>Synopsis: xfontsel segmentation faults with -pattern
>Category: user
>Environment:
System : OpenBSD 7.5
Details : OpenBSD 7.5-current (GENERIC.MP) #98: Thu May 30 21:14:11
MDT 2024
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
xfontsel will crash with a segmentation fault after pressing
'reset' if called with a -pattern option in the form
'*[text without '-']*'.
>How-To-Repeat:
Run xfontsel with a -pattern of '*a*'
(though any pattern of the form '*[text without '-']*' will work)
Do not select any field (fndry,fmly,etc).
Click the 'reset' button.
>Fix:
This is caused by a dereference of the global variable 'choiceList'
which remains NULL in this case. The following diff checks if
choiceList is NULL before dereferencing it.
A better fix might be to figure out why 'choiceList' does not get
set in this situation, but I don't really understand this code.
diff /usr/xenocara
commit - c678468c11876f84f0f8ec2e830769e42df90c15
path + /usr/xenocara
blob - 400eb09ddb1f4b6bc6298f01f19f79397709f689
file + app/xfontsel/xfontsel.c
--- app/xfontsel/xfontsel.c
+++ app/xfontsel/xfontsel.c
@@ -1320,7 +1320,7 @@ static void EnableRemainingItems(ValidateAction curren
FieldValue *value = fieldValues[field]->value;
int count;
if (current_field_action == SkipCurrentField &&
- field == choiceList->value->field)
+ choiceList != NULL && field == choiceList->value->field)
continue;
for (count = fieldValues[field]->count; count; count--, value++) {
int *fp = value->font;
