Bug 128387 - [PATCH] LTC5505-FreeWnn causes Segmentation Fault when kinput2 connects on rhel 3 for AMD64
[PATCH] LTC5505-FreeWnn causes Segmentation Fault when kinput2 connects on rh...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: FreeWnn (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jens Petersen
Lawrence Lim
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-22 10:21 EDT by Bernd Schmidt
Modified: 2014-03-25 20:50 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-02 01:10:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
A patch to fix this problem (5.88 KB, patch)
2004-07-22 10:22 EDT, Bernd Schmidt
no flags Details | Diff

  None (edit)
Description Bernd Schmidt 2004-07-22 10:21:49 EDT
From Issue Tracker (35772):
Hardware Environment:
PC (Opteron 240 x2, Memory 1GB)

Software Environment:
Operating System:  RHEL AS release 3 for AMD64

Problem Description:
FreeWnn (InputMethod Engine: Japanese Kana-Kanji converter) causes
Segmentation 
Fault, when kinput connects with it on RHEL3 for AMD64.

Steps to Reproduce:
1. Install RHEL3 for AMD64 with Japanese environment.

2. Login GNOME on Japanese environment.

3. Stop the current kinput2, because default kinput2 is working with
Canna 
(Another Japanese InputMethod engine).

(example)
$ ps x|grep kinput2
26895 ?        S      0:00 kinput2 -canna
27047 pts/2    S      0:00 grep kinput2
$ kill 26895

4. Launch kinput2 for Wnn
$ kinput2 -wnn &
Warning: ccWnn Object: can't connect to jserver
Warning: ccWnn Object: can't connect to jserver

It fails to connect with FreeWnn.
=> At the time, FreeWnn server (/usr/bin/jserver) caused segmentation
fault.

The following is a stack trace by gdb. I attached it to jserver.

Program received signal SIGSEGV, Segmentation fault.
0x0000002a95932470 in strlen () from /lib64/tls/libc.so.6
(gdb) where
#0  0x0000002a95932470 in strlen () from /lib64/tls/libc.so.6
#1  0x0000002a9590113e in vfprintf () from /lib64/tls/libc.so.6
#2  0x0000002a9591ec85 in vsprintf () from /lib64/tls/libc.so.6
#3  0x0000002a95907dfa in sprintf () from /lib64/tls/libc.so.6
#4  0x0000000000407c54 in ?? ()
#5  0x0000000000414e29 in terminate_hand ()
#6  0x0000000000414c56 in terminate_hand ()
#7  0x000000000040418a in ?? ()
#8  0x0000000000403053 in ?? ()
#9  0x0000000000402ed1 in ?? ()
#10 0x0000002a958d3181 in __libc_start_main () from /lib64/tls/libc.so.6
#11 0x0000000000402bea in ?? ()
(gdb)
The cause of this bug is that the argument of select() is wrong data type.

At sel_all() in ./Xsi/Wnn/jserver/de.c, select() is called.
Although the data type of the second, third and fourth arguments should be
a pointer of fd_set, pointers of int is used at that function.





-
Comment 1 Bernd Schmidt 2004-07-22 10:22:51 EDT
Created attachment 102145 [details]
A patch to fix this problem

A patch by nhorman to fix this problem.  Tested by the customer.
Comment 5 Jens Petersen 2004-08-05 22:12:13 EDT
Neil, thanks for the patch. :)

Ok, it looks like the changes to de.c are a backport
from pl20.

error1 (error.c)  doesn't seem to be used anywhere -
is the change to fix a compiler warning?

And the fix in the sbn_kai call in renbn_kai.c is use
a proper pointer type.

Anyway as a first step I'm applying the tweaks to the later
to FreeWnn in fc3.
Comment 6 Neil Horman 2004-08-06 06:36:38 EDT
No worries :),

You're correct on de.c

error1 I think is actually called for x86_64 through a macro
somewhere.  I don't quite recall what the sbn_kai change was for, but
I remember both changes were valid for god reasons.  I'll dig out the
trees that I used to generate the patch and review the issue tracker
ticket to see if I can remember why we did the later two things for you.
Comment 9 Jens Petersen 2004-08-09 11:14:03 EDT
Thanks for the clarification: (sorry I should have written error1
(error_exit1) is not used in pl20 but anyway.)

Adding a similar fix to out() (error.c) too.
Comment 13 John Flanagan 2004-09-02 01:10:21 EDT
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-428.html

Note You need to log in before you can comment on or make changes to this bug.