Bug 128387 - [PATCH] LTC5505-FreeWnn causes Segmentation Fault when kinput2 connects on rhel 3 for AMD64
[PATCH] LTC5505-FreeWnn causes Segmentation Fault when kinput2 connects on rh...
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: FreeWnn (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jens Petersen
Lawrence Lim
Depends On:
  Show dependency treegraph
Reported: 2004-07-22 10:21 EDT by Bernd Schmidt
Modified: 2014-03-25 20:50 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-02 01:10:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
A patch to fix this problem (5.88 KB, patch)
2004-07-22 10:22 EDT, Bernd Schmidt
no flags Details | Diff

  None (edit)
Description Bernd Schmidt 2004-07-22 10:21:49 EDT
From Issue Tracker (35772):
Hardware Environment:
PC (Opteron 240 x2, Memory 1GB)

Software Environment:
Operating System:  RHEL AS release 3 for AMD64

Problem Description:
FreeWnn (InputMethod Engine: Japanese Kana-Kanji converter) causes
Fault, when kinput connects with it on RHEL3 for AMD64.

Steps to Reproduce:
1. Install RHEL3 for AMD64 with Japanese environment.

2. Login GNOME on Japanese environment.

3. Stop the current kinput2, because default kinput2 is working with
(Another Japanese InputMethod engine).

$ ps x|grep kinput2
26895 ?        S      0:00 kinput2 -canna
27047 pts/2    S      0:00 grep kinput2
$ kill 26895

4. Launch kinput2 for Wnn
$ kinput2 -wnn &
Warning: ccWnn Object: can't connect to jserver
Warning: ccWnn Object: can't connect to jserver

It fails to connect with FreeWnn.
=> At the time, FreeWnn server (/usr/bin/jserver) caused segmentation

The following is a stack trace by gdb. I attached it to jserver.

Program received signal SIGSEGV, Segmentation fault.
0x0000002a95932470 in strlen () from /lib64/tls/libc.so.6
(gdb) where
#0  0x0000002a95932470 in strlen () from /lib64/tls/libc.so.6
#1  0x0000002a9590113e in vfprintf () from /lib64/tls/libc.so.6
#2  0x0000002a9591ec85 in vsprintf () from /lib64/tls/libc.so.6
#3  0x0000002a95907dfa in sprintf () from /lib64/tls/libc.so.6
#4  0x0000000000407c54 in ?? ()
#5  0x0000000000414e29 in terminate_hand ()
#6  0x0000000000414c56 in terminate_hand ()
#7  0x000000000040418a in ?? ()
#8  0x0000000000403053 in ?? ()
#9  0x0000000000402ed1 in ?? ()
#10 0x0000002a958d3181 in __libc_start_main () from /lib64/tls/libc.so.6
#11 0x0000000000402bea in ?? ()
The cause of this bug is that the argument of select() is wrong data type.

At sel_all() in ./Xsi/Wnn/jserver/de.c, select() is called.
Although the data type of the second, third and fourth arguments should be
a pointer of fd_set, pointers of int is used at that function.

Comment 1 Bernd Schmidt 2004-07-22 10:22:51 EDT
Created attachment 102145 [details]
A patch to fix this problem

A patch by nhorman to fix this problem.  Tested by the customer.
Comment 5 Jens Petersen 2004-08-05 22:12:13 EDT
Neil, thanks for the patch. :)

Ok, it looks like the changes to de.c are a backport
from pl20.

error1 (error.c)  doesn't seem to be used anywhere -
is the change to fix a compiler warning?

And the fix in the sbn_kai call in renbn_kai.c is use
a proper pointer type.

Anyway as a first step I'm applying the tweaks to the later
to FreeWnn in fc3.
Comment 6 Neil Horman 2004-08-06 06:36:38 EDT
No worries :),

You're correct on de.c

error1 I think is actually called for x86_64 through a macro
somewhere.  I don't quite recall what the sbn_kai change was for, but
I remember both changes were valid for god reasons.  I'll dig out the
trees that I used to generate the patch and review the issue tracker
ticket to see if I can remember why we did the later two things for you.
Comment 9 Jens Petersen 2004-08-09 11:14:03 EDT
Thanks for the clarification: (sorry I should have written error1
(error_exit1) is not used in pl20 but anyway.)

Adding a similar fix to out() (error.c) too.
Comment 13 John Flanagan 2004-09-02 01:10:21 EDT
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.