Simple to reproduce: 1) Start xfig. 2) Select (click) the POLYLINE tool on the left. 3) Click the "Arrow Size Thk=1,0" button on the bottom right. 4) Watch the crash: (gdb) run Starting program: /usr/bin/xfig Warning: Missing charsets in String to FontSet conversion Warning: Missing charsets in String to FontSet conversion *** stack smashing detected ***: /usr/bin/xfig terminated ======= Backtrace: ========= /lib64/libc.so.6(+0x71c6b)[0x7ffff6906c6b] /lib64/libc.so.6(__fortify_fail+0x37)[0x7ffff698d4f7] /lib64/libc.so.6(__fortify_fail+0x0)[0x7ffff698d4c0] /usr/bin/xfig[0x48ecbe] /usr/bin/xfig[0x493e8d] /usr/lib64/libXt.so.6(XtDispatchEventToWidget+0x40b)[0x7ffff72986db] /usr/lib64/libXt.so.6(+0x22e50)[0x7ffff7298e50] /usr/lib64/libXt.so.6(XtDispatchEvent+0xd8)[0x7ffff7298f38] /usr/bin/xfig[0x40981d] /lib64/libc.so.6(__libc_start_main+0xf0)[0x7ffff68b57b0] /usr/bin/xfig[0x409a99] ======= Memory map: ======== 00400000-00533000 r-xp 00000000 08:05 1078703 /usr/bin/xfig 00732000-00733000 r--p 00132000 08:05 1078703 /usr/bin/xfig 00733000-00755000 rw-p 00133000 08:05 1078703 /usr/bin/xfig 00755000-008f2000 rw-p 00000000 00:00 0 [heap] 7ffff49ff000-7ffff4a15000 r-xp 00000000 08:05 1175904 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.9.3/libgcc_s.so.1 7ffff4a15000-7ffff4c14000 ---p 00016000 08:05 1175904 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.9.3/libgcc_s.so.1 7ffff4c14000-7ffff4c15000 r--p 00015000 08:05 1175904 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.9.3/libgcc_s.so.1 7ffff4c15000-7ffff4c16000 rw-p 00016000 08:05 1175904 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.9.3/libgcc_s.so.1 7ffff4c16000-7ffff4c1b000 r-xp 00000000 08:05 988926 /usr/lib64/libXfixes.so.3.1.0 7ffff4c1b000-7ffff4e1a000 ---p 00005000 08:05 988926 /usr/lib64/libXfixes.so.3.1.0 7ffff4e1a000-7ffff4e1b000 r--p 00004000 08:05 988926 /usr/lib64/libXfixes.so.3.1.0 7ffff4e1b000-7ffff4e1c000 rw-p 00005000 08:05 988926 /usr/lib64/libXfixes.so.3.1.0 7ffff4e1c000-7ffff4e25000 r-xp 00000000 08:05 694300 /usr/lib64/libXrender.so.1.3.0 7ffff4e25000-7ffff5024000 ---p 00009000 08:05 694300 /usr/lib64/libXrender.so.1.3.0 7ffff5024000-7ffff5025000 r--p 00008000 08:05 694300 /usr/lib64/libXrender.so.1.3.0 7ffff5025000-7ffff5026000 rw-p 00009000 08:05 694300 /usr/lib64/libXrender.so.1.3.0 7ffff5026000-7ffff5030000 r-xp 00000000 08:05 1042468 /usr/lib64/libXcursor.so.1.0.2 7ffff5030000-7ffff522f000 ---p 0000a000 08:05 1042468 /usr/lib64/libXcursor.so.1.0.2 7ffff522f000-7ffff5230000 r--p 00009000 08:05 1042468 /usr/lib64/libXcursor.so.1.0.2 7ffff5230000-7ffff5231000 rw-p 0000a000 08:05 1042468 /usr/lib64/libXcursor.so.1.0.2 7ffff5231000-7ffff53f8000 r--p 00000000 08:05 1704520 /usr/lib64/locale/locale-archive 7ffff53f8000-7ffff53fd000 r-xp 00000000 08:05 685573 /usr/lib64/libXdmcp.so.6.0.0 7ffff53fd000-7ffff55fc000 ---p 00005000 08:05 685573 /usr/lib64/libXdmcp.so.6.0.0 7ffff55fc000-7ffff55fd000 r--p 00004000 08:05 685573 /usr/lib64/libXdmcp.so.6.0.0 7ffff55fd000-7ffff55fe000 rw-p 00005000 08:05 685573 /usr/lib64/libXdmcp.so.6.0.0 7ffff55fe000-7ffff5600000 r-xp 00000000 08:05 987443 /usr/lib64/libXau.so.6.0.0 7ffff5600000-7ffff5800000 ---p 00002000 08:05 987443 /usr/lib64/libXau.so.6.0.0 7ffff5800000-7ffff5801000 r--p 00002000 08:05 987443 /usr/lib64/libXau.so.6.0.0 7ffff5801000-7ffff5802000 rw-p 00003000 08:05 987443 /usr/lib64/libXau.so.6.0.0 7ffff5802000-7ffff5806000 r-xp 00000000 08:05 831138 /lib64/libuuid.so.1.3.0 7ffff5806000-7ffff5a05000 ---p 00004000 08:05 831138 /lib64/libuuid.so.1.3.0 7ffff5a05000-7ffff5a06000 r--p 00003000 08:05 831138 /lib64/libuuid.so.1.3.0 7ffff5a06000-7ffff5a07000 rw-p 00004000 08:05 831138 /lib64/libuuid.so.1.3.0 7ffff5a07000-7ffff5a09000 r-xp 00000000 08:05 953202 /lib64/libdl-2.21.so 7ffff5a09000-7ffff5c09000 ---p 00002000 08:05 953202 /lib64/libdl-2.21.so 7ffff5c09000-7ffff5c0a000 r--p 00002000 08:05 953202 /lib64/libdl-2.21.so 7ffff5c0a000-7ffff5c0b000 rw-p 00003000 08:05 953202 /lib64/libdl-2.21.so 7ffff5c0b000-7ffff5c2c000 r-xp 00000000 08:05 730227 /usr/lib64/libxcb.so.1.1.0 7ffff5c2c000-7ffff5e2c000 ---p 00021000 08:05 730227 /usr/lib64/libxcb.so.1.1.0 7ffff5e2c000-7ffff5e2d000 r--p 00021000 08:05 730227 /usr/lib64/libxcb.so.1.1.0 7ffff5e2d000-7ffff5e2e000 rw-p 00022000 08:05 730227 /usr/lib64/libxcb.so.1.1.0 7ffff5e2e000-7ffff5e45000 r-xp 00000000 08:05 986938 /usr/lib64/libICE.so.6.3.0 7ffff5e45000-7ffff6044000 ---p 00017000 08:05 986938 /usr/lib64/libICE.so.6.3.0 7ffff6044000-7ffff6045000 r--p 00016000 08:05 986938 /usr/lib64/libICE.so.6.3.0 7ffff6045000-7ffff6046000 rw-p 00017000 08:05 986938 /usr/lib64/libICE.so.6.3.0 7ffff6046000-7ffff604a000 rw-p 00000000 00:00 0 7ffff604a000-7ffff6051000 r-xp 00000000 08:05 1059600 /usr/lib64/libSM.so.6.0.1 7ffff6051000-7ffff6250000 ---p 00007000 08:05 1059600 /usr/lib64/libSM.so.6.0.1 7ffff6250000-7ffff6251000 r--p 00006000 08:05 1059600 /usr/lib64/libSM.so.6.0.1 7ffff6251000-7ffff6252000 rw-p 00007000 08:05 1059600 /usr/lib64/libSM.so.6.0.1 7ffff6252000-7ffff6263000 r-xp 00000000 08:05 1034536 /usr/lib64/libXext.so.6.4.0 7ffff6263000-7ffff6462000 ---p 00011000 08:05 1034536 /usr/lib64/libXext.so.6.4.0 7ffff6462000-7ffff6463000 r--p 00010000 08:05 1034536 /usr/lib64/libXext.so.6.4.0 7ffff6463000-7ffff6464000 rw-p 00011000 08:05 1034536 /usr/lib64/libXext.so.6.4.0 7ffff6464000-7ffff647c000 r-xp 00000000 08:05 1054811 /usr/lib64/libXmu.so.6.2.0 7ffff647c000-7ffff667c000 ---p 00018000 08:05 1054811 /usr/lib64/libXmu.so.6.2.0 7ffff667c000-7ffff667d000 r--p 00018000 08:05 1054811 /usr/lib64/libXmu.so.6.2.0 7ffff667d000-7ffff667e000 rw-p 00019000 08:05 1054811 /usr/lib64/libXmu.so.6.2.0 7ffff667e000-7ffff667f000 rw-p 00000000 00:00 0 7ffff667f000-7ffff6694000 r-xp 00000000 08:05 782051 /lib64/libz.so.1.2.8 7ffff6694000-7ffff6893000 ---p 00015000 08:05 782051 /lib64/libz.so.1.2.8 7ffff6893000-7ffff6894000 r--p 00014000 08:05 782051 /lib64/libz.so.1.2.8 7ffff6894000-7ffff6895000 rw-p 00015000 08:05 782051 /lib64/libz.so.1.2.8 7ffff6895000-7ffff6a26000 r-xp 00000000 08:05 950867 /lib64/libc-2.21.so 7ffff6a26000-7ffff6c26000 ---p 00191000 08:05 950867 /lib64/libc-2.21.so 7ffff6c26000-7ffff6c2a000 r--p 00191000 08:05 950867 /lib64/libc-2.21.so 7ffff6c2a000-7ffff6c2c000 rw-p 00195000 08:05 950867 /lib64/libc-2.21.so 7ffff6c2c000-7ffff6c30000 rw-p 00000000 00:00 0 7ffff6c30000-7ffff6d32000 r-xp 00000000 08:05 952860 /lib64/libm-2.21.so 7ffff6d32000-7ffff6f32000 ---p 00102000 08:05 952860 /lib64/libm-2.21.so 7ffff6f32000-7ffff6f33000 r--p 00102000 08:05 952860 /lib64/libm-2.21.so 7ffff6f33000-7ffff6f34000 rw-p 00103000 08:05 952860 /lib64/libm-2.21.so 7ffff6f34000-7ffff706f000 r-xp 00000000 08:05 732688 /usr/lib64/libX11.so.6.3.0 7ffff706f000-7ffff726e000 ---p 0013b000 08:05 732688 /usr/lib64/libX11.so.6.3.0 7ffff726e000-7ffff7270000 r--p 0013a000 08:05 732688 /usr/lib64/libX11.so.6.3.0 7ffff7270000-7ffff7275000 rw-p 0013c000 08:05 732688 /usr/lib64/libX11.so.6.3.0 7ffff7275000-7ffff7276000 rw-p 00000000 00:00 0 7ffff7276000-7ffff72d5000 r-xp 00000000 08:05 1057261 /usr/lib64/libXt.so.6.0.0 7ffff72d5000-7ffff74d5000 ---p 0005f000 08:05 1057261 /usr/lib64/libXt.so.6.0.0 7ffff74d5000-7ffff74d6000 r--p 0005f000 08:05 1057261 /usr/lib64/libXt.so.6.0.0 7ffff74d6000-7ffff74db000 rw-p 00060000 08:05 1057261 /usr/lib64/libXt.so.6.0.0 7ffff74db000-7ffff74dc000 rw-p 00000000 00:00 0 7ffff74dc000-7ffff7530000 r-xp 00000000 08:05 1074783 /usr/lib64/libXaw3d.so.8.0.0 7ffff7530000-7ffff772f000 ---p 00054000 08:05 1074783 /usr/lib64/libXaw3d.so.8.0.0 7ffff772f000-7ffff7730000 r--p 00053000 08:05 1074783 /usr/lib64/libXaw3d.so.8.0.0 7ffff7730000-7ffff773a000 rw-p 00054000 08:05 1074783 /usr/lib64/libXaw3d.so.8.0.0 7ffff773a000-7ffff773b000 rw-p 00000000 00:00 0 7ffff773b000-7ffff776f000 r-xp 00000000 08:05 694726 /usr/lib64/libpng16.so.16.19.0 7ffff776f000-7ffff796e000 ---p 00034000 08:05 694726 /usr/lib64/libpng16.so.16.19.0 7ffff796e000-7ffff796f000 r--p 00033000 08:05 694726 /usr/lib64/libpng16.so.16.19.0 7ffff796f000-7ffff7970000 rw-p 00034000 08:05 694726 /usr/lib64/libpng16.so.16.19.0 7ffff7970000-7ffff7981000 r-xp 00000000 08:05 1054741 /usr/lib64/libXpm.so.4.11.0 7ffff7981000-7ffff7b80000 ---p 00011000 08:05 1054741 /usr/lib64/libXpm.so.4.11.0 7ffff7b80000-7ffff7b81000 r--p 00010000 08:05 1054741 /usr/lib64/libXpm.so.4.11.0 7ffff7b81000-7ffff7b82000 rw-p 00011000 08:05 1054741 /usr/lib64/libXpm.so.4.11.0 7ffff7b82000-7ffff7bd9000 r-xp 00000000 08:05 695931 /usr/lib64/libjpeg.so.62.1.0 7ffff7bd9000-7ffff7dd9000 ---p 00057000 08:05 695931 /usr/lib64/libjpeg.so.62.1.0 7ffff7dd9000-7ffff7dda000 r--p 00057000 08:05 695931 /usr/lib64/libjpeg.so.62.1.0 7ffff7dda000-7ffff7ddb000 rw-p 00058000 08:05 695931 /usr/lib64/libjpeg.so.62.1.0 7ffff7ddb000-7ffff7dfd000 r-xp 00000000 08:05 951456 /lib64/ld-2.21.so 7ffff7fc3000-7ffff7fcc000 rw-p 00000000 00:00 0 7ffff7ff6000-7ffff7ff8000 rw-p 00000000 00:00 0 7ffff7ff8000-7ffff7ffa000 r--p 00000000 00:00 0 [vvar] 7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso] 7ffff7ffc000-7ffff7ffd000 r--p 00021000 08:05 951456 /lib64/ld-2.21.so 7ffff7ffd000-7ffff7ffe000 rw-p 00022000 08:05 951456 /lib64/ld-2.21.so 7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 7ffffffdd000-7ffffffff000 rw-p 00000000 00:00 0 [stack] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Program received signal SIGABRT, Aborted. 0x00007ffff68c8237 in raise () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff68c8237 in raise () from /lib64/libc.so.6 #1 0x00007ffff68c95ca in abort () from /lib64/libc.so.6 #2 0x00007ffff6906c70 in __libc_message () from /lib64/libc.so.6 #3 0x00007ffff698d4f7 in __fortify_fail () from /lib64/libc.so.6 #4 0x00007ffff698d4c0 in __stack_chk_fail () from /lib64/libc.so.6 #5 0x000000000048ecbe in set_arrow_size_state () #6 0x0000000000493e8d in popup_arrowsize_panel () #7 0x00007ffff72986db in XtDispatchEventToWidget () from /usr/lib64/libXt.so.6 #8 0x00007ffff7298e50 in _XtDefaultDispatcher () from /usr/lib64/libXt.so.6 #9 0x00007ffff7298f38 in XtDispatchEvent () from /usr/lib64/libXt.so.6 #10 0x000000000040981d in main () This is the same bug that was reported on Debian: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774673> And on Fedora: <https://bugzilla.redhat.com/show_bug.cgi?id=1046102>. Both patched with Fedora patch. It works (it replaces "int which" with "intptr_t which" in set_arrow_size_state() function because radio_data is an XPointer) but I still feel there is something fishy in the way the radio_data values are used in this source file (disclaimer : I am no X programmer at all). The principle is to abuse the XPointer value to store integers in it. But my concern is that one should not store the value 0 in it because the NULL pointer can be interpreted differently as other pointer values and can trigger different actions. All other (ab)uses of XtNradioData in xfig source seem to care about it and use 1 and 2 values, or (i+1) values in order to avoid putting 0 in radio_data. But in "w_indpanel.c", the values 0 and 1 are used (that's in popup_arrowsize_panel() function). So, I think it would be a good idea, at the same time you fix the pointer size problem, to also replace value 0 with, for example 2. It just means replacing two characters in one line of popup_arrowsize_panel(): NextArg(XtNradioData, 0); /* when this is pressed the value is 0 */ => NextArg(XtNradioData, 2); /* when this is pressed the value is 2 */
/me grumbles something about bugzilla URI parsing
please retry with media-gfx/xfig-3.2.6a
