[Bug 563635] Re: iok gets terminated due to buffer overflow when "xkb-Tamil Unicode with Numerals" keymap is selected in drop down.

Launchpad Bug Tracker 563635 at bugs.launchpad.net
Fri May 28 08:35:10 BST 2010 

This bug was fixed in the package iok - 1.3.10-0ubuntu1

---------------
iok (1.3.10-0ubuntu1) maverick; urgency=low

  * New upstream release (LP: #586218)
    - Add missing libX11 DSO check in configure.in
    - Fix warnings from compilation.
    - Fix parsing problem for tam_keyboard_with_numerals layout. (LP: #563635)
 -- Suji A <suji87.msc at gmail.com>   Tue, 27 Apr 2010 16:29:11 +0530

** Changed in: iok (Ubuntu)
       Status: In Progress => Fix Released

-- 
iok gets terminated due to buffer overflow when "xkb-Tamil Unicode with Numerals" keymap is selected in drop down.
https://bugs.launchpad.net/bugs/563635
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.

Status in “iok” package in Ubuntu: Fix Released

Bug description:
Binary package hint: iok

lsb_release -rd
Description:	Ubuntu lucid (development branch)
Release:	10.04
----------------------------------------
ubuntu at ubuntu:~$ apt-cache policy iok
iok:
  Installed: 1.3.9-0ubuntu1
  Candidate: 1.3.9-0ubuntu1
  Version table:
 *** 1.3.9-0ubuntu1 0
        100 /var/lib/dpkg/status
-------------------------------------------
After launching iok from terminal in the GUI on-screen keyboard number of indic keyboards (all of which of the type of one to one keyboard mapping to Unicode range and not IME type) are available for use. They are inscript keymaps from m17n and also xkb keymaps, all for some indic langauges and all mapping to Unicode.

There are 3 xkb keyboards for Tamil (look in the drop down list right of Spacebar, and in the drop down list near bottom of the list wherein all xkb keymaps are listed). They are:

1. xkb-Tamil   
2. xkb-Tamil Unicode
3. xkb-Tamil Keyboard with Numerals

The 3rd of the above is of same key assignments as in the second, but for the numerals 0 - 9 which are mapped to Tamil numerals in the 3rd. All three are usable with xkb standard keyboard (i.e., non on-screen) interface. But in iok this bug happens when 3rd is used.

Expected to Happen : each of those 3 should be selectable and used via the on-screen gui of iok.

What happens instead: The first two can be selected and used. But the 3rd,  "xkb-Tamil Keyboard with Numerals"  on slection causes iok to terminate: The trace of the event as seen in the terminal is shown below at the end of the report.

I have found this happening both in Ubuntu 10.04-Beta-2 Live CD session as well as HDD installed same version and upto date with all updates. Haven't checked in previous beta or alpha versions.

Among other language xkb keymaps in the drop down list of iok I tried a few randomly and found xkb-Hindi Wx (which is the bottom most in the drop down list) also terminates iok with error message as "Segmentation Fault".

K. Sethu

p.s: The trace of termination event when  "xkb-Tamil Keyboard with Numerals" is selected is as follows. Note that the first two lines : "scandir: No such file or directory" and "Xtest version 0.0.2.2" always happen on launching iok. The trace message triggered on termination by the concerned keymap starts from the thrid line:  *** buffer overflow detected ***: iok terminated

ubuntu at ubuntu:~$ iok
scandir: No such file or directory
Xtest version 0.0.2.2
*** buffer overflow detected ***: iok terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x50)[0xe3d320]
/lib/tls/i686/cmov/libc.so.6(+0xe125a)[0xe3c25a]
/lib/tls/i686/cmov/libc.so.6(__strcpy_chk+0x44)[0xe3b5d4]
iok[0x80607da]
iok[0x8061073]
/usr/lib/libgobject-2.0.so.0(g_cclosure_marshal_VOID__VOID+0x7c)[0x35adcc]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x1b2)[0x34d252]
/usr/lib/libgobject-2.0.so.0(+0x1f99d)[0x36199d]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x754)[0x362db4]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x26)[0x363256]
/usr/lib/libgtk-x11-2.0.so.0(+0xa3b11)[0x648b11]
/usr/lib/libgtk-x11-2.0.so.0(gtk_combo_box_set_active_iter+0xa3)[0x649e33]
/usr/lib/libgtk-x11-2.0.so.0(+0xa4f56)[0x649f56]
/usr/lib/libgobject-2.0.so.0(g_cclosure_marshal_VOID__VOID+0x7c)[0x35adcc]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x1b2)[0x34d252]
/usr/lib/libgobject-2.0.so.0(+0x1f99d)[0x36199d]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x754)[0x362db4]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x26)[0x363256]
/usr/lib/libgtk-x11-2.0.so.0(gtk_widget_activate+0x95)[0x8130b5]
/usr/lib/libgtk-x11-2.0.so.0(gtk_menu_shell_activate_item+0x120)[0x6f1870]
/usr/lib/libgtk-x11-2.0.so.0(+0x14e1df)[0x6f31df]
/usr/lib/libgtk-x11-2.0.so.0(+0x143b34)[0x6e8b34]
/usr/lib/libgtk-x11-2.0.so.0(+0x13d2f4)[0x6e22f4]
/usr/lib/libgobject-2.0.so.0(+0x98b9)[0x34b8b9]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x1b2)[0x34d252]
/usr/lib/libgobject-2.0.so.0(+0x1f5e6)[0x3615e6]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x5d3)[0x362c33]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x26)[0x363256]
/usr/lib/libgtk-x11-2.0.so.0(+0x26a306)[0x80f306]
/usr/lib/libgtk-x11-2.0.so.0(gtk_propagate_event+0xcd)[0x6da92d]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main_do_event+0x307)[0x6dbcd7]
/usr/lib/libgdk-x11-2.0.so.0(+0x5635a)[0x25a35a]
/lib/libglib-2.0.so.0(g_main_context_dispatch+0x1d5)[0xae25e5]
/lib/libglib-2.0.so.0(+0x3f2d8)[0xae62d8]
/lib/libglib-2.0.so.0(g_main_loop_run+0x187)[0xae6817]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xb9)[0x6dc299]
iok[0x804bcd2]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xd71bd6]
iok[0x804baa1]
======= Memory map: ========
00110000-00135000 r-xp 00000000 00:10 17448      /usr/lib/libpangoft2-1.0.so.0.2800.0
00135000-00136000 r--p 00024000 00:10 17448      /usr/lib/libpangoft2-1.0.so.0.2800.0
00136000-00137000 rw-p 00025000 00:10 17448      /usr/lib/libpangoft2-1.0.so.0.2800.0
00137000-0013a000 r-xp 00000000 00:10 800        /usr/lib/libgmodule-2.0.so.0.2400.0
0013a000-0013b000 r--p 00002000 00:10 800        /usr/lib/libgmodule-2.0.so.0.2400.0
0013b000-0013c000 rw-p 00003000 00:10 800        /usr/lib/libgmodule-2.0.so.0.2400.0
0013c000-00146000 r-xp 00000000 00:10 6566       /usr/lib/libunique-1.0.so.0.100.6
00146000-00147000 r--p 00009000 00:10 6566       /usr/lib/libunique-1.0.so.0.100.6
00147000-00148000 rw-p 0000a000 00:10 6566       /usr/lib/libunique-1.0.so.0.100.6
00148000-0014a000 r-xp 00000000 00:10 3602       /usr/lib/libXcomposite.so.1.0.0
0014a000-0014b000 r--p 00001000 00:10 3602       /usr/lib/libXcomposite.so.1.0.0
0014b000-0014c000 rw-p 00002000 00:10 3602       /usr/lib/libXcomposite.so.1.0.0
0014c000-0014e000 r-xp 00000000 00:10 3604       /usr/lib/libXdamage.so.1.1.0
0014e000-0014f000 r--p 00001000 00:10 3604       /usr/lib/libXdamage.so.1.1.0
0014f000-00150000 rw-p 00002000 00:10 3604       /usr/lib/libXdamage.so.1.1.0
00150000-00154000 r-xp 00000000 00:10 3606       /usr/lib/libXfixes.so.3.1.0
00154000-00155000 r--p 00003000 00:10 3606       /usr/lib/libXfixes.so.3.1.0
00155000-00156000 rw-p 00004000 00:10 3606       /usr/lib/libXfixes.so.3.1.0
00156000-00158000 r-xp 00000000 00:10 3610       /usr/lib/libXinerama.so.1.0.0
00158000-00159000 r--p 00001000 00:10 3610       /usr/lib/libXinerama.so.1.0.0
00159000-0015a000 rw-p 00002000 00:10 3610       /usr/lib/libXinerama.so.1.0.0
0015a000-00172000 r-xp 00000000 00:10 17275      /usr/lib/libgdk_pixbuf-2.0.so.0.2000.0
00172000-00173000 r--p 00017000 00:10 17275      /usr/lib/libgdk_pixbuf-2.0.so.0.2000.0
00173000-00174000 rw-p 00018000 00:10 17275      /usr/lib/libgdk_pixbuf-2.0.so.0.2000.0
00174000-00198000 r-xp 00000000 00:10 31         /lib/tls/i686/cmov/libm-2.11.1.so
00198000-00199000 r--p 00023000 00:10 31         /lib/tls/i686/cmov/libm-2.11.1.so
00199000-0019a000 rw-p 00024000 00:10 31         /lib/tls/i686/cmov/libm-2.11.1.so
0019a000-001c8000 r-xp 00000000 00:10 3600       /usr/lib/libfontconfig.so.1.4.4
001c8000-001c9000 r--p 0002d000 00:10 3600       /usr/lib/libfontconfig.so.1.4.4
001c9000-001ca000 rw-p 0002e000 00:10 3600       /usr/lib/libfontconfig.so.1.4.4
001ca000-001df000 r-xp 00000000 00:10 33         /lib/tls/i686/cmov/libpthread-2.11.1.so
001df000-001e0000 r--p 00014000 00:10 33         /lib/tls/i686/cmov/libpthread-2.11.1.so
001e0000-001e1000 rw-p 00015000 00:10 33         /lib/tls/i686/cmov/libpthread-2.11.1.so
001e1000-001e3000 rw-p 00000000 00:00 0 
001e3000-001f1000 r-xp 00000000 00:10 2792       /usr/lib/libXext.so.6.4.0
001f1000-001f2000 r--p 0000d000 00:10 2792       /usr/lib/libXext.so.6.4.0
001f2000-001f3000 rw-p 0000e000 00:10 2792       /usr/lib/libXext.so.6.4.0
001f3000-001fb000 r-xp 00000000 00:10 3608       /usr/lib/libXrender.so.1.3.0
001fb000-001fc000 r--p 00007000 00:10 3608       /usr/lib/libXrender.so.1.3.0
001fc000-001fd000 rw-p 00008000 00:10 3608       /usr/lib/libXrender.so.1.3.0
001fd000-001ff000 r-xp 00000000 00:10 29         /lib/tls/i686/cmov/libdl-2.11.1.so
001ff000-00200000 r--p 00001000 00:10 29         /lib/tls/i686/cmov/libdl-2.11.1.so
00200000-00201000 rw-p 00002000 00:10 29         /lib/tls/i686/cmov/libdl-2.11.1.so
00204000-00297000 r-xp 00000000 00:10 17274      /usr/lib/libgdk-x11-2.0.so.0.2000.0
00297000-00299000 r--p 00093000 00:10 17274      /usr/lib/libgdk-x11-2.0.so.0.2000.0
00299000-0029a000 rw-p 00095000 00:10 17274      /usr/lib/libgdk-x11-2.0.so.0.2000.0
0029a000-002a0000 r-xp 00000000 00:10 3612       /usr/lib/libXrandr.so.2.2.0
002a0000-002a1000 r--p 00005000 00:10 3612       /usr/lib/libXrandr.so.2.2.0
002a1000-002a2000 rw-p 00006000 00:10 3612       /usr/lib/libXrandr.so.2.2.0
002a2000-002aa000 r-xp 00000000 00:10 3614       /usr/lib/libXcursor.so.1.0.2
002aa000-002ab000 r--p 00007000 00:10 3614       /usr/lib/libXcursor.so.1.0.2
002ab000-002ac000 rw-p 00008000 00:10 3614       /usr/lib/libXcursor.so.1.0.2
002af000-002ca000 r-xp 00000000 00:10 22         /lib/ld-2.11.1.so
002ca000-002cb000 r--p 0001a000 00:10 22         /lib/ld-2.11.1.so
002cb000-002cc000 rw-p 0001b000 00:10 22         /lib/ld-2.11.1.so
002cc000-0033d000 r-xp 00000000 00:10 2743       /usr/lib/libfreetype.so.6.3.22
0033d000-00341000 r--p 00070000 00:10 2743       /usr/lib/libfreetype.so.6.3.22
00341000-00342000 rw-p 00074000 00:10 2743       /usr/lib/libfreetype.so.6.3.22
00342000-0037f000 r-xp 00000000 00:10 806        /usr/lib/libgobject-2.0.so.0.2400.0
0037f000-00380000 r--p 0003c000 00:10 806        /usr/lib/libgobject-2.0.so.0.2400.0
00380000-00381000 rw-p 0003d000 00:10 806        /usr/lib/libgobject-2.0.so.0.2400.0
00381000-00383000 r-xp 00000000 00:10 2718       /usr/lib/libXau.so.6.0.0
00383000-00384000 r--p 00001000 00:10 2718       /usr/lib/libXau.so.6.0.0
00384000-00385000 rw-p 00002000 00:10 2718       /usr/lib/libXau.so.6.0.0
00385000-00391000 r-xp 00000000 00:10 2795       /usr/lib/libXi.so.6.1.0
00391000-00392000 r--p 0000c000 00:10 2795       /usr/lib/libXi.so.6.1.0
00392000-00393000 rw-p 0000d000 00:10 2795       /usr/lib/libXi.so.6.1.0
00393000-0039b000 r-xp 00000000 00:10 17096      /usr/lib/libfusion-1.2.so.0.8.0
0039b000-0039c000 r--p 00007000 00:10 17096      /usr/lib/libfusion-1.2.so.0.8.0
0039c000-0039d000 rw-p 00008000 00:10 17096      /usr/lib/libfusion-1.2.so.0.8.0
003a0000-003a4000 r-xp 00000000 00:10 2783       /usr/lib/libXtst.so.6.1.0Aborted (core dumped)
ubuntu at ubuntu:~$
------------------------------------------------------------------------------------------------------------------------------

More information about the Ubuntu-sponsors mailing list