Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 3 product line. The current stable release is 3.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 104539

Summary: LTC4431-Cannaserver produces segmentation fault by some operations on AMD64
Product: Red Hat Enterprise Linux 3 Reporter: IBM Bug Proxy <bugproxy>
Component: CannaAssignee: Akira TAGOH <tagoh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0   
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 3.6-20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-09-17 02:29:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 101028    

Description IBM Bug Proxy 2003-09-16 21:57:50 UTC 
Hello Glen,

RedHat is also planning to release RHLE3.0 for AMD64.
Therefore, we should submit this bug to RedHat.

Could you please open a new bug report on RedHat bugzilla?
The contents are the following:

---8<------8<------8<---

Summary: Cannaserver produces segmentation fault by some operations on AMD64
Product: Red Hat Enterprise Linux Beta
Version: taroon-beta2
Component: Canna
Platform: x86_64
Priority: high
Severity: high

Problem Description:
cannaserver (Japanese Kana Kanji converter) produces 
segmentation fault by converted area change operations.

Steps to Reproduce:
1. Activate kinput2 by pressing Shift+space key.
2. Input some characters. For example, "kyouha".
3. Press space key to start convert.
4. Press Ctrl+i to change converted area.
5. Press return to commit the converted characters.
=> Cannaserver stops by segmentation fault.

Step4 seems a key operation. If we didn't do step6, the problem didn't occur.

Actual Results:
Cannaserver produces segmentation fault.

Expected Results:
No segmentation fault.

Note: 
To tell the truth, I've not checked this issue on RHEL 3.0 beta.
However, according to the source code of Rawhide,
I think this defect must be produced.


------- Additional Comment #31 From Mitsuru Chinen 2003-09-16 05:59 -------

Hello Glen,

Could you also submit the following sentence as the first comment to
RedHat bugzilla?

Thank you,


------- Additional Comment #1 From Glen Johnson 2003-09-16 17:51 -------

---8<------8<------8<---

The reason why this defect occured was that some pointers
pointed the address in the stack.

In readNV() function of lib/RK/fq.c, there is a pointer variable
`vn' which points 'struct NV' data area allocated by malloc.
The data pointed by `vn' will be refered by the other functions.
And there is an automatic variable `nv' whose type is `struct NV'.
This variable stores data which will be stored into the area
pointed by vc temporarily.

In readNV(), `nv' is mainly used to store the datas.
Finally, the data of nv is subsituted for the area pointed by
`vn'. According to this logic, Some pointer member of `vn' will
point the address of `nv' member.
For example,

  nv.head.left = nv.head.right = &nv.head;

`nv' is an automatic variable. Therefore `nv.head.left' points
the address in the stack area. After the data of `nv' is
substitute for the area pointed by `vn', it would still points
the address in the stack area.


We already sent a bug report to Canna ML and the maintainer kindly
created a patch for this issue.

You can get the patch from:
http://lists.sourceforge.jp/pipermail/canna-dev/2003-September/000241.html

Thank you,
Comment 1 Akira TAGOH 2003-09-17 02:29:46 UTC 
Applied a patch. it should be fixed in Canna-3.6-20. Thanks.
Comment 2 IBM Bug Proxy 2003-09-17 03:27:38 UTC 
------ Additional Comments From chinen.com  2003-16-09 23:23 -------
As RedHat has picked up our proposal, I close this bug.
I would like to express to RedHat my gratitude for picking up it.

Glen,
Thank you so much for submitting the bug report to RedHat!