Bug#29363: Debian Bugs information: logs for Bug#29363
nturton@acorn.com reported this bug ages ago, and it still sits in the
BTS, being flagged "inportant":
> If I press shift-kp_9 in an xterm (which is running on my Debian
> machine) at some stage after the xterm has beeped, the xterm
> seg-faults.
[...]
> I have reproduced this on the local (Debian) X server using the
> following (key 96 is F12):
>
> Run: xmodmap -e 'keycode 96 = F27'
> In an xterm type: echo -e \\a
> Then press: shift-F12
> Segmentation fault
>
> It seems to have this effect for function keys F21 onwards, and any
> keycode I tried.
[...]
> xbase 3.3.2.3-2
This bug is no longer present in xterm, and can be closed.
To support this assertation, here is a detailed explanation of what
went wrong in the XFree86 3.3.2.3 source:
* Input() in input.c (cvsweb.xfree86.org revision 3.11.2.3) calls
decfuncvalue() in input.c to determine the number in the VTxxx
control sequence for the keysym.
* When the keysym is an F-key greater than F20, decfuncvalue() returns
-1, signifying "unknown key".
* Without checking (yet) for the "unknown key" condition, Input() notices
that shift is down and passes the DEC number to udk_lookup() in misc.c
(cvsweb.xfree86.org revision 3.17.2.4) to check if the key has had
a string defined for it by escape sequences. The source for
udk_lookup is
char *
udk_lookup(keycode, len)
int keycode;
int *len;
{
if (keycode < MAX_UDK) {
*len = user_keys[keycode].len;
return user_keys[keycode].str;
}
return 0;
}
thus when the keycode argument is -1, it indexes before the
beginning of the user_keys array.
* user_keys is a static array declared just before the definition
of hexvalue() in misc.c. It so happens that the most closely
preceding static variable that is not #ifdef'ed away (ALLOWLOGGING
is disabled by default).
static long lastBellTime;
immediately before the definition of Bell(). This means that
"user_keys[-1].str" ends up being an alias for lastBellTime.
* Initially lastBellTime will be 0, so udk_lookup(-1,&nbytes) indeed does
return 0. But as soon as the bell sounds, lastBellTime changes,
and the timestamp ends up as the return value from udk_lookup.
* Input() proceeds to try to dereference the timestamp as a char*,
which triggers a SIGSEGV.
This problem wias fixed in XFree.3.9.17b (cvs revision 3.46 of
misc.c), where the conditional in udk_lookup() was changed to read
if (keycode >= 0 && keycode < MAX_UDK) {
The xterm in Debian stable is currently 4.1.0-16; therefore this bug
is not relevant anymore.
--
Henning Makholm "We will discuss your youth another time."
Reply to: