Red Hat Bugzilla – Bug 33152
Uninitialized memory reference in lib/Xaw/TextAction.c
Last modified: 2007-04-18 12:32:22 EDT
In Xfree86-4.0.2-9, I found that the function MoveLine in
lib/Xaw/TextAction.c sometimes attempts to read uninitialized memory when I
hit ctrl-N in a Text widget to move to the next line.
This occurs because the call to XawTextSourceRead returns a text block whos
"length" field is set to "-1". I couldn't figure out whether this
indicates a bug in the ReadText function in lib/Xaw/AsciiSrc.c. It was
occurring there because of the line near the end "count = piece->used -
(pos - start)"; in this case, piece->used was 703, pos was 704, and start
was 0, thus causing "count" and thus subsequently text->length to be set to
Like I said, I don't know whether this is a bug in AsciiSrc.c, so I instead
fixed it in TextAction.c -- I changed the line after "XawTextSourceRead" so
that instead of reading "if (block.length)" it reads "if (block.length >
Does this problem still exist if you try XFree86 4.0.3-3 from:
Yes, this is still a problem in 4.0.3-3. You can duplicate it by running under
Purify or Checker or something (so that you'll catch the uninitialized memory
reference), bringing up a Text widget, typing a single line of Text in the
widget with a newline at the end of it (i.e., such that the newline is the last
character in the widget), going to the end of that line and typing ctrl-n.
I'll attach a patch for 4.0.3-3.
Created attachment 13684 [details]
Patch to fix this in 4.0.3-3.
Applied in 4.0.3-4 in rawhide. Thanks for supplying all the patches
you've been sending in. Very much appreciated.
Sorry to cause you trouble :-), but I've concluded that the patch I submitted is
not the correct way to fix this problem. The bug isn't in MoveLine, it's in
ReadText. I'm attaching a new patch, which does the following:
1) Fix the ReadText functions in AsciiSrc.c and MultiSrc.c so that they return
correct information when they were unable to read any data (i.e., they were
asked to read data from the end of the source).
2) Fix the comments above the ReadText functions so that they correctly document
their return values.
3) Fix the documentation in xc/doc/specs/Xaw so that it correctly documents what
text source read functions are supposed to return.
The patch I sent you doesn't do any harm, but it's also unnecessary once this
new, corrected patch is applied, so you might as well back it out.
Created attachment 13804 [details]
New patch for this problem
Old patch replaced with new patch. I'm going to clean up my tree
and build the 4.0.3-4 release now. Thanks.