[From nobody Mon Jun  1 07:05:06 2026
Received: (at submit) by bugs.debian.org; 5 Jul 2023 05:38:49 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
 (2021-04-09) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.9 required=4.0 tests=BAYES_00,DIGITS_LETTERS,
 FOURLA,FVGT_m_MULTI_ODD,HAS_PACKAGE,PHONENUMBER,RDNS_NONE,
 SPF_HELO_NONE,SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=ham
 autolearn_force=no version=3.4.6-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 124; hammy, 150; neutral, 177; spammy,
 0. spammytokens: hammytokens:0.000-+--sysdeps,
 0.000-+--sk:__libc_, 
 0.000-+--D*entry, 0.000-+--sk:0x00005, 0.000-+--apparmor
Return-path: &lt;yavor@gnu.org&gt;
Received: from [151.237.141.184] (port=46360 helo=yavor.doganov.org)
 by buxtehude.debian.org with esmtps
 (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
 (Exim 4.94.2) (envelope-from &lt;yavor@gnu.org&gt;) id 1qGvE1-00Gqow-1Y
 for submit@bugs.debian.org; Wed, 05 Jul 2023 05:38:49 +0000
Received: from cable-84-43-193-64.mnet.bg ([84.43.193.64] helo=aneto)
 by yavor.doganov.org with esmtp (Exim 4.94.2)
 (envelope-from &lt;yavor@gnu.org&gt;) id 1qGvDt-00070z-LI
 for submit@bugs.debian.org; Wed, 05 Jul 2023 08:38:43 +0300
Received: from yavor by aneto with local (Exim 4.96)
 (envelope-from &lt;yavor@gnu.org&gt;) id 1qGvDs-002GFd-2Z
 for submit@bugs.debian.org; Wed, 05 Jul 2023 08:38:40 +0300
From: Yavor Doganov &lt;yavor@gnu.org&gt;
To: Debian Bug Tracking System &lt;submit@bugs.debian.org&gt;
Date: Wed, 05 Jul 2023 08:38:40 +0300
Message-ID: &lt;87wmzeq5nj.fsf@yavor.doganov.org&gt;
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-SA-Exim-Connect-IP: 84.43.193.64
X-SA-Exim-Mail-From: yavor@gnu.org
Subject: edenmath.app: Aborts with stack smashing when calculation result is
 large enough
X-SA-Exim-Version: 4.2.1 (built Sat, 13 Feb 2021 17:57:42 +0000)
X-SA-Exim-Scanned: Yes (on yavor.doganov.org)
Delivered-To: submit@bugs.debian.org

Package: edenmath.app
Version: 1.1.1a-8+b5
Severity: important

Type &quot;40&quot;, then press the button &quot;10^x&quot; (second button from right to
left on the lowest row); EdenMath aborts with:
*** stack smashing detected *** terminated.

Backtrace:

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=3D&lt;optimized out&gt;, signo=3Dsigno@en=
try=3D6,=20
    no_tid=3Dno_tid@entry=3D0) at ./nptl/pthread_kill.c:44
44	./nptl/pthread_kill.c: =D0=9D=D1=8F=D0=BC=D0=B0 =D1=82=D0=B0=D0=BA=D1=8A=
=D0=B2 =D1=84=D0=B0=D0=B9=D0=BB =D0=B8=D0=BB=D0=B8 =D0=B4=D0=B8=D1=80=D0=B5=
=D0=BA=D1=82=D0=BE=D1=80=D0=B8=D1=8F.
(gdb) bt
#0  __pthread_kill_implementation
    (threadid=3D&lt;optimized out&gt;, signo=3Dsigno@entry=3D6, no_tid=3Dno_tid@e=
ntry=3D0)
    at ./nptl/pthread_kill.c:44
#1  0x00007ffff6ea815f in __pthread_kill_internal (signo=3D6, threadid=3D&lt;o=
ptimized out&gt;)
    at ./nptl/pthread_kill.c:78
#2  0x00007ffff6e5a472 in __GI_raise (sig=3Dsig@entry=3D6) at ../sysdeps/po=
six/raise.c:26
#3  0x00007ffff6e444b2 in __GI_abort () at ./stdlib/abort.c:79
#4  0x00007ffff6e451ed in __libc_message
    (fmt=3Dfmt@entry=3D0x7ffff6fb7543 &quot;*** %s ***: terminated\n&quot;)
    at ../sysdeps/posix/libc_fatal.c:150
#5  0x00007ffff6f362c5 in __GI___fortify_fail
    (msg=3Dmsg@entry=3D0x7ffff6fb752b &quot;stack smashing detected&quot;)
    at ./debug/fortify_fail.c:24
#6  0x00007ffff6f362b0 in __stack_chk_fail () at ./debug/stack_chk_fail.c:24
#7  0x000055555555d0a6 in -[EMController updateDisplay]
    (self=3D&lt;optimized out&gt;, _cmd=3D&lt;optimized out&gt;) at ./EMController.m:227
#8  0x00007ffff7a5dabe in -[NSApplication sendAction:to:from:]
    (self=3D&lt;optimized out&gt;, _cmd=3D&lt;optimized out&gt;, aSelector=3D0x5555557e=
df20, aTarget=3D&lt;optimized out&gt;, sender=3D0x555556e18050) at ./Source/NSApp=
lication.m:2273
#9  0x00007ffff7a8f313 in -[NSButton sendAction:to:]
    (self=3D0x555556e18050, _cmd=3D&lt;optimized out&gt;, theAction=3D0x5555557ed=
f20, theTarget=3D0x555556e2ff30) at ./Source/NSButton.m:588
#10 0x00007ffff7a9b01d in -[NSCell trackMouse:inRect:ofView:untilMouseUp:]
    (self=3Dself@entry=3D0x555556e1f690, _cmd=3D_cmd@entry=3D0x7ffff7da0d50=
 &lt;_OBJC_SELECTOR_TABLE+1712&gt;, theEvent=3D&lt;optimized out&gt;,=20
    theEvent@entry=3D0x555556e23a30, cellFrame=3D..., controlView=3Dcontrol=
View@entry=3D0x555556e18050, flag=3D0 '\000') at ./Source/NSCell.m:1807
#11 0x00007ffff7abd56b in -[NSControl mouseDown:]
    (self=3D0x555556e18050, _cmd=3D&lt;optimized out&gt;, theEvent=3D&lt;optimized o=
ut&gt;)
    at ./Source/NSControl.m:931
#12 0x00007ffff7bfd354 in -[NSWindow sendEvent:]
    (self=3D0x5555568b4480, _cmd=3D&lt;optimized out&gt;, theEvent=3D0x555556e23a=
30)
    at ./Source/NSWindow.m:4154
#13 0x00007ffff7a63f5e in -[NSApplication run]
    (self=3D0x555555808a40, _cmd=3D&lt;optimized out&gt;) at ./Source/NSApplicati=
on.m:1585
#14 0x00007ffff7a43ec9 in NSApplicationMain
    (argc=3D&lt;optimized out&gt;, argv=3D&lt;optimized out&gt;) at ./Source/Functions.=
m:119
#15 0x00007ffff6e456ca in __libc_start_call_main
    (main=3Dmain@entry=3D0x55555555b1f0 &lt;main&gt;, argc=3Dargc@entry=3D1, argv=
=3Dargv@entry=3D0x7fffffffead8) at ../sysdeps/nptl/libc_start_call_main.h:58
#16 0x00007ffff6e45785 in __libc_start_main_impl
    (main=3D0x55555555b1f0 &lt;main&gt;, argc=3D1, argv=3D0x7fffffffead8, init=3D=
&lt;optimized out&gt;, fini=3D&lt;optimized out&gt;, rtld_fini=3D&lt;optimized out&gt;, stack=
_end=3D0x7fffffffeac8)
    at ../csu/libc-start.c:360
#17 0x000055555555b231 in _start ()

Cannot be reproduced when built with -fno-stack-protector.  I guess the
culprit is a buffer overflow in -[EMController updateDisplay] where
buffer size is limited to 32 bytes.

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unsta=
ble'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, x32

Kernel: Linux 6.3.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=3Dbg_BG.UTF-8, LC_CTYPE=3Dbg_BG.UTF-8 (charmap=3DUTF-8), LANGU=
AGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages edenmath.app depends on:
ii  gnustep-back0.30      0.30.0-2
ii  gnustep-base-runtime  1.29.0-4
ii  gnustep-gui-runtime   0.30.0-3
ii  libc6                 2.37-3
ii  libgnustep-base1.29   1.29.0-4
ii  libgnustep-gui0.30    0.30.0-3
ii  libobjc4              13.1.0-7

Versions of packages edenmath.app recommends:
ii  helpviewer.app  0.4-1+b1

edenmath.app suggests no packages.

-- no debconf information
]