Red Hat Bugzilla – Bug 104539
LTC4431-Cannaserver produces segmentation fault by some operations on AMD64
Last modified: 2007-11-30 17:06:58 EST
Hello Glen, RedHat is also planning to release RHLE3.0 for AMD64. Therefore, we should submit this bug to RedHat. Could you please open a new bug report on RedHat bugzilla? The contents are the following: ---8<------8<------8<--- Summary: Cannaserver produces segmentation fault by some operations on AMD64 Product: Red Hat Enterprise Linux Beta Version: taroon-beta2 Component: Canna Platform: x86_64 Priority: high Severity: high Problem Description: cannaserver (Japanese Kana Kanji converter) produces segmentation fault by converted area change operations. Steps to Reproduce: 1. Activate kinput2 by pressing Shift+space key. 2. Input some characters. For example, "kyouha". 3. Press space key to start convert. 4. Press Ctrl+i to change converted area. 5. Press return to commit the converted characters. => Cannaserver stops by segmentation fault. Step4 seems a key operation. If we didn't do step6, the problem didn't occur. Actual Results: Cannaserver produces segmentation fault. Expected Results: No segmentation fault. Note: To tell the truth, I've not checked this issue on RHEL 3.0 beta. However, according to the source code of Rawhide, I think this defect must be produced. ------- Additional Comment #31 From Mitsuru Chinen 2003-09-16 05:59 ------- Hello Glen, Could you also submit the following sentence as the first comment to RedHat bugzilla? Thank you, ------- Additional Comment #1 From Glen Johnson 2003-09-16 17:51 ------- ---8<------8<------8<--- The reason why this defect occured was that some pointers pointed the address in the stack. In readNV() function of lib/RK/fq.c, there is a pointer variable `vn' which points 'struct NV' data area allocated by malloc. The data pointed by `vn' will be refered by the other functions. And there is an automatic variable `nv' whose type is `struct NV'. This variable stores data which will be stored into the area pointed by vc temporarily. In readNV(), `nv' is mainly used to store the datas. Finally, the data of nv is subsituted for the area pointed by `vn'. According to this logic, Some pointer member of `vn' will point the address of `nv' member. For example, nv.head.left = nv.head.right = &nv.head; `nv' is an automatic variable. Therefore `nv.head.left' points the address in the stack area. After the data of `nv' is substitute for the area pointed by `vn', it would still points the address in the stack area. We already sent a bug report to Canna ML and the maintainer kindly created a patch for this issue. You can get the patch from: http://lists.sourceforge.jp/pipermail/canna-dev/2003-September/000241.html Thank you,
Applied a patch. it should be fixed in Canna-3.6-20. Thanks.
------ Additional Comments From chinen@jp.ibm.com 2003-16-09 23:23 ------- As RedHat has picked up our proposal, I close this bug. I would like to express to RedHat my gratitude for picking up it. Glen, Thank you so much for submitting the bug report to RedHat!