Bug 455286 - x86_64 specific: Seg fault on close of dialog box
x86_64 specific: Seg fault on close of dialog box
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: lesstif (Show other bugs)
9
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Patrice Dumas
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-14 13:29 EDT by david schuller
Modified: 2008-08-01 07:57 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-08-01 07:57:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Source code for test app (240.28 KB, application/octet-stream)
2008-07-14 13:29 EDT, david schuller
no flags Details

  None (edit)
Description david schuller 2008-07-14 13:29:21 EDT
Description of problem: Test app crashes with Segmentation fault when Dialog box
should close


Version-Release number of selected component (if applicable):
0.95.0-25.fc9.x86_64

How reproducible:
Completely, every single time

Steps to Reproduce:
1. Download test app, compile, run
2. Choose "STOP" button, select "After Current Image" from drop-down menu
3. When Dialog box appears, choose "YES" or "NO" pushbutton.
  
Actual results:
with lesstif on x86_64, entire app crashes with "Segmentation fault"


Expected results:
Dialog box closes, leaving main menu intact (this behaviour seen with i386
version of lesstif, and with openmotif-2.3.0)


Additional info: Dialog contains BulletinBoard, which contains a label and two
pushbuttons.
Comment 1 david schuller 2008-07-14 13:29:22 EDT
Created attachment 311738 [details]
Source code for test app
Comment 2 Hans de Goede 2008-08-01 07:57:02 EDT
(In reply to comment #1)
> Created an attachment (id=311738) [edit]
> Source code for test app
> 

Make that: "Buggy source code for test app".

/me is grumpy after debugging a problem that turns out to be in someone else's
code for 2 hours GRMMNBL

Anyways your code in the stop_activateCallback() callback handler trashes the
stack, making lesstif unhappy. The only reason motif is not unhappy is luck.

Your code says:


void
stop_activateCallback(w, client, call)  
Widget w;
XtPointer client;
XtPointer call;
{
        int user_data;

        XtVaGetValues(w, XmNuserData, &user_data, NULL);

        switch(user_data)

Notice how you get XmNuserData and store that in an int, but XmNuserData
actually has a type of XtPointer, so XtVaGetValues stores 64 bits, but you've
only reserved 32 bits on the stack -> boom stack smashed

The correct code would be:


void
stop_activateCallback(w, client, call)  
Widget w;
XtPointer client;
XtPointer call;
{
        XtPointer user_data;

        XtVaGetValues(w, XmNuserData, &user_data, NULL);

        switch((long)user_data)

Note You need to log in before you can comment on or make changes to this bug.