From Issue Tracker (35772): Hardware Environment: PC (Opteron 240 x2, Memory 1GB) Software Environment: Operating System: RHEL AS release 3 for AMD64 Problem Description: FreeWnn (InputMethod Engine: Japanese Kana-Kanji converter) causes Segmentation Fault, when kinput connects with it on RHEL3 for AMD64. Steps to Reproduce: 1. Install RHEL3 for AMD64 with Japanese environment. 2. Login GNOME on Japanese environment. 3. Stop the current kinput2, because default kinput2 is working with Canna (Another Japanese InputMethod engine). (example) $ ps x|grep kinput2 26895 ? S 0:00 kinput2 -canna 27047 pts/2 S 0:00 grep kinput2 $ kill 26895 4. Launch kinput2 for Wnn $ kinput2 -wnn & Warning: ccWnn Object: can't connect to jserver Warning: ccWnn Object: can't connect to jserver It fails to connect with FreeWnn. => At the time, FreeWnn server (/usr/bin/jserver) caused segmentation fault. The following is a stack trace by gdb. I attached it to jserver. Program received signal SIGSEGV, Segmentation fault. 0x0000002a95932470 in strlen () from /lib64/tls/libc.so.6 (gdb) where #0 0x0000002a95932470 in strlen () from /lib64/tls/libc.so.6 #1 0x0000002a9590113e in vfprintf () from /lib64/tls/libc.so.6 #2 0x0000002a9591ec85 in vsprintf () from /lib64/tls/libc.so.6 #3 0x0000002a95907dfa in sprintf () from /lib64/tls/libc.so.6 #4 0x0000000000407c54 in ?? () #5 0x0000000000414e29 in terminate_hand () #6 0x0000000000414c56 in terminate_hand () #7 0x000000000040418a in ?? () #8 0x0000000000403053 in ?? () #9 0x0000000000402ed1 in ?? () #10 0x0000002a958d3181 in __libc_start_main () from /lib64/tls/libc.so.6 #11 0x0000000000402bea in ?? () (gdb) The cause of this bug is that the argument of select() is wrong data type. At sel_all() in ./Xsi/Wnn/jserver/de.c, select() is called. Although the data type of the second, third and fourth arguments should be a pointer of fd_set, pointers of int is used at that function. -
Created attachment 102145 [details] A patch to fix this problem A patch by nhorman to fix this problem. Tested by the customer.
Neil, thanks for the patch. :) Ok, it looks like the changes to de.c are a backport from pl20. error1 (error.c) doesn't seem to be used anywhere - is the change to fix a compiler warning? And the fix in the sbn_kai call in renbn_kai.c is use a proper pointer type. Anyway as a first step I'm applying the tweaks to the later to FreeWnn in fc3.
No worries :), You're correct on de.c error1 I think is actually called for x86_64 through a macro somewhere. I don't quite recall what the sbn_kai change was for, but I remember both changes were valid for god reasons. I'll dig out the trees that I used to generate the patch and review the issue tracker ticket to see if I can remember why we did the later two things for you.
Thanks for the clarification: (sorry I should have written error1 (error_exit1) is not used in pl20 but anyway.) Adding a similar fix to out() (error.c) too.
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2004-428.html