Bug 176402 - xscreensaver-demo crashes because of free problem
xscreensaver-demo crashes because of free problem
Product: Fedora
Classification: Fedora
Component: xscreensaver (Show other bugs)
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Ray Strode [halfline]
Depends On:
  Show dependency treegraph
Reported: 2005-12-22 02:00 EST by Mamoru TASAKA
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 4.23-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-01-23 08:07:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
gdb log of xscreensaver-demo (9.98 KB, text/plain)
2005-12-22 02:07 EST, Mamoru TASAKA
no flags Details
patch to point to the correct address to be freed (659 bytes, patch)
2005-12-22 02:20 EST, Mamoru TASAKA
no flags Details | Diff

  None (edit)
Description Mamoru TASAKA 2005-12-22 02:00:37 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; ja-JP; rv:1.8) Gecko/20051216 Fedora/1.5-3 Firefox/1.5

Description of problem:
xscreensaver-demo crashes when clicking Documentation button.

When I happened to see one documentation of xscreensaver, it suddenly
crashed. I didn't saw this phenomenon before, so firstly I was not
sure this is due to xscreensaver. However I found one (possible) bug,
so I submitted this report.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. run "xscreensaver-demo"
2. select one hack, push "Settings" and then push "Documentation"

Actual Results:  xscreensaver-demo crashes

Expected Results:  xscreensaver-demo should not crash.

Additional info:

See the following comments.
Comment 1 Mamoru TASAKA 2005-12-22 02:07:25 EST
Created attachment 122515 [details]
gdb log of xscreensaver-demo

gdb log of xscreensaver-demo.

It complaints about invalid pointer.
Comment 2 Mamoru TASAKA 2005-12-22 02:20:33 EST
Created attachment 122516 [details]
patch to point to the correct address to be freed

Patch to point to the correct address to be freed; perhaps this
patch will solve this problem.

In the function manual_cb in driver/demo-Gtk.c, if the char* variable
"name" (the hack name) have slash, then the pointer of name is changed
to select only the basename of the original hack name.
Then, at the last of this function manual_cb, it tries to free name;
So, if the hack name is given by the absolute path, free name fails.

This patch is to save the original pointer of the variable and
to free the saved pointer.
Comment 3 Mamoru TASAKA 2006-01-23 08:07:28 EST
Verified that fixed in 4.23-1.

Note You need to log in before you can comment on or make changes to this bug.