--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Multiple segfaults when resizing the terminal
- From: Loïc Minier <lool@dooz.org>
- Date: Mon, 2 Jan 2006 21:39:30 +0100
- Message-id: <20060102203930.GA9198@bee.dooz.org>
Package: info
Version: 4.8-2
Severity: normal
Tags: patch
Hi,
When resizing the terminal rapidly, info will segfault:
(gdb) bt
#0 0x0804a503 in display_update_one_window (win=0x80a3fd8) at display.c:301
#1 0x0804a02b in display_update_display (window=0x80a3fd8) at display.c:85
#2 0x08061578 in redisplay_after_signal () at signals.c:161
#3 0x08061609 in reset_info_window_sizes () at signals.c:176
#4 0x0806180f in info_signal_proc (sig=28) at signals.c:277
#5 <signal handler called>
#6 0xffffe40e in __kernel_vsyscall ()
#7 0xb7e4d193 in read () from /lib/tls/i686/cmov/libc.so.6
#8 0x080612a6 in info_get_input_char () at session.c:5002
#9 0x080595fd in info_read_and_dispatch () at session.c:217
#10 0x08059534 in info_session () at session.c:175
#11 0x0805950c in display_startup_message_and_start () at session.c:166
#12 0x080594c9 in begin_info_session (initial_node=0x8095e10) at session.c:153
#13 0x08051b58 in main (argc=2, argv=0xbf92c224) at info.c:507
(gdb) print entry
$1 = (DISPLAY_LINE *) 0x0
I easily reproduce this with "info autoconf" or "info automake" in a
xterm and rapidly resizing up and down, especially to a small size.
My first guess what at the second part of the if() condition, hence I
tried moving the entry != NULL test higher, but that wasn't enough
since entry is derefenced a couple of times afterwards.
Hence, I simply protected the following chunk, and the segfaults appear
less often now. The segfaults happening with entry == NULL are gone
for me, and I can resize info to a small size, however I still got an
occasional segfault when rapidly resizing, with a weird value of entry:
(gdb) bt
#0 0x0804a4f4 in display_update_one_window (win=0x80a3fd8) at display.c:303
#1 0x0804a02b in display_update_display (window=0x80a3fd8) at display.c:85
#2 0x0806157c in redisplay_after_signal () at signals.c:161
#3 0x0806160d in reset_info_window_sizes () at signals.c:176
#4 0x08061813 in info_signal_proc (sig=28) at signals.c:277
#5 <signal handler called>
#6 0xffffe40e in __kernel_vsyscall ()
#7 0xb7e7e193 in read () from /lib/tls/i686/cmov/libc.so.6
#8 0x080612aa in info_get_input_char () at session.c:5002
#9 0x08059601 in info_read_and_dispatch () at session.c:217
#10 0x08059538 in info_session () at session.c:175
#11 0x08059510 in display_startup_message_and_start () at session.c:166
#12 0x080594cd in begin_info_session (initial_node=0x8095e10) at session.c:153
#13 0x08051b5c in main (argc=2, argv=0xbfa5eba4) at info.c:507
(gdb) print entry
$1 = (DISPLAY_LINE *) 0x59
I'm afraid some corruption happens or unintialized memory is used, and
I suggest you run info in valgrind.
If you find them useful, please include the attached changes. (The
patch is large, but only a couple of lines were truly changed.)
-- System Information:
Debian Release: testing/unstable
APT prefers oldstable
APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)
Versions of packages info depends on:
ii libc6 2.3.5-9 GNU C Library: Shared libraries an
ii libncurses5 5.5-1 Shared libraries for terminal hand
info recommends no packages.
-- no debconf information
--
Loïc Minier <lool@dooz.org>
Current Earth status: NOT DESTROYED
--- texinfo-4.8/debian/changelog
+++ texinfo-4.8/debian/changelog
@@ -1,3 +1,12 @@
+texinfo (4.8-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix segfault when resizing the terminal rapidly by checking more carefully
+ whether the display line is set prior to refering to it.
+ [info/display.c:display_update_one_window]
+
+ -- Loic Minier <lool@dooz.org> Mon, 2 Jan 2006 21:31:48 +0100
+
texinfo (4.8-2) unstable; urgency=low
* Edit the changelog entry for 4.8-1 to include fixes for bugs that
--- texinfo-4.8.orig/info/display.c
+++ texinfo-4.8/info/display.c
@@ -294,62 +294,65 @@
on the screen. */
entry = display[line_index + win->first_row];
- /* If the screen line is inversed, then we have to clear
- the line from the screen first. Why, I don't know.
- (But don't do this if we have no visible entries, as can
- happen if the window is shrunk very small.) */
- if ((entry && entry->inverse)
- /* Need to erase the line if it has escape sequences. */
- || (raw_escapes_p && strchr (entry->text, '\033') != 0))
- {
- terminal_goto_xy (0, line_index + win->first_row);
- terminal_clear_to_eol ();
- entry->inverse = 0;
- entry->text[0] = '\0';
- entry->textlen = 0;
- }
+ /* If the window is very small, entry might be NULL. */
+ if (entry) {
+ /* If the screen line is inversed, then we have to clear
+ the line from the screen first. Why, I don't know.
+ (But don't do this if we have no visible entries, as can
+ happen if the window is shrunk very small.) */
+ if (entry->inverse
+ /* Need to erase the line if it has escape sequences. */
+ || (raw_escapes_p && strchr (entry->text, '\033') != 0))
+ {
+ terminal_goto_xy (0, line_index + win->first_row);
+ terminal_clear_to_eol ();
+ entry->inverse = 0;
+ entry->text[0] = '\0';
+ entry->textlen = 0;
+ }
- /* Find the offset where these lines differ. */
- for (i = 0; i < pl_index; i++)
- if (printed_line[i] != entry->text[i])
- break;
-
- /* If the lines are not the same length, or if they differed
- at all, we must do some redrawing. */
- if ((i != pl_index) || (pl_index != entry->textlen))
- {
- /* Move to the proper point on the terminal. */
- terminal_goto_xy (i, line_index + win->first_row);
+ /* Find the offset where these lines differ. */
+ for (i = 0; i < pl_index; i++)
+ if (printed_line[i] != entry->text[i])
+ break;
+
+ /* If the lines are not the same length, or if they differed
+ at all, we must do some redrawing. */
+ if ((i != pl_index) || (pl_index != entry->textlen))
+ {
+ /* Move to the proper point on the terminal. */
+ terminal_goto_xy (i, line_index + win->first_row);
- /* If there is any text to print, print it. */
- if (i != pl_index)
- terminal_put_text (printed_line + i);
-
- /* If the printed text didn't extend all the way to the edge
- of the window, and text was appearing between here and the
- edge of the window, clear from here to the end of the line. */
- if ((pl_index < win->width + pl_ignore
- && pl_index < entry->textlen)
- || (entry->inverse))
- terminal_clear_to_eol ();
-
- fflush (stdout);
-
- /* Update the display text buffer. */
- if (strlen (printed_line) > (unsigned int) screenwidth)
- /* printed_line[] can include more than screenwidth
- characters if we are under -R and there are escape
- sequences in it. However, entry->text was
- allocated (in display_initialize_display) for
- screenwidth characters only. */
- entry->text = xrealloc (entry->text, strlen (printed_line)+1);
- strcpy (entry->text + i, printed_line + i);
- entry->textlen = pl_index;
-
- /* Lines showing node text are not in inverse. Only modelines
- have that distinction. */
- entry->inverse = 0;
- }
+ /* If there is any text to print, print it. */
+ if (i != pl_index)
+ terminal_put_text (printed_line + i);
+
+ /* If the printed text didn't extend all the way to the edge
+ of the window, and text was appearing between here and the
+ edge of the window, clear from here to the end of the line. */
+ if ((pl_index < win->width + pl_ignore
+ && pl_index < entry->textlen)
+ || (entry->inverse))
+ terminal_clear_to_eol ();
+
+ fflush (stdout);
+
+ /* Update the display text buffer. */
+ if (strlen (printed_line) > (unsigned int) screenwidth)
+ /* printed_line[] can include more than screenwidth
+ characters if we are under -R and there are escape
+ sequences in it. However, entry->text was
+ allocated (in display_initialize_display) for
+ screenwidth characters only. */
+ entry->text = xrealloc (entry->text, strlen (printed_line)+1);
+ strcpy (entry->text + i, printed_line + i);
+ entry->textlen = pl_index;
+
+ /* Lines showing node text are not in inverse. Only modelines
+ have that distinction. */
+ entry->inverse = 0;
+ }
+ }
/* We have done at least one line. Increment our screen line
index, and check against the bottom of the window. */
--- End Message ---
--- Begin Message ---
Source: texinfo
Source-Version: 4.11.dfsg.1-1
We believe that the bug you reported is fixed in the latest version of
texinfo, which is due to be installed in the Debian FTP archive:
info_4.11.dfsg.1-1_i386.deb
to pool/main/t/texinfo/info_4.11.dfsg.1-1_i386.deb
texinfo_4.11.dfsg.1-1.diff.gz
to pool/main/t/texinfo/texinfo_4.11.dfsg.1-1.diff.gz
texinfo_4.11.dfsg.1-1.dsc
to pool/main/t/texinfo/texinfo_4.11.dfsg.1-1.dsc
texinfo_4.11.dfsg.1-1_i386.deb
to pool/main/t/texinfo/texinfo_4.11.dfsg.1-1_i386.deb
texinfo_4.11.dfsg.1.orig.tar.gz
to pool/main/t/texinfo/texinfo_4.11.dfsg.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 345739@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Norbert Preining <preining@debian.org> (supplier of updated texinfo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 05 Nov 2007 13:42:18 +0100
Source: texinfo
Binary: texinfo info
Architecture: source i386
Version: 4.11.dfsg.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian TeX maintainers <debian-tex-maint@lists.debian.org>
Changed-By: Norbert Preining <preining@debian.org>
Description:
info - Standalone GNU Info documentation browser
texinfo - Documentation system for on-line information and printed output
Closes: 335016 345739 376280 428339 435558 439877 440796
Changes:
texinfo (4.11.dfsg.1-1) unstable; urgency=low
.
* new upstream release (Closes: #376280, #435558, #439877, #335016, #345739)
* Recommend installing texlive instead of tetex-bin in texi2dvi
(Closes: #440796)
* switch to quilt
* disable the following patches:
- 30_texindex_racecondition: does not appply
- 31_segfault-when-resizing-terminal: upstream
- 32_makinfo_css_fix: upstream
- 33_texindex_CVE-2006-4810: upstream
- 52_missing_dir_in_texinputs: does not apply
- 61_man_Top: upstream
- 62_localesettings: upstream
refresh the other patches
* add build-dep on help2man
* suggest texinfo-doc-nonfree (Closes: #428339)
* add Vcs-Svn and Vcs-Browser field in debian/control
Files:
f1fc3f8dc3cb641b4e347c7e084544a4 877 doc standard texinfo_4.11.dfsg.1-1.dsc
86aa0a91288f385f5b265c81a835a4c2 2093962 doc standard texinfo_4.11.dfsg.1.orig.tar.gz
e91bfd2498cabc56de719d8c1f05e613 29759 doc standard texinfo_4.11.dfsg.1-1.diff.gz
5e9a34e2cdda52583acc7ab05a882018 709530 text standard texinfo_4.11.dfsg.1-1_i386.deb
0132da7ab303e63a6380762c3b9e9973 186018 doc important info_4.11.dfsg.1-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHLxkO0r9KownFsJQRAoxrAJ4sT5yJnMvpKi1YiEndvVNDR+KeFgCbBsvQ
1wFTd2xVzOVxb5GrFdWaIBo=
=Mmbp
-----END PGP SIGNATURE-----
--- End Message ---