xorg-server-X11R7 : os/access.c : Segmentation Fault in ConvertAddr

lorenzo.delana at tiscali.it lorenzo.delana at tiscali.it
Tue Jan 10 18:31:34 PST 2006 

When I start X having the only network interfaces
  eth0 , lo
all works fine.

If I start X having also the ppp0 interface up I got segmentation fault
as reported below. ( my platform is x86_64-unknown-linux-gnu )

================================
/usr/src/X11R7.0.1/xserver/xorg-server-X11R7.0-1.0.1# gdb ./hw/xfree86/Xorg
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu"...Using host libthread_db
library "/lib64/libthread_db.so.1".

(gdb) r
Starting program: /usr/src/X11R7.0.1/xserver/xorg-server-X11R7.0-1.0.1/hw/xfree8
6/Xorg

Program received signal SIGSEGV, Segmentation fault.
0x00000000006001a2 in ConvertAddr (saddr=0x0, len=0x7fffffd7eec4,
    addr=0x7fffffd7eeb8) at access.c:1861
1861        switch (saddr->sa_family)
(gdb) l
1856        int                         *len,
1857        pointer                     *addr)
1858    {
1859        if (*len == 0)
1860            return (FamilyLocal);
1861        switch (saddr->sa_family)
1862        {
1863        case AF_UNSPEC:
1864    #if defined(UNIXCONN) || defined(LOCALCONN) || defined(OS2PIPECONN)
1865        case AF_UNIX:
(gdb) backtrace
#0  0x00000000006001a2 in ConvertAddr (saddr=0x0, len=0x7fffffa05e04,
    addr=0x7fffffa05df8) at access.c:1861
#1  0x00000000005fec0e in DefineSelf (fd=1) at access.c:983
#2  0x0000000000601c56 in CreateWellKnownSockets () at connection.c:432
#3  0x00000000004320d0 in main ()
(gdb)

==============================

ConvertAddr was called by DefineSelf with saddr=0x0
ConvertAddr actually assume saddr != 0 implicitly!
but my situation demonstrate that saddr can be ==0x0 causing
a Segmentation Fault in the program;

I don't know because DefineSelf generate a NULL pointer if I have the ppp0
interface
up, but in any case ConvertAddr remains insecure in respect of its `saddr'
argument,

at least an assert can avoid the Segmentation Fault with the advantage of
getting an Abort with the sourcecode line reported also for stripped binary.

access:444: (in fn DefineSelf):
  family = ConvertAddr (IA_SIN(&ifaddr), &len, (pointer *)&addr);


lorenzo


_________________________________________________________________
TISCALI ADSL Web&Mail
Solo con Tiscali Adsl navighi e telefoni senza canone Telecom a partire da
14,95 Euro/mese. Attivala subito!
Per te 500 MB inclusi per navigare, inviare e ricevere messaggi e-mail, foto
ed mp3.
http://abbonati.tiscali.it/adsl/sa/2wam_tc/

More information about the xorg mailing list