Bug 104539 - LTC4431-Cannaserver produces segmentation fault by some operations on AMD64
Summary: LTC4431-Cannaserver produces segmentation fault by some operations on AMD64
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: Canna
Version: 3.0
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Akira TAGOH
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 101028
TreeView+ depends on / blocked
 
Reported: 2003-09-16 21:57 UTC by IBM Bug Proxy
Modified: 2007-11-30 22:06 UTC (History)
0 users

Fixed In Version: 3.6-20
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-09-17 02:29:46 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description IBM Bug Proxy 2003-09-16 21:57:50 UTC 
Hello Glen,

RedHat is also planning to release RHLE3.0 for AMD64.
Therefore, we should submit this bug to RedHat.

Could you please open a new bug report on RedHat bugzilla?
The contents are the following:

---8<------8<------8<---

Summary: Cannaserver produces segmentation fault by some operations on AMD64
Product: Red Hat Enterprise Linux Beta
Version: taroon-beta2
Component: Canna
Platform: x86_64
Priority: high
Severity: high

Problem Description:
cannaserver (Japanese Kana Kanji converter) produces 
segmentation fault by converted area change operations.

Steps to Reproduce:
1. Activate kinput2 by pressing Shift+space key.
2. Input some characters. For example, "kyouha".
3. Press space key to start convert.
4. Press Ctrl+i to change converted area.
5. Press return to commit the converted characters.
=> Cannaserver stops by segmentation fault.

Step4 seems a key operation. If we didn't do step6, the problem didn't occur.

Actual Results:
Cannaserver produces segmentation fault.

Expected Results:
No segmentation fault.

Note: 
To tell the truth, I've not checked this issue on RHEL 3.0 beta.
However, according to the source code of Rawhide,
I think this defect must be produced.


------- Additional Comment #31 From Mitsuru Chinen 2003-09-16 05:59 -------

Hello Glen,

Could you also submit the following sentence as the first comment to
RedHat bugzilla?

Thank you,


------- Additional Comment #1 From Glen Johnson 2003-09-16 17:51 -------

---8<------8<------8<---

The reason why this defect occured was that some pointers
pointed the address in the stack.

In readNV() function of lib/RK/fq.c, there is a pointer variable
`vn' which points 'struct NV' data area allocated by malloc.
The data pointed by `vn' will be refered by the other functions.
And there is an automatic variable `nv' whose type is `struct NV'.
This variable stores data which will be stored into the area
pointed by vc temporarily.

In readNV(), `nv' is mainly used to store the datas.
Finally, the data of nv is subsituted for the area pointed by
`vn'. According to this logic, Some pointer member of `vn' will
point the address of `nv' member.
For example,

  nv.head.left = nv.head.right = &nv.head;

`nv' is an automatic variable. Therefore `nv.head.left' points
the address in the stack area. After the data of `nv' is
substitute for the area pointed by `vn', it would still points
the address in the stack area.


We already sent a bug report to Canna ML and the maintainer kindly
created a patch for this issue.

You can get the patch from:
http://lists.sourceforge.jp/pipermail/canna-dev/2003-September/000241.html

Thank you,
Comment 1 Akira TAGOH 2003-09-17 02:29:46 UTC 
Applied a patch. it should be fixed in Canna-3.6-20. Thanks.
Comment 2 IBM Bug Proxy 2003-09-17 03:27:38 UTC 
------ Additional Comments From chinen.com  2003-16-09 23:23 -------
As RedHat has picked up our proposal, I close this bug.
I would like to express to RedHat my gratitude for picking up it.

Glen,
Thank you so much for submitting the bug report to RedHat!
Note You need to log in before you can comment on or make changes to this bug.