Bug 118733
Summary: | [PATCH] xscreensaver coredumps with an older .xscreensaver file | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Pancrazio `ezio' de Mauro <pdemauro> | ||||||
Component: | xscreensaver | Assignee: | Ray Strode [halfline] <rstrode> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 3.0 | CC: | tao | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2004-09-02 02:26:12 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 113479 | ||||||||
Attachments: |
|
Description
Pancrazio `ezio' de Mauro
2004-03-19 17:04:15 UTC
Created attachment 98688 [details]
When copied to $HOME, this causes xscreensaver to dump core
This looks like #85205, which randomly resolved itself. :/ Better backtrace: #0 0xb6e6334e in malloc_consolidate () from /lib/tls/libc.so.6 #1 0xb6e62949 in _int_malloc () from /lib/tls/libc.so.6 #2 0xb6e61ced in malloc () from /lib/tls/libc.so.6 #3 0x0804f185 in write_init_file (p=0xbfffcf38, version_string=0x7c <Address 0x7c out of bounds>, verbose_p=0) at prefs.c:704 #4 0x0805543b in demo_write_init_file (s=0xbfffcee0, p=0x7c) at demo-Gtk.c:894 #5 0x08056a26 in flush_dialog_changes_and_save (s=0xbfffcee0) at demo-Gtk.c:1449 #6 0x08057737 in list_select_changed_cb (selection=0x7c, data=0xbfffcee0) at demo-Gtk.c:1664 #7 0xb712ac87 in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0 #8 0xb7117ef7 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #9 0xb712a89e in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0 #10 0xb71298e8 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #11 0xb7129b24 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #12 0xb7502b0a in _gtk_tree_selection_internal_select_node () from /usr/lib/libgtk-x11-2.0.so.0 #13 0xb75018c0 in gtk_tree_selection_select_path () from /usr/lib/libgtk-x11-2.0.so.0 #14 0xb7501b30 in gtk_tree_selection_select_iter () from /usr/lib/libgtk-x11-2.0.so.0 #15 0x08055829 in force_list_select_item (s=0x7c, list=0x8118b98, list_elt=124, scroll_p=1) at demo-Gtk.c:994 #16 0x080580c0 in scroll_to_current_hack (s=0xbfffcee0) at demo-Gtk.c:2042 #17 0x0805bf39 in main (argc=1, argv=0xbfffd0a4) at demo-Gtk.c:4386 This is the only interesting thing so far with my friend Valgrind: ==14815== Invalid write of size 4 ==14815== at 0x8058BCB: initialize_sort_map (demo-Gtk.c:2969) ==14815== by 0x805A789: main (demo-Gtk.c:4285) ==14815== by 0xB6BC7BC6: __libc_start_main (in /lib/libc-2.3.2.so) ==14815== by 0x804E0B8: (within /usr/src/redhat/BUILD/xscreensaver-4.10/driver/xscreensaver-demo) ==14815== Address 0xB481C00C is 4 bytes before a block of size 800 alloc'd ==14815== at 0xB74D3B2A: calloc (vg_replace_malloc.c:284) ==14815== by 0x8058A80: initialize_sort_map (demo-Gtk.c:2908) ==14815== by 0x805A789: main (demo-Gtk.c:4285) ==14815== by 0xB6BC7BC6: __libc_start_main (in /lib/libc-2.3.2.so) Created attachment 101038 [details]
xscreensaver-dont-trash-hack-list-when-hack-not-existant.patch
The problem was caused by some memory trashing when building the initial list
of hacks, and the reverse list. Hacks that wouldn't be available would get the
ID of "-1" and try to access the array at -1, corrupting the memory (in this
case the configuration struct).
Adding to the errata candidate list. Marking MODIFIED while QA tests the fix. An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2004-257.html |