Hello,
I found a reproductible bug on the enlightenment code. I am
using the last cvs version of e17 and compiled it with gcc-4.1.1 and
glibc 2.4 for informations. The bug occurs when I want to quit
enlightenment or when I quit the configuration menu. After making a
debugging session, I found that e17 frees some pointers named
bd->client.icccm.command.argv[i]. this line can be found at
e_border.c:2937. I was trying to search a line where this variable is
allocated but I found nothing interesting. You will find some debugging
informations in the following.
command line /usr/local/bin/enlightenment -evil
Reproduction : 100 %
Way to reproduce it : just quit e17
backtrace with gdb
(gdb) bt
#0 0xffffe410 in __kernel_vsyscall ()
#1 0xb798a36d in ___newselect_nocancel () from /lib/libc.so.6
#2 0xb7a46154 in _XWaitForReadable () from /usr/X11R6/lib/libX11.so.6
#3 0xb7a46511 in _XRead () from /usr/X11R6/lib/libX11.so.6
#4 0xb7a47969 in _XReadEvents () from /usr/X11R6/lib/libX11.so.6
#5 0xb7a3663a in XNextEvent () from /usr/X11R6/lib/libX11.so.6
#6 0x080d181f in e_alert_show (
text=0x812efa4 "This is very bad. Enlightenment has
segfaulted.\nThis is not meant to happen and is likely a sign of a\nbug
in Enlightenment or the libraries it relies on.\n\nYou can gdb attach
to this process now to try"...) at e_alert.c:137
#7 0x080b9fb2 in e_sigseg_act (x=11, info=0xbfd0b52c, data=0xbfd0b5ac)
at e_signals.c:53
#8 <signal handler called>
#9 0xb793878f in free () from /lib/libc.so.6
#10 0x08082e38 in _e_border_free (bd=0x8474658) at e_border.c:2937
#11 0x080a1ddd in e_object_free (obj=0x8474658) at e_object.c:77
#12 0x080a1e2c in e_object_unref (obj=0x8474658) at e_object.c:96
#13 0x0808c561 in _e_border_event_border_remove_free (data=0x0,
ev=0x845c028) at e_border.c:6236
#14 0xb7ca1658 in _ecore_event_del (event=0x8409c98) at
ecore_events.c:357 #15 0xb7ca1910 in _ecore_event_call () at
ecore_events.c:445 #16 0xb7ca8a36 in _ecore_main_loop_iterate_internal
(once_only=0) at ecore_main.c:639
#17 0xb7ca7c25 in ecore_main_loop_begin () at ecore_main.c:79
#18 0x080638a9 in main (argc=2, argv=0xbfd0ec34) at e_main.c:689
(gdb) fr 10
#10 0x08082e38 in _e_border_free (bd=0x8474658) at e_border.c:2937
2937 free(bd->client.icccm.command.argv[i]);
(gdb) l
2932 if ((bd->client.icccm.command.argc > 0) &&
(bd->client.icccm.command.argv))
2933 {
2934 int i;
2935
2936 for (i = 0; i < bd->client.icccm.command.argc; i++)
2937 free(bd->client.icccm.command.argv[i]);
2938 free(bd->client.icccm.command.argv);
2939 }
2940 if (bd->client.netwm.name) free(bd->client.netwm.name);
2941 if (bd->client.netwm.icon_name)
free(bd->client.netwm.icon_name); (gdb) p bd
$11 = (E_Border *) 0x8474658
(gdb) p bd->client.icccm.command.argv[i]
$10 = 0x836cd65 "-evil"
(gdb) p bd->client.icccm.command.argv
$12 = (char **) 0x8471288
(gdb) p bd->client.icccm.command
$13 = {argc = 2, argv = 0x8471288}
(gdb) p bd->client.icccm
$14 = {title = 0x0, name = 0x8388ad0 "[EMAIL PROTECTED]", class = 0x8388468
"È\2128\bfigure", icon_name = 0x0,
machine = 0x83c90c8 "`\2048\bite", min_w = 352, min_h = 310, max_w =
9999, max_h = 9999, base_w = -1, base_h = -1,
step_w = -1, step_h = -1, start_x = 0, start_y = 0, min_aspect = 0,
max_aspect = 0,
initial_state = ECORE_X_WINDOW_STATE_HINT_WITHDRAWN, state =
ECORE_X_WINDOW_STATE_HINT_ICONIC, icon_pixmap = 0,
icon_mask = 0, icon_window = 0, window_group = 0, transient_for =
163, client_leader = 0, gravity = ECORE_X_GRAVITY_NW,
window_role = 0x0, take_focus = 0 '\0', accepts_focus = 1 '\001',
urgent = 0 '\0', delete_request = 1 '\001',
request_pos = 0 '\0', command = {argc = 2, argv = 0x8471288}, fetch =
{title = 0 '\0', name_class = 0 '\0',
icon_name = 0 '\0', machine = 0 '\0', hints = 0 '\0',
size_pos_hints = 0 '\0', protocol = 0 '\0',
transient_for = 0 '\0', client_leader = 0 '\0', window_role = 0
'\0', state = 0 '\0', command = 0 '\0'}}
(gdb) p bd
$15 = (E_Border *) 0x8474658
(gdb) fr 11
#11 0x080a1ddd in e_object_free (obj=0x8474658) at e_object.c:77
77 obj->cleanup_func(obj);
(gdb) l
72 e_object_breadcrumb_debug(obj);
73 }
74 */
75 if (obj->free_att_func) obj->free_att_func(obj);
76 obj->magic = E_OBJECT_MAGIC_FREED;
77 obj->cleanup_func(obj);
78 }
79
80 EAPI int
81 e_object_ref(E_Object *obj)
(gdb) p obj
$16 = (E_Object *) 0x8474658
(gdb) p obj->magic
$17 = -524325139
If you need more informations about it feel free to contact me
regards
Mathieu
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
