ubuntu-x-swat team mailing list archive

Thread
Date
[Bug 792642] [NEW] xcutsel Buffer Overflow

To: ubuntu-x-swat@xxxxxxxxxxxxxxxxxxx
From: Emanuel Bronshtein <792642@xxxxxxxxxxxxxxxxxx>
Date: Sat, 04 Jun 2011 00:44:42 -0000
Reply-to: Bug 792642 <792642@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

Binary package hint: x11-apps

when /usr/bin/xcutsel get 83 characters or more from -selection option
it crash with "buffer overflow detected".

test case :
emanuel@emanuel-desktop:/tmp$ xcutsel  -selection `python -c "print 'A'*10000"`
*** buffer overflow detected ***: xcutsel terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x50)[0xb1adf0]
/lib/i386-linux-gnu/libc.so.6(+0xe4cca)[0xb19cca]
/lib/i386-linux-gnu/libc.so.6(+0xe43c8)[0xb193c8]
/lib/i386-linux-gnu/libc.so.6(_IO_default_xsputn+0x95)[0xa9e7e5]
/lib/i386-linux-gnu/libc.so.6(_IO_vfprintf+0x2b06)[0xa74c66]
/lib/i386-linux-gnu/libc.so.6(__vsprintf_chk+0xad)[0xb1947d]
/lib/i386-linux-gnu/libc.so.6(__sprintf_chk+0x2d)[0xb193bd]
xcutsel[0x804940c]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0xa4be37]
xcutsel[0x8048c51]
======= Memory map: ========
00110000-00165000 r-xp 00000000 08:01 4391       /usr/lib/libXaw7.so.7.0.0
00165000-00166000 r--p 00054000 08:01 4391       /usr/lib/libXaw7.so.7.0.0
00166000-0016c000 rw-p 00055000 08:01 4391       /usr/lib/libXaw7.so.7.0.0
0016c000-0016d000 rw-p 00000000 00:00 0 
0016d000-0018e000 r-xp 00000000 08:01 5252       /usr/lib/libxkbfile.so.1.0.2
0018e000-0018f000 r--p 00020000 08:01 5252       /usr/lib/libxkbfile.so.1.0.2
0018f000-00190000 rw-p 00021000 08:01 5252       /usr/lib/libxkbfile.so.1.0.2
00190000-00192000 r-xp 00000000 08:01 260950     /lib/i386-linux-gnu/libdl-2.13.so
00192000-00193000 r--p 00001000 08:01 260950     /lib/i386-linux-gnu/libdl-2.13.so
00193000-00194000 rw-p 00002000 08:01 260950     /lib/i386-linux-gnu/libdl-2.13.so
00194000-00197000 r-xp 00000000 08:01 261021     /lib/i386-linux-gnu/libuuid.so.1.3.0
00197000-00198000 r--p 00002000 08:01 261021     /lib/i386-linux-gnu/libuuid.so.1.3.0
00198000-00199000 rw-p 00003000 08:01 261021     /lib/i386-linux-gnu/libuuid.so.1.3.0
00199000-001a1000 r-xp 00000000 08:01 7134       /usr/lib/i386-linux-gnu/libXrender.so.1.3.0
001a1000-001a2000 r--p 00007000 08:01 7134       /usr/lib/i386-linux-gnu/libXrender.so.1.3.0
001a2000-001a3000 rw-p 00008000 08:01 7134       /usr/lib/i386-linux-gnu/libXrender.so.1.3.0
001a3000-001a7000 r-xp 00000000 08:01 7124       /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0
001a7000-001a8000 r--p 00003000 08:01 7124       /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0
001a8000-001a9000 rw-p 00004000 08:01 7124       /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0
001a9000-001c3000 r-xp 00000000 08:01 260968     /lib/i386-linux-gnu/libgcc_s.so.1
001c3000-001c4000 r--p 00019000 08:01 260968     /lib/i386-linux-gnu/libgcc_s.so.1
001c4000-001c5000 rw-p 0001a000 08:01 260968     /lib/i386-linux-gnu/libgcc_s.so.1
004f9000-00508000 r-xp 00000000 08:01 4401       /usr/lib/libXpm.so.4.11.0
00508000-00509000 r--p 0000e000 08:01 4401       /usr/lib/libXpm.so.4.11.0
00509000-0050a000 rw-p 0000f000 08:01 4401       /usr/lib/libXpm.so.4.11.0
00531000-00535000 r-xp 00000000 08:01 7120       /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0
00535000-00536000 r--p 00003000 08:01 7120       /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0
00536000-00537000 rw-p 00004000 08:01 7120       /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0
0065a000-00662000 r-xp 00000000 08:01 7116       /usr/lib/i386-linux-gnu/libXcursor.so.1.0.2
00662000-00663000 r--p 00007000 08:01 7116       /usr/lib/i386-linux-gnu/libXcursor.so.1.0.2
00663000-00664000 rw-p 00008000 08:01 7116       /usr/lib/i386-linux-gnu/libXcursor.so.1.0.2
00803000-00919000 r-xp 00000000 08:01 7110       /usr/lib/i386-linux-gnu/libX11.so.6.3.0
00919000-0091a000 ---p 00116000 08:01 7110       /usr/lib/i386-linux-gnu/libX11.so.6.3.0
0091a000-0091b000 r--p 00116000 08:01 7110       /usr/lib/i386-linux-gnu/libX11.so.6.3.0
0091b000-0091d000 rw-p 00117000 08:01 7110       /usr/lib/i386-linux-gnu/libX11.so.6.3.0
0091d000-0091e000 rw-p 00000000 00:00 0 
00976000-0098d000 r-xp 00000000 08:01 7260       /usr/lib/i386-linux-gnu/libxcb.so.1.1.0
0098d000-0098e000 r--p 00016000 08:01 7260       /usr/lib/i386-linux-gnu/libxcb.so.1.1.0
0098e000-0098f000 rw-p 00017000 08:01 7260       /usr/lib/i386-linux-gnu/libxcb.so.1.1.0
009b1000-009b2000 r-xp 00000000 00:00 0          [vdso]
009bb000-009c8000 r-xp 00000000 08:01 7122       /usr/lib/i386-linux-gnu/libXext.so.6.4.0
009c8000-009c9000 r--p 0000c000 08:01 7122       /usr/lib/i386-linux-gnu/libXext.so.6.4.0
009c9000-009ca000 rw-p 0000d000 08:01 7122       /usr/lib/i386-linux-gnu/libXext.so.6.4.0
00a0a000-00a26000 r-xp 00000000 08:01 260927     /lib/i386-linux-gnu/ld-2.13.so
00a26000-00a27000 r--p 0001b000 08:01 260927     /lib/i386-linux-gnu/ld-2.13.so
00a27000-00a28000 rw-p 0001c000 08:01 260927     /lib/i386-linux-gnu/ld-2.13.so
00a35000-00b8f000 r-xp 00000000 08:01 260940     /lib/i386-linux-gnu/libc-2.13.so
00b8f000-00b90000 ---p 0015a000 08:01 260940     /lib/i386-linux-gnu/libc-2.13.so
00b90000-00b92000 r--p 0015a000 08:01 260940     /lib/i386-linux-gnu/libc-2.13.so
00b92000-00b93000 rw-p 0015c000 08:01 260940     /lib/i386-linux-gnu/libc-2.13.so
00b93000-00b96000 rw-p 00000000 00:00 0 
00bb3000-00bb5000 r-xp 00000000 08:01 7112       /usr/lib/i386-linux-gnu/libXau.so.6.0.0
00bb5000-00bb6000 r--p 00001000 08:01 7112       /usr/lib/i386-linux-gnu/libXau.so.6.0.0
00bb6000-00bb7000 rw-p 00002000 08:01 7112       /usr/lib/i386-linux-gnu/libXau.so.6.0.0
00c2b000-00c31000 r-xp 00000000 08:01 7106       /usr/lib/i386-linux-gnu/libSM.so.6.0.1
00c31000-00c32000 r--p 00005000 08:01 7106       /usr/lib/i386-linux-gnu/libSM.so.6.0.1
00c32000-00c33000 rw-p 00006000 08:01 7106       /usr/lib/i386-linux-gnu/libSM.so.6.0.1
00c79000-00c8d000 r-xp 00000000 08:01 4395       /usr/lib/libXmu.so.6.2.0
00c8d000-00c8e000 r--p 00014000 08:01 4395       /usr/lib/libXmu.so.6.2.0
00c8e000-00c8f000 rw-p 00015000 08:01 4395       /usr/lib/libXmu.so.6.2.0
00cda000-00d28000 r-xp 00000000 08:01 7136       /usr/lib/i386-linux-gnu/libXt.so.6.0.0
00d28000-00d29000 r--p 0004d000 08:01 7136       /usr/lib/i386-linux-gnu/libXt.so.6.0.0
00d29000-00d2c000 rw-p 0004e000 08:01 7136       /usr/lib/i386-linux-gnu/libXt.so.6.0.0
00e12000-00e26000 r-xp 00000000 08:01 7104       /usr/lib/i386-linux-gnu/libICE.so.6.3.0
00e26000-00e27000 r--p 00013000 08:01 7104       /usr/lib/i386-linux-gnu/libICE.so.6.3.0
00e27000-00e28000 rw-p 00014000 08:01 7104       /usr/lib/i386-linux-gnu/libICE.so.6.3.0
00e28000-00e2a000 rw-p 00000000 00:00 0 
08048000-0804a000 r-xp 00000000 08:01 2067       /usr/bin/xcutsel
0804a000-0804b000 r--p 00001000 08:01 2067       /usr/bin/xcutsel
0804b000-0804c000 rw-p 00002000 08:01 2067       /usr/bin/xcutsel
08c26000-08c69000 rw-p 00000000 00:00 0          [heap]
b7635000-b7835000 r--p 00000000 08:01 10267      /usr/lib/locale/locale-archive
b7835000-b783a000 rw-p 00000000 00:00 0 
b7850000-b7851000 r--p 002a1000 08:01 10267      /usr/lib/locale/locale-archive
b7851000-b7853000 rw-p 00000000 00:00 0 
bf836000-bf85a000 rw-p 00000000 00:00 0          [stack]
Aborted

tested on :
Ubuntu 11.04 , x11-apps package version : 7.6+4ubuntu2

** Affects: x11-apps (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to x11-apps in Ubuntu.
https://bugs.launchpad.net/bugs/792642

Title:
  xcutsel Buffer Overflow
Follow ups

[Bug 792642] Re: xcutsel Buffer Overflow
From: Kees Cook, 2011-07-19
[Bug 792642] Re: xcutsel Buffer Overflow
From: Kees Cook, 2011-07-08
[Bug 792642] Re: xcutsel Buffer Overflow
From: Kees Cook, 2011-07-08
[Bug 792642] [NEW] xcutsel Buffer Overflow
From: Emanuel Bronshtein, 2011-06-04
References

[Bug 792642] [NEW] xcutsel Buffer Overflow
From: Emanuel Bronshtein, 2011-06-04