Red Hat Bugzilla – Bug 104539
LTC4431-Cannaserver produces segmentation fault by some operations on AMD64
Last modified: 2007-11-30 17:06:58 EST
RedHat is also planning to release RHLE3.0 for AMD64.
Therefore, we should submit this bug to RedHat.
Could you please open a new bug report on RedHat bugzilla?
The contents are the following:
Summary: Cannaserver produces segmentation fault by some operations on AMD64
Product: Red Hat Enterprise Linux Beta
cannaserver (Japanese Kana Kanji converter) produces
segmentation fault by converted area change operations.
Steps to Reproduce:
1. Activate kinput2 by pressing Shift+space key.
2. Input some characters. For example, "kyouha".
3. Press space key to start convert.
4. Press Ctrl+i to change converted area.
5. Press return to commit the converted characters.
=> Cannaserver stops by segmentation fault.
Step4 seems a key operation. If we didn't do step6, the problem didn't occur.
Cannaserver produces segmentation fault.
No segmentation fault.
To tell the truth, I've not checked this issue on RHEL 3.0 beta.
However, according to the source code of Rawhide,
I think this defect must be produced.
------- Additional Comment #31 From Mitsuru Chinen 2003-09-16 05:59 -------
Could you also submit the following sentence as the first comment to
------- Additional Comment #1 From Glen Johnson 2003-09-16 17:51 -------
The reason why this defect occured was that some pointers
pointed the address in the stack.
In readNV() function of lib/RK/fq.c, there is a pointer variable
`vn' which points 'struct NV' data area allocated by malloc.
The data pointed by `vn' will be refered by the other functions.
And there is an automatic variable `nv' whose type is `struct NV'.
This variable stores data which will be stored into the area
pointed by vc temporarily.
In readNV(), `nv' is mainly used to store the datas.
Finally, the data of nv is subsituted for the area pointed by
`vn'. According to this logic, Some pointer member of `vn' will
point the address of `nv' member.
nv.head.left = nv.head.right = &nv.head;
`nv' is an automatic variable. Therefore `nv.head.left' points
the address in the stack area. After the data of `nv' is
substitute for the area pointed by `vn', it would still points
the address in the stack area.
We already sent a bug report to Canna ML and the maintainer kindly
created a patch for this issue.
You can get the patch from:
Applied a patch. it should be fixed in Canna-3.6-20. Thanks.
------ Additional Comments From email@example.com 2003-16-09 23:23 -------
As RedHat has picked up our proposal, I close this bug.
I would like to express to RedHat my gratitude for picking up it.
Thank you so much for submitting the bug report to RedHat!