Bug 94378

Summary: piewm: (malloc) Corrupted redzone 1 byte after 0xa00cbe0 (size 41) (0x0)
Product: Ports & Packages Reporter: david
Component: Individual Port(s)Assignee: Sam Lawrance <lawrance>
Status: Closed FIXED    
Severity: Affects Only Me CC: ports
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description david 2006-03-12 03:10:25 UTC 
piewm uses m4 in parsing its configuration file.  Before it does so, it
creates a temporary file of definitions.  It does this in the MkDef()
function in parse.c.

In creating the definition lines, it tries to only allocate as much
memory as necessary.

However, there is an off-by-one error; I believe that when the
routine was coded the trailing NUL character for the strings in
question was overlooked.  (There is code to "pad" the allocation
for known "extra" characters that will be needed.  It's just a
little smaller than it needs to be.)

By default, FreeBSD 7-CURRENT (as of this time) has code enabled to
identify "red zone corruption;" in this case, it's a matter of an
attempt to write on storage that was not allocated.

One symptom is the message:
piewm: (malloc) Corrupted redzone 1 byte after 0xa00cbe0 (size 41) (0x0)

Another is that the window manager is not, in fact, functional.

It would be extremely cool if we could get this simple fix in before
the ports tree is completely frozen for the 6.1 release.

And my thanks to Jason for providing the hints for me to be able to
finally(!) track this bug down and squash it.

And I am presently using the patched version; it does work.

How-To-Repeat: Install ports/x11-wm/piewm, then run it.
Comment 1 david 2006-03-14 17:34:58 UTC 
Looks as if there should be an updated source tarball soon, if not
already.

----- Forwarded message from Russell Nelson <nelson@crynwr.com> -----

From: Russell Nelson <nelson@crynwr.com>
Date: Tue, 14 Mar 2006 10:58:53 -0500
To: David Wolfskill <david@catwhisker.org>
Subject: Re: Off-by-one bug in piewm -- interested?

Thanks!  Fixed.
-russ

David Wolfskill writes:
 > 
 > I filed a PR with the FreeBSD ports folks Saturday (11 March), but the
 > bug appears to be in tghe sources for piewm itself (rather than the
 > "port" gunk thatt FreeBSD uses to build 3rd-party applications), and a
 > colleague at work -- who also uses piewm -- mentioned that you might
 > have an interest in the fix.
 > 
 > Since the PR includes the (nearly trivial) fix, I'll direct you to
 > <http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/94378> for the
 > explanation & unidiff-formatted patch.
 > 
 > Succinctly, the #define for EXTRA in parse.c needs to be (at least) 12,
 > rather than 11 -- it's an off-by-one error in calculating how much
 > memory will be needed for creating a line of m4 input.
 > 
 > Turns out that tvtwm doesn't have the problem:  although tvtwm also
 > spits out the "dnl" token (which was intentionally omitted for piewm),
 > tvtwm's EXTRA is 15.  Looks as if someone got a touch over-zealous with
 > respect to trying to ensure that piewm didn't allocate more memory than
 > necessary.
 > 
 > Peace,
 > david
 > -- 
 > David H. Wolfskill				david@catwhisker.org
 > Mail filters, like sewers, need to be most restrictive at the point of entry.
 > 
 > See http://www.catwhisker.org/~david/publickey.gpg for my public key.

----- End forwarded message -----

Peace,
david
-- 
David H. Wolfskill				david@catwhisker.org
Mail filters, like sewers, need to be most restrictive at the point of entry.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.
Comment 2 Sam Lawrance freebsd_committer freebsd_triage 2006-04-16 01:41:20 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->lawrance

Handling it.
Comment 3 Sam Lawrance freebsd_committer freebsd_triage 2006-04-16 02:33:41 UTC 
State Changed
From-To: open->closed

piewm bumped to fixed version 1.04. Thanks!