[MacPorts] #53910: xorg-server @1.18.4: repetitive crash. Can't kill it. Have to log out to stop it

MacPorts noreply at macports.org
Sat May 27 23:19:20 UTC 2017 

#53910: xorg-server @1.18.4: repetitive crash.  Can't kill it. Have to log out to
stop it
--------------------------+----------------------
  Reporter:  bdbaddog     |      Owner:  jeremyhu
      Type:  defect       |     Status:  assigned
  Priority:  Normal       |  Milestone:
 Component:  ports        |    Version:
Resolution:               |   Keywords:
      Port:  xorg-server  |
--------------------------+----------------------

Comment (by joergahrens):

 I experienced the same symptoms with
 OSX 10.12.5
 xorg-server @1.18.4_1
 xorg-xtrans @1.3.5_0
 It's a problem in xorg-xtrans. Relevant stack trace:

 {{{


 3   libsystem_c.dylib                   0x00007fffdc73a592 abort_report_np
 + 181
 4   libsystem_c.dylib                   0x00007fffdc760f28 __chk_fail + 48
 5   libsystem_c.dylib                   0x00007fffdc760ef8
 __chk_fail_overflow + 16
 6   libsystem_c.dylib                   0x00007fffdc7610cd __strncpy_chk +
 98
 7   X11.bin                             0x00000001050de4b5
 _XSERVTransSocketReopen + 276
 8   X11.bin                             0x00000001050dbdfe
 _XSERVTransSocketReopenCOTSServer + 98
 9   X11.bin                             0x00000001050dd19b
 _XSERVTransReopen + 156
 10  X11.bin                             0x00000001050d717e ListenOnOpenFD
 + 224
 }}}

 I found a bug in

 /opt/local/include/X11/Xtrans/Xtranssock.c

 function:
 {{{
 static XtransConnInfo
 TRANS(SocketReopen) (int i _X_UNUSED, int type, int fd, const char *port)
 }}}
 Original code:
 {{{
     /* Initialize ciptr structure as if it were a normally-opened unix
 socket */
     ciptr->flags = TRANS_LOCAL | TRANS_NOUNLINK;
 #ifdef BSD44SOCKETS
     addr->sa_len = addrlen;
 #endif
     addr->sa_family = AF_UNIX;
 #ifdef HAS_STRLCPY
     strlcpy(addr->sa_data, port, portlen);
 #else
     strncpy(addr->sa_data, port, portlen);
 #endif
 }}}
 Definition of addr is:
 {{{
     struct sockaddr *addr;
 }}}
 and definition of struct sockaddr in /usr/include/sys/socket.h is:
 {{{
 struct sockaddr {
         __uint8_t       sa_len;         /* total length */
         sa_family_t     sa_family;      /* [XSI] address family */
         char            sa_data[14];    /* [XSI] addr value (actually
 larger) */
 };
 }}}
 So the strncpy tries to copy "portlen" bytes to 14 bytes. portlen is 57 in
 my case.
 Althoug enough memory was allocated ealier, some checking code in
 libsystem_c finds that 57
 is greater than 14 and aborts.

 I just changed portlen to 14 in the strncpy call and it works.
 {{{
     /* Initialize ciptr structure as if it were a normally-opened unix
 socket */
     ciptr->flags = TRANS_LOCAL | TRANS_NOUNLINK;
 #ifdef BSD44SOCKETS
     addr->sa_len = addrlen;
 #endif
     addr->sa_family = AF_UNIX;
 #ifdef HAS_STRLCPY
     strlcpy(addr->sa_data, port, portlen);
 #else
     strncpy(addr->sa_data, port, 14);
 #endif
 }}}
 Questions:
 - why is strncpy used although there is strlcpy in libsystem_c?
 - why does it work with a truncated port?

--
Ticket URL: <https://trac.macports.org/ticket/53910#comment:2>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list