Bug 455286

Summary: x86_64 specific: Seg fault on close of dialog box
Product: [Fedora] Fedora Reporter: david schuller <schuller>
Component: lesstifAssignee: Patrice Dumas <pertusus>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 9CC: hdegoede
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-08-01 11:57:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Source code for test app none

Description david schuller 2008-07-14 17:29:21 UTC 
Description of problem: Test app crashes with Segmentation fault when Dialog box
should close


Version-Release number of selected component (if applicable):
0.95.0-25.fc9.x86_64

How reproducible:
Completely, every single time

Steps to Reproduce:
1. Download test app, compile, run
2. Choose "STOP" button, select "After Current Image" from drop-down menu
3. When Dialog box appears, choose "YES" or "NO" pushbutton.
  
Actual results:
with lesstif on x86_64, entire app crashes with "Segmentation fault"


Expected results:
Dialog box closes, leaving main menu intact (this behaviour seen with i386
version of lesstif, and with openmotif-2.3.0)


Additional info: Dialog contains BulletinBoard, which contains a label and two
pushbuttons.
Comment 1 david schuller 2008-07-14 17:29:22 UTC 
Created attachment 311738 [details]
Source code for test app
Comment 2 Hans de Goede 2008-08-01 11:57:02 UTC 
(In reply to comment #1)
> Created an attachment (id=311738) [edit]
> Source code for test app
> 

Make that: "Buggy source code for test app".

/me is grumpy after debugging a problem that turns out to be in someone else's
code for 2 hours GRMMNBL

Anyways your code in the stop_activateCallback() callback handler trashes the
stack, making lesstif unhappy. The only reason motif is not unhappy is luck.

Your code says:


void
stop_activateCallback(w, client, call)  
Widget w;
XtPointer client;
XtPointer call;
{
        int user_data;

        XtVaGetValues(w, XmNuserData, &user_data, NULL);

        switch(user_data)

Notice how you get XmNuserData and store that in an int, but XmNuserData
actually has a type of XtPointer, so XtVaGetValues stores 64 bits, but you've
only reserved 32 bits on the stack -> boom stack smashed

The correct code would be:


void
stop_activateCallback(w, client, call)  
Widget w;
XtPointer client;
XtPointer call;
{
        XtPointer user_data;

        XtVaGetValues(w, XmNuserData, &user_data, NULL);

        switch((long)user_data)