Bug 176402

Summary: xscreensaver-demo crashes because of free problem
Product: [Fedora] Fedora Reporter: Mamoru TASAKA <mtasaka>
Component: xscreensaverAssignee: Ray Strode [halfline] <rstrode>
Status: CLOSED RAWHIDE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: rawhideCC: jwz
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: 4.23-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-01-23 13:07:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
gdb log of xscreensaver-demo
none
patch to point to the correct address to be freed none

Description Mamoru TASAKA 2005-12-22 07:00:37 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; ja-JP; rv:1.8) Gecko/20051216 Fedora/1.5-3 Firefox/1.5

Description of problem:
xscreensaver-demo crashes when clicking Documentation button.

When I happened to see one documentation of xscreensaver, it suddenly
crashed. I didn't saw this phenomenon before, so firstly I was not
sure this is due to xscreensaver. However I found one (possible) bug,
so I submitted this report.

Version-Release number of selected component (if applicable):
xscreensaver-4.22-21.2

How reproducible:
Always

Steps to Reproduce:
1. run "xscreensaver-demo"
2. select one hack, push "Settings" and then push "Documentation"
3.
  

Actual Results:  xscreensaver-demo crashes

Expected Results:  xscreensaver-demo should not crash.

Additional info:

See the following comments.
Comment 1 Mamoru TASAKA 2005-12-22 07:07:25 UTC 
Created attachment 122515 [details]
gdb log of xscreensaver-demo

gdb log of xscreensaver-demo.

It complaints about invalid pointer.
Comment 2 Mamoru TASAKA 2005-12-22 07:20:33 UTC 
Created attachment 122516 [details]
patch to point to the correct address to be freed

Patch to point to the correct address to be freed; perhaps this
patch will solve this problem.

In the function manual_cb in driver/demo-Gtk.c, if the char* variable
"name" (the hack name) have slash, then the pointer of name is changed
to select only the basename of the original hack name.
Then, at the last of this function manual_cb, it tries to free name;
So, if the hack name is given by the absolute path, free name fails.

This patch is to save the original pointer of the variable and
to free the saved pointer.
Comment 3 Mamoru TASAKA 2006-01-23 13:07:28 UTC 
Verified that fixed in 4.23-1.
Thanks.