From nobody@FreeBSD.org  Mon Dec  1 08:29:48 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 019261065676
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  1 Dec 2008 08:29:48 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id DCD1F8FC1B
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  1 Dec 2008 08:29:47 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id mB18TlgM059678
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 1 Dec 2008 08:29:47 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id mB18TlKA059677;
	Mon, 1 Dec 2008 08:29:47 GMT
	(envelope-from nobody)
Message-Id: <200812010829.mB18TlKA059677@www.freebsd.org>
Date: Mon, 1 Dec 2008 08:29:47 GMT
From: "G. Paul Ziemba" <p-fbsd-bugs@ziemba.us>
To: freebsd-gnats-submit@FreeBSD.org
Subject: x11-clocks/asclock dies due to buffer overrun at startup 
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         129326
>Category:       ports
>Synopsis:       x11-clocks/asclock dies due to buffer overrun at startup
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    dinoex
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 01 08:30:01 UTC 2008
>Closed-Date:    Thu Dec 04 22:18:36 CET 2008
>Last-Modified:  Thu Dec 04 22:18:36 CET 2008
>Originator:     G. Paul Ziemba
>Release:        7.1-PRERELEASE
>Organization:
>Environment:
FreeBSD hairball.ziemba.us 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #0: Tue Nov 18 13:50:14 PST 2008     root@hairball:/usr/obj/usr/src/sys/GPZ-081118  i386
>Description:
asclock dies immediately with error "not enough free color cells"
>How-To-Repeat:
$ asclock
not enough free color cells
$
>Fix:
"not enough free color cells" is erroneously printed for any error returned by XpmCreatePixmapFromData, e.g., corrupt xpm data.

The actual cause of the error in this case was a buffer overrun when constructing the LED pixmap data.

Attached patch addresses several things:
1 - buffer overrun
2 - simplified bizarre method of printing with format %04X
3 - error messages match actual errors from XpmCreatePixmapFromData
4 - missing error test for one call to XpmCreatePixmapFromData


Patch attached with submission follows:

--- asclock.c
+++ work/asclock/asclock.c	2008-11-30 23:32:41.000000000 -0800
@@ -302,8 +302,8 @@
   static char **clock_xpm;
   XColor col;
   XWindowAttributes attributes;
-  char led1[22];
-  char led2[22];
+  char led1[64];
+  char led2[64];
   int ret;
 
   clock_xpm =ONLYSHAPE ? mask_xpm : clk_xpm;
@@ -317,51 +317,49 @@
       nocolor("parse",LedColor);
     }
 
-  sprintf(&led1[0], ".      c #%4X%4X%4X", col.red, col.green, col.blue);
-  for(ret=10;ret<22;ret++)
-    if(led1[ret]==' ') led1[ret]='0';
-  led_xpm[2] = &led1[0];
+  sprintf(led1, ".      c #%04X%04X%04X", col.red, col.green, col.blue);
+  led_xpm[2] = led1;
 
   col.red   = (col.red  /10) *3;
   col.green = (col.green/10) *3;
   col.blue  = (col.blue /10) *3;
-  sprintf(&led2[0], "X      c #%4X%4X%4X", col.red, col.green, col.blue);
-  for(ret=10;ret<22;ret++)
-    if(led2[ret]==' ') led2[ret]='0';
-  led_xpm[3] = &led2[0];
+  sprintf(led2, "X      c #%04X%04X%04X", col.red, col.green, col.blue);
+  led_xpm[3] = led2;
 
   asclock.attributes.valuemask |= (XpmReturnPixels | XpmReturnExtensions);
   ret = XpmCreatePixmapFromData(dpy, Root, clock_xpm, &asclock.pixmap, 
 				&asclock.mask, &asclock.attributes);
   if(ret != XpmSuccess)
-    {fprintf(stderr, ERR_colorcells);exit(1);}
+    {fprintf(stderr, "1: %s\n", XpmGetErrorString(ret));exit(1);}
   visible.attributes.valuemask |= (XpmReturnPixels | XpmReturnExtensions);
   ret = XpmCreatePixmapFromData(dpy, Root, clk_xpm, &visible.pixmap, 
 				&visible.mask, &visible.attributes);
+  if(ret != XpmSuccess)
+    {fprintf(stderr, "2: %s\n", XpmGetErrorString(ret));exit(1);}
 
   led.attributes.valuemask |= (XpmReturnPixels | XpmReturnExtensions);
   ret = XpmCreatePixmapFromData(dpy, Root, led_xpm, &led.pixmap, 
 				&led.mask, &led.attributes);
   if(ret != XpmSuccess)
-    {fprintf(stderr, ERR_colorcells);exit(1);}
+    {fprintf(stderr, "3: %s\n", XpmGetErrorString(ret));exit(1);}
 
   month.attributes.valuemask |= (XpmReturnPixels | XpmReturnExtensions);
   ret = XpmCreatePixmapFromData(dpy, Root, month_xpm, &month.pixmap, 
 				&month.mask, &month.attributes);
   if(ret != XpmSuccess)
-    {fprintf(stderr, ERR_colorcells);exit(1);}
+    {fprintf(stderr, "4: %s\n", XpmGetErrorString(ret));exit(1);}
 
   date.attributes.valuemask |= (XpmReturnPixels | XpmReturnExtensions);
   ret = XpmCreatePixmapFromData(dpy, Root, date_xpm, &date.pixmap, 
 				&date.mask, &date.attributes);
   if(ret != XpmSuccess)
-    {fprintf(stderr, ERR_colorcells);exit(1);}
+    {fprintf(stderr, "5: %s\n", XpmGetErrorString(ret));exit(1);}
 
   weekday.attributes.valuemask |= (XpmReturnPixels | XpmReturnExtensions);
   ret = XpmCreatePixmapFromData(dpy, Root, weekday_xpm, &weekday.pixmap, 
 				&weekday.mask, &weekday.attributes);
   if(ret != XpmSuccess)
-    {fprintf(stderr, ERR_colorcells);exit(1);}
+    {fprintf(stderr, "6: %s\n", XpmGetErrorString(ret));exit(1);}
 }
 /****************************************************************************/
 /* Removes expose events for a specific window from the queue */


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->dinoex 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Mon Dec 1 08:30:11 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=129326 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/129326: commit references a PR
Date: Thu,  4 Dec 2008 20:57:57 +0000 (UTC)

 dinoex      2008-12-04 20:57:48 UTC
 
   FreeBSD ports repository
 
   Modified files:
     x11-clocks/asclock   Makefile 
   Added files:
     x11-clocks/asclock/files patch-color 
   Log:
   - fix buffer overrun at startup
   PR:             129326
   Submitted by:   G. Paul Ziemba
   
   Revision  Changes    Path
   1.23      +1 -1      ports/x11-clocks/asclock/Makefile
   1.1       +76 -0     ports/x11-clocks/asclock/files/patch-color (new)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: dinoex 
State-Changed-When: Thu Dec 4 22:18:22 CET 2008 
State-Changed-Why:  
committed, thanks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=129326 
>Unformatted:
