Bug#29363: Debian Bugs information: logs for Bug#29363

To: 29363@bugs.debian.org
Subject: Bug#29363: Debian Bugs information: logs for Bug#29363
From: Henning Makholm <henning@makholm.net>
Date: Sat, 26 Apr 2003 05:22:03 +0200
Message-id: <[🔎] 20030426032203.GA29168@diku.dk>
Reply-to: Henning Makholm <henning@makholm.net>, 29363@bugs.debian.org
In-reply-to: <handler.s.R.105132464220733.info.0@bugs.debian.org>
References: <20030426023720.GA29071@diku.dk> <handler.s.R.105132464220733.info.0@bugs.debian.org>

nturton@acorn.com reported this bug ages ago, and it still sits in the
BTS, being flagged "inportant":

> If I press shift-kp_9 in an xterm (which is running on my Debian
> machine) at some stage after the xterm has beeped, the xterm
> seg-faults.
[...]
>   I have reproduced this on the local (Debian) X server using the
> following (key 96 is F12):
>
>   Run: xmodmap -e 'keycode 96 = F27'
>   In an xterm type: echo -e \\a
>   Then press: shift-F12
>   Segmentation fault
>
>   It seems to have this effect for function keys F21 onwards, and any
> keycode I tried.
[...]
> xbase                3.3.2.3-2

This bug is no longer present in xterm, and can be closed.

To support this assertation, here is a detailed explanation of what
went wrong in the XFree86 3.3.2.3 source:

 * Input() in input.c (cvsweb.xfree86.org revision 3.11.2.3) calls
   decfuncvalue() in input.c to determine the number in the VTxxx
   control sequence for the keysym.

 * When the keysym is an F-key greater than F20, decfuncvalue() returns
   -1, signifying "unknown key".

 * Without checking (yet) for the "unknown key" condition, Input() notices
   that shift is down and passes the DEC number to udk_lookup() in misc.c
   (cvsweb.xfree86.org revision 3.17.2.4) to check if the key has had
   a string defined for it by escape sequences. The source for
   udk_lookup is

   	char *
	udk_lookup(keycode, len)
		int keycode;
		int *len;
	{
		if (keycode < MAX_UDK) {
			*len = user_keys[keycode].len;
			return user_keys[keycode].str;
	        }
		return 0;
	}

   thus when the keycode argument is -1, it indexes before the
   beginning of the user_keys array.

 * user_keys is a static array declared just before the definition
   of hexvalue() in misc.c. It so happens that the most closely
   preceding static variable that is not #ifdef'ed away (ALLOWLOGGING
   is disabled by default).

	static long lastBellTime;

   immediately before the definition of Bell(). This means that
   "user_keys[-1].str" ends up being an alias for lastBellTime.

 * Initially lastBellTime will be 0, so udk_lookup(-1,&nbytes) indeed does
   return 0. But as soon as the bell sounds, lastBellTime changes,
   and the timestamp ends up as the return value from udk_lookup.

 * Input() proceeds to try to dereference the timestamp as a char*,
   which triggers a SIGSEGV.

This problem wias fixed in XFree.3.9.17b (cvs revision 3.46 of
misc.c), where the conditional in udk_lookup() was changed to read

	if (keycode >= 0 && keycode < MAX_UDK) {

The xterm in Debian stable is currently 4.1.0-16; therefore this bug
is not relevant anymore.

-- 
Henning Makholm                   "We will discuss your youth another time."

Reply to:

Prev by Date: Bug#10445: marked as forwarded (xterm: using -e with -ls fails to open a login shell)
Next by Date: Bug#182292: Debian Bugs information: logs for Bug#182292
Previous by thread: Bug#10445: marked as forwarded (xterm: using -e with -ls fails to open a login shell)
Next by thread: Bug#182292: Debian Bugs information: logs for Bug#182292
Index(es):
- Date
- Thread