Bug 503384 - free() of invalid pointer after "BOGUS LENGTH in write keyboard desc"
free() of invalid pointer after "BOGUS LENGTH in write keyboard desc"
Status: CLOSED DUPLICATE of bug 456376
Product: Fedora
Classification: Fedora
Component: xorg-x11-server (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Peter Hutterer
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-05-31 12:54 EDT by Lubomir Rintel
Modified: 2009-06-02 18:34 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-06-02 18:34:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Lubomir Rintel 2009-05-31 12:54:27 EDT
Description of problem:

[xkb] BOGUS LENGTH in write keyboard desc, expected 6780, got 6796

The error message is produced by /usr/src/debug/xorg-server- line 1396, 1409 frees an invalid pointer right away.

addr2line'd traceback:

foun*** glibc detected *** /usr/bin/Xorg: double free or corruption (!prev): 0x0a6f2840 ***
======= Backtrace: =========
======= Memory map: ========
00101000-00119000 r-xp 00000000 fd:03 7599       /lib/libaudit.so.0.0.0
00119000-0011a000 r--p 00017000 fd:03 7599       /lib/libaudit.so.0.0.0
0011a000-0011b000 rw-p 00018000 fd:03 7599       /lib/libaudit.so.0.0.0
0011b000-00286000 r-xp 00000000 fd:03 44443      /lib/libc-2.10.1.so
00286000-00287000 ---p 0016b000 fd:03 44443      /lib/libc-2.10.1.so
00287000-00289000 r--p 0016b000 fd:03 44443      /lib/libc-2.10.1.so
00289000-0028a000 rw-p 0016d000 fd:03 44443      /lib/libc-2.10.1.so
0028a000-0028d000 rw-p 0028a000 00:00 0
0028d000-002ab000 r-xp 00000000 fd:03 214673     /usr/lib/xorg/modules/extensions/libextmod.so
002ab000-002ad000 rw-p 0001d000 fd:03 214673     /usr/lib/xorg/modules/extensions/libextmod.so
002ad000-002b6000 r-xp 00000000 fd:03 22625      /usr/lib/libdrm.so.2.4.0
002b6000-002b7000 rw-p 00009000 fd:03 22625      /usr/lib/libdrm.so.2.4.0
002b7000-002bd000 r-xp 00000000 fd:03 76071      /usr/lib/libdrm_nouveau.so.1.0.0
002bd000-002be000 rw-p 00005000 fd:03 76071      /usr/lib/libdrm_nouveau.so.1.0.0
002be000-002c2000 r-xp 00000000 fd:03 81570      /usr/lib/xorg/modules/linux/libfbdevhw.so
002c2000-002c3000 rw-p 00003000 fd:03 81570      /usr/lib/xorg/modules/linux/libfbdevhw.so
002c5000-002c7000 r-xp 00000000 fd:03 78728      /lib/libcom_err.so.2.1
002c7000-002c8000 rw-p 00001000 fd:03 78728      /lib/libcom_err.so.2.1
002c8000-0032b000 r-xp 00000000 fd:03 214674     /usr/lib/xorg/modules/extensions/libglx.so
0032b000-0032e000 rw-p 00062000 fd:03 214674     /usr/lib/xorg/modules/extensions/libglx.so
0032e000-00380000 r-xp 00000000 fd:03 84958      /usr/lib/xorg/modules/drivers/nouveau_drv.so
d this on a vt:

Version-Release number of selected component (if applicable):


How reproducible:

Just happened once. I recall using qemu then, typing on a keyboard, no idea if that's related.

Additional info:

Feel free to ask for more info if needed.
Comment 1 Peter Hutterer 2009-06-02 18:34:55 EDT
Please test, the patch to fix this was merged there (provided you can reproduce the bug)


Marking as a duplicate of 456376.

*** This bug has been marked as a duplicate of bug 456376 ***

Note You need to log in before you can comment on or make changes to this bug.