From 75bc8fa4977c1d01f0b1799cd7d42bdf93f31b87 Mon Sep 17 00:00:00 2001
From: Mamoru TASAKA <mtasaka@fedoraproject.org>
Date: Mon, 22 Mar 2021 13:35:49 +0900
Subject: [PATCH] create_daemon_window: make utsname buffer within scope
xscreensaver-6.00b2 causes abort immediately at startup like:
=========================================================
==427660==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fffc407b191 at pc 0x7f2622e13ee6 bp 0x7fffc407a6e0 sp 0x7fffc4079e90
READ of size 22 at 0x7fffc407b191 thread T0
#0 0x7f2622e13ee5 in __interceptor_strlen.part.0 (/lib64/libasan.so.6+0x3cee5)
#1 0x406712 in create_daemon_window ../../driver/xscreensaver.c:1025
#2 0x7f2622145b74 in __libc_start_main ../csu/libc-start.c:332
#3 0x40ca7d (/usr/bin/xscreensaver+0x40ca7d)
Address 0x7fffc407b191 is located in stack of thread T0 at offset 2481 in frame
#0 0x40477f (/usr/bin/xscreensaver+0x40477f)
This frame has 37 object(s):
[48, 52) 'xi_opcode' (line 1353)
[64, 68) 'root_x' (line 1823)
[80, 84) 'root_y' (line 1823)
...
...
[1840, 2032) 'xev' (line 1528)
[2096, 2351) 'buf' (line 2259)
[2416, 2806) 'uts' (line 1017) <== Memory access at offset 2481 is inside this variable
[2880, 2884) 'mask1'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope (/lib64/libasan.so.6+0x3cee5) in __interceptor_strlen.part.0
=========================================================
To fix this, make struct utsname buffer within scope.
---
driver/xscreensaver.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/driver/xscreensaver.c b/driver/xscreensaver.c
index 99a6945..9d0105a 100644
--- a/driver/xscreensaver.c
+++ b/driver/xscreensaver.c
@@ -1001,6 +1001,9 @@ create_daemon_window (Display *dpy)
struct passwd *p = getpwuid (getuid ());
time_t now = time ((time_t *) 0);
char *id;
+# ifdef HAVE_UNAME
+ struct utsname uts;
+# endif
if (p && p->pw_name && *p->pw_name)
name = p->pw_name;
@@ -1014,7 +1017,6 @@ create_daemon_window (Display *dpy)
# ifdef HAVE_UNAME
{
- struct utsname uts;
if (! uname (&uts))
host = uts.nodename;
}
--
2.30.2