Bug#430630: Memory corruption due to update_trans_effect() using stale icon parameters

Tue Jun 26 06:29:25 UTC 2007

Package: gnome-session
Version: 2.18.2-1
Severity: important
Tags: patch

Since the upgrade to 2.18, I had been plagued by gnome-session hanging
on startup of any 'non-trivial' session. Attaching gdb showed the hang
to be a deadlock because it crashed somewhere inside the glibc memory
management code, and the signal handler tried to use memory management
functions as well, so it hung waiting for the glibc internal memory
management mutex.

After a long debugging session chasing countless red herrings, I finally
tracked down the cause of the crash. update_trans_effect could end up
using stale icon dimensions, so it would write beyond the end of the
memory allocated for the pixel data. The attached patch fixes this.

--- System information. ---
Architecture: powerpc
Kernel:       Linux 2.6.21-1-powerpc

Debian Release: lenny/sid
  500 unstable        mirror.switch.ch 
  500 stable          security.debian.org 
  102 experimental    ftp.ch.debian.org 

--- Package information. ---
Depends                      (Version) | Installed
======================================-+-==============
libatk1.0-0                (>= 1.13.2) | 1.18.0-2
libbonobo2-0               (>= 2.15.0) | 2.18.0-2
libc6                       (>= 2.5-5) | 2.5-11
libdbus-1-3                  (>= 0.94) | 1.1.1-1
libdbus-glib-1-2             (>= 0.73) | 0.73-2
libesd0                   (>= 0.2.35)  | 
 OR libesd-alsa0           (>= 0.2.35) | 0.2.36-3
libgconf2-4                (>= 2.13.5) | 2.18.0.1-3
libglib2.0-0               (>= 2.12.9) | 2.12.12-1
libgnome-desktop-2         (>= 2.11.1) | 2.18.2-1
libgnome-keyring0             (>= 0.8) | 0.8.1-2
libgnome2-0                (>= 2.17.3) | 2.18.0-4
libgnomeui-0               (>= 2.17.1) | 2.18.1-2
libgtk2.0-0                (>= 2.10.3) | 2.10.13-1
libice6                   (>= 1:1.0.0) | 1:1.0.3-2
liborbit2                (>= 1:2.14.1) | 1:2.14.7-0.1
libpango1.0-0              (>= 1.16.4) | 1.16.4-1
libsm6                                 | 2:1.0.3-1
libwrap0                               | 7.6.dbs-13
libx11-6                               | 2:1.1.2-1
libxau6                                | 1:1.0.3-2
libxrandr2                (>= 2:1.2.0) | 2:1.2.1-1
gconf2                   (>= 2.12.1-1) | 2.18.0.1-3
gnome-control-center       (>= 1:2.18) | 1:2.18.1-1
gnome-control-center       (<< 1:2.19) | 1:2.18.1-1

-- 
Earthling Michel Dänzer           |          http://tungstengraphics.com
Libre software enthusiast         |          Debian, X and DRI developer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: splash-widget.c.diff
Type: text/x-patch
Size: 3874 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20070626/adb3d0f3/attachment-0001.bin 