From david@catwhisker.org  Sat Sep  7 20:47:18 2013
Return-Path: <david@catwhisker.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTP id 9363AFF5
	for <FreeBSD-gnats-submit@freebsd.org>; Sat,  7 Sep 2013 20:47:18 +0000 (UTC)
	(envelope-from david@catwhisker.org)
Received: from albert.catwhisker.org (mx.catwhisker.org [198.144.209.73])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 455A724B2
	for <FreeBSD-gnats-submit@freebsd.org>; Sat,  7 Sep 2013 20:47:17 +0000 (UTC)
Received: from albert.catwhisker.org (localhost [127.0.0.1])
	by albert.catwhisker.org (8.14.7/8.14.7) with ESMTP id r87KlGOS062663;
	Sat, 7 Sep 2013 13:47:16 -0700 (PDT)
	(envelope-from david@albert.catwhisker.org)
Received: (from david@localhost)
	by albert.catwhisker.org (8.14.7/8.14.7/Submit) id r87KlFJx062662;
	Sat, 7 Sep 2013 13:47:15 -0700 (PDT)
	(envelope-from david)
Message-Id: <201309072047.r87KlFJx062662@albert.catwhisker.org>
Date: Sat, 7 Sep 2013 13:47:15 -0700 (PDT)
From: David Wolfskill <david@catwhisker.org>
Reply-To: David Wolfskill <david@catwhisker.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] x11-toolkits/Xaw3d has an overflow error in geometry computation code, causing xfig to hang
X-Send-Pr-Version: 3.114
X-GNATS-Notify:

>Number:         181919
>Category:       ports
>Synopsis:       [PATCH] x11-toolkits/Xaw3d has an overflow error in geometry computation code, causing xfig to hang
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    dinoex
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 07 20:50:00 UTC 2013
>Closed-Date:    Sun Oct 27 07:46:28 CET 2013
>Last-Modified:  Sun Oct 27 07:46:28 CET 2013
>Originator:     David Wolfskill
>Release:        FreeBSD 9.2-PRERELEASE i386
>Organization:
Wolfskill & Dowling Residence
>Environment:
System: FreeBSD g1-227.catwhisker.org 9.2-PRERELEASE FreeBSD 9.2-PRERELEASE #542  r255345M/255355:902503: Sat Sep  7 05:28:53 PDT 2013     root@g1-227.catwhisker.org:/usr/obj/usr/src/sys/CANARY  i386

>Description:
	See <http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=32445>
	(yes, from Jan 2006!) for additional details and the original source
	of the below patch.

	Per the above, Xaw3d uses 16-bit integers to calculate the
	geometry for Box Layout in Box.c; with a sufficiently large
	logical screen, the computations are susceptible to an overflow.

	The observed result is that xfig (for example) will start OK, but
	as soon as one selects (say) a type of object to draw, xfig
	appears to hang (indefinitely, until it is killed).  This renders
	xfig completely unusable.

	Note: it may well be that with a smaller logical screen, one might
	not see these symptoms.  Between the physical screen (1920x1200)
	and the window manager I use, the effective logical screen size I
	normally use is 5760x3600.

	Also, I credit Thomas Mueller for pointing out the NetBSD PR,
	and regret that I failed to file this PR back when he & I
	were discussing the issue.
>How-To-Repeat:
	As indicated above, start xfig.  While the NetBSD PR indicated KDE,
	I use a variant of tvtwm (piewm).
>Fix:
	The below was adapted from the patch in the NetBSD PR.

	After applying it & performing "make clean reinstall" in
	/usr/ports/x11-toolkits/Xaw3d, xfig works for me.

diff -ruN Xaw3d/files/patch-Box Xaw3d/files/patch-Box
--- Xaw3d/files/patch-Box	1969-12-31 16:00:00.000000000 -0800
+++ Xaw3d/files/patch-Box	2013-09-07 11:17:54.000000000 -0700
@@ -0,0 +1,16 @@
+--- Box.c	2013/09/07 18:16:40	1.1
++++ Box.c	2013/09/07 18:06:10
+@@ -352,8 +352,12 @@
+ 	}
+ 	else {
+ 	    width = preferred_width;
++	    if (0==width) width=1;
+ 	    do { /* find some width big enough to stay within this height */
+-		width *= 2;
++		if (width>=32768) /* overflow */
++		    width=constraint->width;
++		else
++		    width *= 2;
+ 		if (width > constraint->width) width = constraint->width;
+ 		DoLayout(w, width, 0, &preferred_width, &preferred_height, FALSE);
+ 	    } while (preferred_height > constraint->height &&
>Release-Note:
>Audit-Trail:

From: David Wolfskill <david@catwhisker.org>
To: bug-followup@FreeBSD.org
Cc: dinoex@freebsd.org
Subject: Re: ports/181919: [PATCH] x11-toolkits/Xaw3d has an overflow error
 in geometry computation code, causing xfig to hang
Date: Sat, 26 Oct 2013 08:32:31 -0700

 --YiEDa0DAkWCtVeE4
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 Given that r331595 was committed and appears to address this (in a
 slightly different way), I believe that this PR should be closed.
 
 I have verified that after r331595, the patch in this PR is no longer
 needed for xfig to work for me.
 
 Peace,
 david
 --=20
 David H. Wolfskill				david@catwhisker.org
 Taliban: Evil cowards with guns afraid of truth from a 14-year old girl.
 
 See http://www.catwhisker.org/~david/publickey.gpg for my public key.
 
 --YiEDa0DAkWCtVeE4
 Content-Type: application/pgp-signature
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (FreeBSD)
 
 iEYEARECAAYFAlJr4I4ACgkQmprOCmdXAD28tQCeOjJYEwz5qsl6kCM4+yy9RA3Z
 ilQAn0HhA19k9vwKKzfXQigoMYVTtO76
 =YXFk
 -----END PGP SIGNATURE-----
 
 --YiEDa0DAkWCtVeE4--
State-Changed-From-To: open->closed 
State-Changed-By: dinoex 
State-Changed-When: Sun Oct 27 07:45:07 CET 2013 
State-Changed-Why:  
thanks for reporting and testing. 


Responsible-Changed-From-To: freebsd-ports-bugs->dinoex 
Responsible-Changed-By: dinoex 
Responsible-Changed-When: Sun Oct 27 07:45:07 CET 2013 
Responsible-Changed-Why:  
I will take care of followups 

http://www.freebsd.org/cgi/query-pr.cgi?pr=181919 
>Unformatted:
