (no need to open any particular file, an empty window is ok)

Zoom out a couple of times (holding lower case 'z' is a good way to do this) (less than 10 presses of z is enough to trigger the bug in my case)

xfig crashes with the following message:
ehliar@sabor:~> xfig
*** buffer overflow detected ***: /usr/bin/xfig terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0xb7cbb3b1]
/lib/libc.so.6[0xb7cbab98]
/lib/libc.so.6(_IO_default_xsputn+0xb7)[0xb7c4ab97]
/lib/libc.so.6(_IO_vfprintf+0x37b7)[0xb7c25c97]
/lib/libc.so.6(__vsprintf_chk+0xad)[0xb7cbac4d]
/lib/libc.so.6(__sprintf_chk+0x30)[0xb7cbab80]
/usr/bin/xfig[0x80f0d4c]
/usr/bin/xfig[0x80f170b]
/usr/bin/xfig[0x80d67c5]
/usr/lib/libXt.so.6(XtCallCallbacks+0x107)[0xb7ea1777]
/usr/lib/libXaw3d.so.8[0xb7f1b7b4]
/usr/lib/libXaw3d.so.8[0xb7f19959]
/usr/lib/libXt.so.6[0xb7ed7459]
/usr/lib/libXt.so.6[0xb7ed783a]
/usr/lib/libXt.so.6(_XtTranslateEvent+0x5f3)[0xb7ed7e43]
/usr/lib/libXt.so.6(XtDispatchEventToWidget+0x4c7)[0xb7eaf647]
/usr/lib/libXt.so.6[0xb7eafe36]
/usr/lib/libXt.so.6(XtDispatchEvent+0xaa)[0xb7eaecca]
/usr/bin/xfig[0x80862fd]
/lib/libc.so.6(__libc_start_main+0xe0)[0xb7bfbfe0]
/usr/bin/xfig[0x804da91]
======= Memory map: ========
08048000-0813a000 r-xp 00000000 08:07 1937301    /usr/bin/xfig.bin
0813a000-08157000 rw-p 000f1000 08:07 1937301    /usr/bin/xfig.bin
08157000-0827b000 rw-p 08157000 00:00 0          [heap]
b7b9a000-b7ba4000 r-xp 00000000 08:07 1474653    /lib/libgcc_s.so.1
b7ba4000-b7ba6000 rw-p 00009000 08:07 1474653    /lib/libgcc_s.so.1
b7ba6000-b7baa000 r-xp 00000000 08:07 1920741    /usr/lib/libXfixes.so.3.1.0
b7baa000-b7bac000 rw-p 00003000 08:07 1920741    /usr/lib/libXfixes.so.3.1.0
b7bac000-b7bb3000 r-xp 00000000 08:07 1920743    /usr/lib/libXrender.so.1.3.0
b7bb3000-b7bb5000 rw-p 00006000 08:07 1920743    /usr/lib/libXrender.so.1.3.0
b7bb5000-b7bbd000 r-xp 00000000 08:07 1921415    /usr/lib/libXcursor.so.1.0.2
b7bbd000-b7bbf000 rw-p 00007000 08:07 1921415    /usr/lib/libXcursor.so.1.0.2
b7bbf000-b7bc1000 rw-p b7bbf000 00:00 0 
b7bc1000-b7bc3000 r-xp 00000000 08:07 1474578    /lib/libdl-2.6.1.so
b7bc3000-b7bc5000 rw-p 00001000 08:07 1474578    /lib/libdl-2.6.1.so
b7bc5000-b7bdc000 r-xp 00000000 08:07 1920495    /usr/lib/libxcb.so.1.0.0
b7bdc000-b7bde000 rw-p 00016000 08:07 1920495    /usr/lib/libxcb.so.1.0.0
b7bde000-b7bdf000 rw-p b7bde000 00:00 0 
b7bdf000-b7be0000 r-xp 00000000 08:07 1920485    /usr/lib/libxcb-xlib.so.0.0.0
b7be0000-b7be2000 rw-p 00000000 08:07 1920485    /usr/lib/libxcb-xlib.so.0.0.0
b7be2000-b7be4000 r-xp 00000000 08:07 1920380    /usr/lib/libXau.so.6.0.0
b7be4000-b7be6000 rw-p 00001000 08:07 1920380    /usr/lib/libXau.so.6.0.0
b7be6000-b7d13000 r-xp 00000000 08:07 1474572    /lib/libc-2.6.1.so
b7d13000-b7d14000 r--p 0012c000 08:07 1474572    /lib/libc-2.6.1.so
b7d14000-b7d16000 rw-p 0012d000 08:07 1474572    /lib/libc-2.6.1.so
b7d16000-b7d19000 rw-p b7d16000 00:00 0 
b7d19000-b7d3c000 r-xp 00000000 08:07 1474580    /lib/libm-2.6.1.so
b7d3c000-b7d3e000 rw-p 00022000 08:07 1474580    /lib/libm-2.6.1.so
b7d3e000-b7e55000 r-xp 00000000 08:07 1920625    /usr/lib/libX11.so.6.2.0
b7e55000-b7e59000 rw-p 00116000 08:07 1920625    /usr/lib/libX11.so.6.2.0
b7e59000-b7e5a000 rw-p b7e59000 00:00 0 
b7e5a000-b7e67000 r-xp 00000000 08:07 1920739    /usr/lib/libXext.so.6.4.0
b7e67000-b7e69000 rw-p 0000c000 08:07 1920739    /usr/lib/libXext.so.6.4.0
b7e69000-b7e70000 r-xp 00000000 08:07 1920889    /usr/lib/libXp.so.6.2.0
b7e70000-b7e72000 rw-p 00006000 08:07 1920889    /usr/lib/libXp.so.6.2.0
b7e72000-b7e87000 r-xp 00000000 08:07 1920378    /usr/lib/libICE.so.6.3.0
b7e87000-b7e89000 rw-p 00014000 08:07 1920378    /usr/lib/libICE.so.6.3.0
b7e89000-b7e8b000 rw-p b7e89000 00:00 0 
b7e8b000-b7e92000 r-xp 00000000 08:07 1920450    /usr/lib/libSM.so.6.0.0
b7e92000-b7e94000 rw-p 00006000 08:07 1920450    /usr/lib/libSM.so.6.0.0
b7e94000-b7ee1000 r-xp 00000000 08:07 1920745    /usr/lib/libXt.so.6.0.0
b7ee1000-b7ee5000 rw-p 0004d000 08:07 1920745    /usr/lib/libXt.so.6.0.0
b7ee5000-b7efa000 r-xp 00000000 08:07 1920885    /usr/lib/libXmu.so.6.2.0
b7efa000-b7efc000 rw-p 00014000 08:07 1920885    /usr/lib/libXmu.so.6.2.0
b7efc000-b7f40000 r-xp 00000000 08:07 1376519    /usr/lib/libXaw3d.so.8.0
b7f40000-b7f47000 rw-p 00043000 08:07 1376519    /usr/lib/libXaw3d.so.8.0
b7f47000-b7f4a000 rw-p b7f47000 00:00 0 
b7f4a000-b7f51000 r-xp 00000000 08:07 1921429    /usr/lib/libXi.so.6.0.0
b7f51000-b7f53000 rw-p 00006000 08:07 1921429    /usr/lib/libXi.so.6.0.0
b7f53000-b7f64000 r-xp 00000000 08:07 1474628    /lib/libz.so.1.2.3
b7f64000-b7f66000 rw-p 00010000 08:07 1474628    /lib/libz.so.1.2.3
b7f66000-b7f89000 r-xp 00000000 08:07 1920429    /usr/lib/libpng12.so.0.18.0
b7f89000-b7f8b000 rw-p 00022000 08:07 1920429    /usr/lib/libpng12.so.0.18.0
b7f8b000-b7f9a000 r-xp 00000000 08:07 1920883    /usr/lib/libXpm.so.4.11.0
b7f9a000-b7f9c000 rw-p 0000e000 08:07 1920883    /usr/lib/libXpm.so.4.11.0
b7f9c000-b7fba000 r-xp 00000000 08:07 1920248    /usr/lib/libjpeg.so.62.0.0
b7fba000-b7fbc000 rw-p 0001d000 08:07 1920248    /usr/lib/libjpeg.so.62.0.0
b7fdc000-b7fdd000 rw-p b7fdc000 00:00 0 
b7fdd000-b7ff7000 r-xp 00000000 08:07 1474666    /lib/ld-2.6.1.so
b7ff7000-b7ff9000 rw-p 0001a000 08:07 1474666    /lib/ld-2.6.1.so
bfe12000-bfe28000 rw-p bfe12000 00:00 0          [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]
Aborted



I can reproduce this at will on my machine. 

I'm using the xfig-3.2.5-25 package on my opensuse 10.3 based machine.
Comment 1 Dr. Werner Fink 2008-05-14 14:54:39 UTC 
All versions of xfig do this.  Question how do you have detected this
because most users are pressing the right mouse button for zoom in
and the middle mouse button for zoom out.  And with this it is very
unlikly to run into this overflow.
Comment 2 Andreas Ehliar 2008-05-14 15:52:27 UTC 
Hmm, I probably noticed this when I had zoomed in so much that I couldn't see anything in my figure and wanted to zoom out. Instead of using ctrl-z to "zoom fit", I just pressed 'z' too many times. Or perhaps I was just curious to see how far I could zoom out, I discovered this bug quite some time ago but haven't bothered to report it until now.

It is not a critical bug for me, I know that the bug exists and I think I have only triggered it a couple of times by mistake. Then again, someone who isn't aware of the bug could probably lose quite a lot of unsaved work by triggering this bug.
Comment 3 Dr. Werner Fink 2008-05-14 17:10:37 UTC 
found and fixed for next openSuSE release 11.0