Bug#472103: sugar segfaults with python-cairo 1.4.14 (1.4.0 is ok)

Fri, 21 Mar 2008 20:12:41 -0700 

Package: python-cairo
Version: 1.4.12-1
Severity: grave
Tags: security
Justification: user security hole

The Sugar environment segfaults when used with python-cairo 1.4.14.

You should be able to reproduce like this:

 1. Install the packages "sugar" and "xserver-xephyr".
 2. Run "sugar-emulator" as normal user from an X11 terminal-emulator
 3. Type in your name when requested
 4. Switch to console or another virtual desktop and do "killall Xephyr"
 5. Switch back again: There's a segfault.

Using python-cairo 1.4.0-1 works fine.

Recompiling python-cairo 1.4.0-1 against libcairo 1.4.14 works fine too.

Both amd64 and i386 system segfaults, so probably different bug than earlier
reported.

Applying the following patch (which reverts what seems to be the only major
change between 1.4.0 and 1.4.14) fixes the problem too:

--- pycairo-1.4.12.orig/cairo/pycairo-context.c
+++ pycairo-1.4.12/cairo/pycairo-context.c
@@ -82,6 +82,8 @@
        return NULL;
 }
 
+    if (type == NULL)
+        type = &PycairoContext_Type;
     o = PycairoContext_Type.tp_alloc (type, 0);
     if (o) {
        ((PycairoContext *)o)->ctx = ctx;


It seems from the changelog that the above causes other problems, but still I
believe it is a major bug that the program segfaults when provided wrong input.

Also, it would sure be nice with some hints on how to change old working code
when the interface changes like this (I tried locating in sugar code or in
hippocanvas what triggers this bug, but without luck so far...).


- Jonas

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.25-rc6-amd64 (SMP w/2 CPU cores)
Locale: LANG=da_DK.UTF-8, LC_CTYPE=da_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages python-cairo depends on:
ii  libc6                         2.7-9      GNU C Library: Shared libraries
ii  libcairo2                     1.4.14-1   The Cairo 2D vector graphics libra
ii  python                        2.4.4-6    An interactive high-level object-o
ii  python-central                0.6.1      register and build utility for Pyt

python-cairo recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to