I fixed it in ecore_x_icccm.c
Sebastian
[EMAIL PROTECTED] wrote:
> Hi Mathieu,
>
> I've noticed the bug (e can crash if you close a window for an app that
> was started with cmd line params from exe-buf or an eap), and had
> narrowed it down (looking at the recent changelogs) to that section.
> Haven't had any time to follow through thouh.. I'll try to
> find time tonight or tomorrow (unless someone beats me to it).
>
> Thanks for the debugging info :)
> --
> rephorm
>
> On Fri, Jun 09, 2006 at 03:17:33PM +0200, Mathieu Taillefumier wrote:
>> Hello,
>>
>> I found a reproductible bug on the enlightenment code. I am
>> using the last cvs version of e17 and compiled it with gcc-4.1.1 and
>> glibc 2.4 for informations. The bug occurs when I want to quit
>> enlightenment or when I quit the configuration menu. After making a
>> debugging session, I found that e17 frees some pointers named
>> bd->client.icccm.command.argv[i]. this line can be found at
>> e_border.c:2937. I was trying to search a line where this variable is
>> allocated but I found nothing interesting. You will find some debugging
>> informations in the following.
>>
>> command line /usr/local/bin/enlightenment -evil
>> Reproduction : 100 %
>> Way to reproduce it : just quit e17
>>
>> backtrace with gdb
>>
>> (gdb) bt
>> #0 0xffffe410 in __kernel_vsyscall ()
>> #1 0xb798a36d in ___newselect_nocancel () from /lib/libc.so.6
>> #2 0xb7a46154 in _XWaitForReadable () from /usr/X11R6/lib/libX11.so.6
>> #3 0xb7a46511 in _XRead () from /usr/X11R6/lib/libX11.so.6
>> #4 0xb7a47969 in _XReadEvents () from /usr/X11R6/lib/libX11.so.6
>> #5 0xb7a3663a in XNextEvent () from /usr/X11R6/lib/libX11.so.6
>> #6 0x080d181f in e_alert_show (
>> text=0x812efa4 "This is very bad. Enlightenment has
>> segfaulted.\nThis is not meant to happen and is likely a sign of a\nbug
>> in Enlightenment or the libraries it relies on.\n\nYou can gdb attach
>> to this process now to try"...) at e_alert.c:137
>> #7 0x080b9fb2 in e_sigseg_act (x=11, info=0xbfd0b52c, data=0xbfd0b5ac)
>> at e_signals.c:53
>> #8 <signal handler called>
>> #9 0xb793878f in free () from /lib/libc.so.6
>> #10 0x08082e38 in _e_border_free (bd=0x8474658) at e_border.c:2937
>> #11 0x080a1ddd in e_object_free (obj=0x8474658) at e_object.c:77
>> #12 0x080a1e2c in e_object_unref (obj=0x8474658) at e_object.c:96
>> #13 0x0808c561 in _e_border_event_border_remove_free (data=0x0,
>> ev=0x845c028) at e_border.c:6236
>> #14 0xb7ca1658 in _ecore_event_del (event=0x8409c98) at
>> ecore_events.c:357 #15 0xb7ca1910 in _ecore_event_call () at
>> ecore_events.c:445 #16 0xb7ca8a36 in _ecore_main_loop_iterate_internal
>> (once_only=0) at ecore_main.c:639
>> #17 0xb7ca7c25 in ecore_main_loop_begin () at ecore_main.c:79
>> #18 0x080638a9 in main (argc=2, argv=0xbfd0ec34) at e_main.c:689
>> (gdb) fr 10
>> #10 0x08082e38 in _e_border_free (bd=0x8474658) at e_border.c:2937
>> 2937 free(bd->client.icccm.command.argv[i]);
>> (gdb) l
>> 2932 if ((bd->client.icccm.command.argc > 0) &&
>> (bd->client.icccm.command.argv))
>> 2933 {
>> 2934 int i;
>> 2935
>> 2936 for (i = 0; i < bd->client.icccm.command.argc; i++)
>> 2937 free(bd->client.icccm.command.argv[i]);
>> 2938 free(bd->client.icccm.command.argv);
>> 2939 }
>> 2940 if (bd->client.netwm.name) free(bd->client.netwm.name);
>> 2941 if (bd->client.netwm.icon_name)
>> free(bd->client.netwm.icon_name); (gdb) p bd
>> $11 = (E_Border *) 0x8474658
>> (gdb) p bd->client.icccm.command.argv[i]
>> $10 = 0x836cd65 "-evil"
>> (gdb) p bd->client.icccm.command.argv
>> $12 = (char **) 0x8471288
>> (gdb) p bd->client.icccm.command
>> $13 = {argc = 2, argv = 0x8471288}
>> (gdb) p bd->client.icccm
>> $14 = {title = 0x0, name = 0x8388ad0 "[EMAIL PROTECTED]", class = 0x8388468
>> "?\2128\bfigure", icon_name = 0x0,
>> machine = 0x83c90c8 "`\2048\bite", min_w = 352, min_h = 310, max_w =
>> 9999, max_h = 9999, base_w = -1, base_h = -1,
>> step_w = -1, step_h = -1, start_x = 0, start_y = 0, min_aspect = 0,
>> max_aspect = 0,
>> initial_state = ECORE_X_WINDOW_STATE_HINT_WITHDRAWN, state =
>> ECORE_X_WINDOW_STATE_HINT_ICONIC, icon_pixmap = 0,
>> icon_mask = 0, icon_window = 0, window_group = 0, transient_for =
>> 163, client_leader = 0, gravity = ECORE_X_GRAVITY_NW,
>> window_role = 0x0, take_focus = 0 '\0', accepts_focus = 1 '\001',
>> urgent = 0 '\0', delete_request = 1 '\001',
>> request_pos = 0 '\0', command = {argc = 2, argv = 0x8471288}, fetch =
>> {title = 0 '\0', name_class = 0 '\0',
>> icon_name = 0 '\0', machine = 0 '\0', hints = 0 '\0',
>> size_pos_hints = 0 '\0', protocol = 0 '\0',
>> transient_for = 0 '\0', client_leader = 0 '\0', window_role = 0
>> '\0', state = 0 '\0', command = 0 '\0'}}
>> (gdb) p bd
>> $15 = (E_Border *) 0x8474658
>> (gdb) fr 11
>> #11 0x080a1ddd in e_object_free (obj=0x8474658) at e_object.c:77
>> 77 obj->cleanup_func(obj);
>> (gdb) l
>> 72 e_object_breadcrumb_debug(obj);
>> 73 }
>> 74 */
>> 75 if (obj->free_att_func) obj->free_att_func(obj);
>> 76 obj->magic = E_OBJECT_MAGIC_FREED;
>> 77 obj->cleanup_func(obj);
>> 78 }
>> 79
>> 80 EAPI int
>> 81 e_object_ref(E_Object *obj)
>> (gdb) p obj
>> $16 = (E_Object *) 0x8474658
>> (gdb) p obj->magic
>> $17 = -524325139
>>
>> If you need more informations about it feel free to contact me
>>
>> regards
>>
>> Mathieu
>>
>>
>>
>> _______________________________________________
>> enlightenment-devel mailing list
>> enlightenment-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
>
>
>
> _______________________________________________
> enlightenment-devel mailing list
> enlightenment-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
