Bug#541160: #541160 xterm: heap corruption when changing window size
On 2009-08-13 02:17:55 +0200, Jan Christoph Nordholz wrote:
> I'll do a few valgrind runs myself and report back.
I've just done a test with valgrind. Here's the output:
==22673== Memcheck, a memory error detector.
==22673== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==22673== Using LibVEX rev 1884, a library for dynamic binary translation.
==22673== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==22673== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation framework.
==22673== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==22673== For more details, rerun with: -v
==22673==
==22676== Warning: invalid file descriptor -1 in syscall close()
==22673== Invalid write of size 1
==22673== at 0x430510: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673== by 0x430E63: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673== by 0x5DD03A9: XtConfigureWidget (in /usr/lib/libXt.so.6.0.0)
==22673== by 0x508E6FF: XawVendorShellExtResize (in /usr/lib/libXaw7.so.7.0.0)
==22673== by 0x5DCD107: XtDispatchEventToWidget (in /usr/lib/libXt.so.6.0.0)
==22673== by 0x5DCD92A: (within /usr/lib/libXt.so.6.0.0)
==22673== by 0x5DCCB3A: XtDispatchEvent (in /usr/lib/libXt.so.6.0.0)
==22673== by 0x42ADF7: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673== by 0x418795: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673== by 0x418BD1: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673== by 0x424390: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673== by 0x550D5C5: (below main) (libc-start.c:222)
==22673== Address 0x1080c0902 is not stack'd, malloc'd or (recently) free'd
==22673==
==22673== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==22673== Access not within mapped region at address 0x1080C0902
==22673== at 0x430510: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673== by 0x430E63: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673== by 0x5DD03A9: XtConfigureWidget (in /usr/lib/libXt.so.6.0.0)
==22673== by 0x508E6FF: XawVendorShellExtResize (in /usr/lib/libXaw7.so.7.0.0)
==22673== by 0x5DCD107: XtDispatchEventToWidget (in /usr/lib/libXt.so.6.0.0)
==22673== by 0x5DCD92A: (within /usr/lib/libXt.so.6.0.0)
==22673== by 0x5DCCB3A: XtDispatchEvent (in /usr/lib/libXt.so.6.0.0)
==22673== by 0x42ADF7: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673== by 0x418795: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673== by 0x418BD1: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673== by 0x424390: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673== by 0x550D5C5: (below main) (libc-start.c:222)
==22673== If you believe this happened as a result of a stack overflow in your
==22673== program's main thread (unlikely but possible), you can try to increase
==22673== the size of the main thread stack using the --main-stacksize= flag.
==22673== The main thread stack size used in this run was 8388608.
==22673==
==22673== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 1)
==22673== malloc/free: in use at exit: 477,264 bytes in 2,155 blocks.
==22673== malloc/free: 6,610 allocs, 4,455 frees, 1,032,863 bytes allocated.
==22673== For counts of detected errors, rerun with: -v
==22673== searching for pointers to 2,155 not-freed blocks.
==22673== checked 816,152 bytes.
==22673==
==22673== LEAK SUMMARY:
==22673== definitely lost: 3,689 bytes in 6 blocks.
==22673== possibly lost: 0 bytes in 0 blocks.
==22673== still reachable: 473,575 bytes in 2,149 blocks.
==22673== suppressed: 0 bytes in 0 blocks.
==22673== Rerun with --leak-check=full to see details of leaked memory.
zsh: segmentation fault valgrind ./xterm
Note: I had to copy the xterm binary because it is setgid and valgrind
cannot run it.
--
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
Reply to: