Bug 492296
| Summary: | amsn (and maybe other tcl/tk apps) does not start when imsettings-applet is running | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Fernando Herrera <fherrera> | ||||
| Component: | amsn | Assignee: | Sander Hoentjen <sander> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 10 | CC: | sander | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2009-03-26 19:09:43 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Fernando Herrera
2009-03-26 11:20:28 UTC
I cannot reproduce the crash on current rawhide, so testing is a bit hard for me. Can you reproduce the crash with just running `wish` instead of `wish /usr/bin/amsn`? It is not a crash, just imsettings-applet getting a double free and wish hanging (not crashing, the backtrace was generated after interrupting wish process). Here is the trace of imsettings-applet with abort on doublefree: [fer@gintonic UPnP-Inspector.svn]$ export MALLOC_CHECK_=2 [fer@gintonic UPnP-Inspector.svn]$ gdb imsettings-applet GNU gdb Fedora (6.8-29.fc10) Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"... (gdb) r Starting program: /usr/bin/imsettings-applet [Thread debugging using libthread_db enabled] [New Thread 0xb7fdc720 (LWP 22240)] Acceleration key: disabled XSETTINGS manager support is enabled, but another XSETTINGS manager instance is already running. (imsettings-applet:22240): libimsettings-xim-WARNING **: Child sequence won't be matched.: <Multi_key> <apostrophe> <comma> <C> (imsettings-applet:22240): libimsettings-xim-WARNING **: Child sequence won't be matched.: <Multi_key> <apostrophe> <cedilla> <C> : "Ḉ" U1E08 # LATIN CAPITAL LETTER C WITH CEDILLA AND ACUTE (imsettings-applet:22240): libimsettings-xim-WARNING **: \x90a\xb8: <dead_acute> <ccedilla> : "ḉ" U1E09 # LATIN SMALL LETTER C WITH CEDILLA AND ACUTE Program received signal SIGABRT, Aborted. 0x00396416 in __kernel_vsyscall () (gdb) bt #0 0x00396416 in __kernel_vsyscall () #1 0x00a40460 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #2 0x00a41e28 in abort () at abort.c:88 #3 0x00a843d3 in malloc_printerr (action=2, str=0xb55d28 "free(): invalid pointer", ptr=0x810d7a0) at malloc.c:5999 #4 0x00a862f5 in __libc_free (mem=0x810d7a0) at malloc.c:3589 #5 0x0018a8c6 in IA__g_free (mem=0x810d7a0) at gmem.c:190 #6 0x001720b9 in IA__g_error_free (error=0x80e1660) at gerror.c:125 #7 0x00934828 in compose_parse (compose=0x80de4c0) at compose.c:571 #8 0x00936d96 in xim_loopback_real_xim_open (proto=0x8073890, locale=0x80e2740, data=0x80d3820) at loopback.c:346 #9 0x009e43b6 in gxim_marshal_BOOLEAN__BOXED (closure=0x80de418, return_value=0xbfffe988, n_param_values=2, param_values=0x80e2648, invocation_hint=0x0, marshal_data=0x936bc0) at gximmarshal.c:161 #10 0x005781fb in IA__g_closure_invoke (closure=0x80de418, return_value=0xbfffe988, n_param_values=2, param_values=0x80e2648, invocation_hint=0x0) at gclosure.c:767 #11 0x009cba12 in g_xim_protocol_closure_emit_signal (closure=0x80df740, proto=0x8073890) at gximprotocol.c:3537 #12 0x009dbe8e in g_xim_protocol10_closure_XIM_OPEN (closure=0x80df740, proto=0x8073890, stream=0x80bb850, error=0xbfffebe8, user_data=0x0) at gximprotocol10.c:262 #13 0x009cbcea in g_xim_protocol_closure_marshal_BOOLEAN__OBJECT_OBJECT_POINTER (closure=0x80df740, return_value=0xbfffeb38, n_param_values=3, param_values=0x80e24c0, invocation_hint=0x0, marshal_data=0x0) at gximprotocol.c:244 #14 0x005781fb in IA__g_closure_invoke (closure=0x80df740, return_value=0xbfffeb38, n_param_values=3, param_values=0x80e24c0, invocation_hint=0x0) at gclosure.c:767 #15 0x009d4079 in g_xim_protocol_translate (proto=0x8073890, data=0x80e24a0, length=20, error=0xbfffebe8) at gximprotocol.c:669 #16 0x009d4596 in g_xim_protocol_process_event (proto=0x8073890, event=0x80720f0, error=0xbfffebe8) at gximprotocol.c:513 #17 0x009e061e in g_xim_srv_tmpl_real_client_event (core=0x80d3820, event=0x80720f0) at gximsrvtmpl.c:684 #18 0x009e43b6 in gxim_marshal_BOOLEAN__BOXED (closure=0x80c39f0, return_value=0xbfffedc0, n_param_values=2, param_values=0x80d6d18, invocation_hint=0xbfffedac, marshal_data=0x9e05a0) at gximmarshal.c:161 #19 0x00576959 in g_type_class_meta_marshal (closure=0x80c39f0, return_value=0xbfffedc0, n_param_values=2, param_values=0x80d6d18, invocation_hint=0xbfffedac, marshal_data=0x60) at gclosure.c:878 #20 0x005781fb in IA__g_closure_invoke (closure=0x80c39f0, return_value=0xbfffedc0, n_param_values=2, param_values=0x80d6d18, invocation_hint=0xbfffedac) at gclosure.c:767 #21 0x0058e2fd in signal_emit_unlocked_R (node=0x80c3aa8, detail=0, instance=0x80d3820, emission_return=0xbfffeef8, instance_and_params=0x80d6d18) at gsignal.c:3282 #22 0x0058fbeb in IA__g_signal_emit_valist (instance=0x80d3820, signal_id=165, detail=0, var_args=0xbfffef50 "h���\2301\a\bx���\"�W") at gsignal.c:2987 #23 0x005901e6 in IA__g_signal_emit (instance=0x80d3820, signal_id=165, detail=0) at gsignal.c:3034 #24 0x009c0055 in g_xim_core_dispatch_events (gdk_xevent=0xbffff1e8, event=0x8072190, data=0x80d3820) at gximcore.c:188 #25 0x008dd469 in gdk_event_apply_filters () at gdkevents-x11.c:349 ---Type <return> to continue, or q <return> to quit--- #26 gdk_event_translate (display=0x806d0b8, event=0x8072190, xevent=0xbffff1e8, return_exposes=0) at gdkevents-x11.c:988 #27 0x008deeb3 in _gdk_events_queue (display=0x806d0b8) at gdkevents-x11.c:2299 #28 0x008df2df in gdk_event_dispatch (source=0x8074118, callback=0, user_data=0x0) at gdkevents-x11.c:2359 #29 0x00182238 in g_main_dispatch () at gmain.c:2144 #30 IA__g_main_context_dispatch (context=0x8074f48) at gmain.c:2697 #31 0x001858e3 in g_main_context_iterate (context=0x8074f48, block=1, dispatch=1, self=0x8080c48) at gmain.c:2778 #32 0x00185e02 in IA__g_main_loop_run (loop=0x80d35e0) at gmain.c:2986 #33 0x06c97959 in IA__gtk_main () at gtkmain.c:1200 #34 0x0804ecbe in main (argc=Cannot access memory at address 0x2e3 maybe this? (not tested):
--- compose.c.orig 2009-03-26 19:49:06.000000000 +0100
+++ compose.c 2009-03-26 19:49:41.000000000 +0100
@@ -590,6 +590,7 @@
if (error) {
g_warning("%s: %s", error->message, seq);
sequence_free(s);
+ g_error_free(error);
goto fail;
}
node = s;
@@ -625,6 +626,7 @@
g_ptr_array_free(seqarray, TRUE);
}
g_free(tmp);
+ error = NULL;
}
return TRUE;
yeah, just rebuild the RPM with the above patch and now wish and amsn work fine (however I still get a lot of output from imsettings-applet, so there is still something that is not correctly parsed (but at least now it doesn't trash the application). Attaching the patch. Created attachment 336870 [details]
Patch fixing the double free of error variable
ok, looking at trunk, it seems it has been fixed there (clearing the error instead of freeing+setting to NULL): http://code.google.com/p/imsettings/source/diff?spec=svn257&r=257&format=side&path=/trunk/backends/xim/compose.c I also find this bug is a dup of #485595 and a new update for this package has been pushed :) *** This bug has been marked as a duplicate of bug 485595 *** |