[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#541160: #541160 xterm: heap corruption when changing window size

On Thu, Aug 13, 2009 at 02:17:55 +0200, Jan Christoph Nordholz wrote:

> I'll do a few valgrind runs myself and report back.
> 
I got a crash (glibc abort in free()) once, can't seem to reproduce now.
valgrind reports these issues though:

==864== Invalid write of size 1
==864==    at 0x402766C: memset (mc_replace_strmem.c:493)
==864==    by 0x807DE7F: ClearCells (screen.c:702)
==864==    by 0x8085E1B: ClearInLine2 (util.c:1205)
==864==    by 0x8085E84: ClearInLine (util.c:1226)
==864==    by 0x808601A: ClearRight (util.c:1270)
==864==    by 0x8086350: do_erase_line (util.c:1361)
==864==    by 0x8057701: doparsing (charproc.c:1870)
==864==    by 0x8059673: VTparse (charproc.c:3023)
==864==    by 0x805D22F: VTRun (charproc.c:4957)
==864==    by 0x806F445: main (main.c:2414)
==864==  Address 0x4fdcf9e is 0 bytes after a block of size 1,598 alloc'd
==864==    at 0x40240D2: calloc (vg_replace_malloc.c:397)
==864==    by 0x807D3F5: allocScrnData (screen.c:287)
==864==    by 0x807D0A4: addScrollback (scrollback.c:90)
==864==    by 0x807D4AA: saveEditBufLines (screen.c:340)
==864==    by 0x80807D4: ScreenResize (screen.c:1791)
==864==    by 0x805D3D0: VTResize (charproc.c:5021)
==864==    by 0x43AA5D8: XtConfigureWidget (Geometry.c:673)
==864==    by 0x43AA779: XtResizeWidget (Geometry.c:586)
==864==    by 0x409BC59: XawVendorShellExtResize (Vendor.c:448)
==864==    by 0x43C32A1: EventHandler (Shell.c:1671)
==864==    by 0x43A70F3: XtDispatchEventToWidget (Event.c:874)
==864==    by 0x43A7AAE: _XtDefaultDispatcher (Event.c:1335)

==864== Invalid write of size 2
==864==    at 0x806D6AC: getLineData (linedata.c:67)
==864==    by 0x805166F: okPosition (button.c:2631)
==864==    by 0x80522AE: ComputeSelect (button.c:3006)
==864==    by 0x805042B: StartSelect (button.c:2126)
==864==    by 0x805002E: do_select_start (button.c:2010)
==864==    by 0x80500BD: HandleSelectStart (button.c:2034)
==864==    by 0x43CF970: HandleActions (TMstate.c:636)
==864==    by 0x43CFD4A: HandleSimpleState (TMstate.c:875)
==864==    by 0x43D0347: _XtTranslateEvent (TMstate.c:1093)
==864==    by 0x43A7340: XtDispatchEventToWidget (Event.c:898)
==864==    by 0x43A7B45: _XtDefaultDispatcher (Event.c:1359)
==864==    by 0x43A6A66: XtDispatchEvent (Event.c:1415)
==864==  Address 0x5074e50 is 0 bytes after a block of size 384 alloc'd
==864==    at 0x40240D2: calloc (vg_replace_malloc.c:397)
==864==    by 0x807D359: allocScrnHead (screen.c:242)
==864==    by 0x807D7E3: Reallocate (screen.c:472)
==864==    by 0x808084E: ScreenResize (screen.c:1837)
==864==    by 0x805D3D0: VTResize (charproc.c:5021)
==864==    by 0x43AA5D8: XtConfigureWidget (Geometry.c:673)
==864==    by 0x43AA779: XtResizeWidget (Geometry.c:586)
==864==    by 0x409BC59: XawVendorShellExtResize (Vendor.c:448)
==864==    by 0x43C32A1: EventHandler (Shell.c:1671)
==864==    by 0x43A70F3: XtDispatchEventToWidget (Event.c:874)
==864==    by 0x43A7AAE: _XtDefaultDispatcher (Event.c:1335)
==864==    by 0x43A6A66: XtDispatchEvent (Event.c:1415)

==1278== Invalid write of size 1
==1278==    at 0x806D6CB: getLineData (linedata.c:70)
==1278==    by 0x805166F: okPosition (button.c:2631)
==1278==    by 0x80522CF: ComputeSelect (button.c:3007)
==1278==    by 0x8050D14: ExtendExtend (button.c:2309)
==1278==    by 0x8050493: EndExtend (button.c:2146)
==1278==    by 0x804E4E4: do_select_end (button.c:1016)
==1278==    by 0x804E65F: HandleSelectEnd (button.c:1044)
==1278==    by 0x43CF970: HandleActions (TMstate.c:636)
==1278==    by 0x43CFD4A: HandleSimpleState (TMstate.c:875)
==1278==    by 0x43D0347: _XtTranslateEvent (TMstate.c:1093)
==1278==    by 0x43A7340: XtDispatchEventToWidget (Event.c:898)
==1278==    by 0x43A7B45: _XtDefaultDispatcher (Event.c:1359)
==1278==  Address 0x5236833 is 3 bytes after a block of size 672 alloc'd
==1278==    at 0x40240D2: calloc (vg_replace_malloc.c:397)
==1278==    by 0x807D359: allocScrnHead (screen.c:242)
==1278==    by 0x807D7E3: Reallocate (screen.c:472)
==1278==    by 0x8080900: ScreenResize (screen.c:1865)
==1278==    by 0x805D3D0: VTResize (charproc.c:5021)
==1278==    by 0x43AA5D8: XtConfigureWidget (Geometry.c:673)
==1278==    by 0x43AA779: XtResizeWidget (Geometry.c:586)
==1278==    by 0x409BC59: XawVendorShellExtResize (Vendor.c:448)
==1278==    by 0x43C32A1: EventHandler (Shell.c:1671)
==1278==    by 0x43A70F3: XtDispatchEventToWidget (Event.c:874)
==1278==    by 0x43A7AAE: _XtDefaultDispatcher (Event.c:1335)
==1278==    by 0x43A6A66: XtDispatchEvent (Event.c:1415)

Cheers,
Julien
Reply to: