[Pkg-kbd-devel] Bug#872623: kbd: setmetamode fails with StackSmashing detected
Andreas Henriksson
andreas at fatal.se
Mon May 28 20:31:53 BST 2018
Control: forwarded -1 https://github.com/legionus/kbd/pull/16
Control: tags -1 + upstream
Hello,
Sorry for the late followup.
On Sat, Aug 19, 2017 at 04:08:50PM -0400, alsauser at pragmasoft.com wrote:
[...]
> Upon closer examination, it appears that the KDGKBMETA IOCTL that
> is called by setmetamode.c, is subsequently calling:
> put_user (<unsigned int>, (int __user*) arg);
>
> Unfortunately, the argument (ometa) is only declared as "char" in
> setmetamode.c. So, in essence, we are asking the kernel to store
> an <unsigned int> into a user space location that has only been
> allocated as a "char".
>
> I now believe that the appropriate correction is to change the
> "char ometa, nmeta;" declaration in setmetamode.c to
> "unsigned int ometa, nmeta;". During my testing, this change
> eliminated the StackSmashing detection and subsequent traceback.
[...]
I agree with your analysis. Would be best to discuss this issue
upstream, but since the fix seemed obvious I went ahead and
submitted https://github.com/legionus/kbd/pull/16
Thanks for your detailed bug report and analysis.
Regards,
Andreas Henriksson
More information about the Pkg-kbd-devel
mailing list