On Thu, Aug 02, 2012 at 04:21:20PM -0700, Jason Evans wrote:
> On Aug 2, 2012, at 3:32 PM, Steve Kargl wrote:
> > (gdb) print *ptr
> > Attempt to dereference a generic pointer.
> > (gdb) up 1
> > #5 0x48164b7d in XFree (data=0x80f58e0) at XlibInt.c:1701
> > 1701 XlibInt.c: No such file or directory.
> > (gdb) print *data
> > Attempt to dereference a generic pointer.
> > (gdb) up 1
> > #6 0x080c4f2f in FlocaleFreeNameProperty (ptext=0xbfbfcfb4) at
> > Flocale.c:2363
> > 2363 Flocale.c: No such file or directory.
> > (gdb) print *ptext
> > $5 = {name = 0x80f58e0 "Untitled", name_list = 0x0}
>
> jemalloc is asserting that the page which contains 0x80f58e0 is allocated
> according to the containing chunk's page map, but the chunk header isn't
> even mapped, and the attempted read causes a segfault. This is almost
> certainly a result of calling free() with a bogus pointer.
>
I suspect, but cannot prove it yet, that ptext->name points at
a static buffer. I'm trying to understand the code now. The
failure starts in
void FlocaleFreeNameProperty(FlocaleNameString *ptext)
{
if (ptext->name_list != NULL)
{
if (ptext->name != NULL && ptext->name != *ptext->name_list)
XFree(ptext->name);
XFreeStringList(ptext->name_list);
ptext->name_list = NULL;
}
else if (ptext->name != NULL)
{
XFree(ptext->name);
}
ptext->name = NULL;
return;
}
In the code the XFree(ptext->name) appears protected by the check
for a NULL pointer, but it appears that 0x80f58e0 is invalid. I
don't know how to check for an non-NULL invalid pointer. I suppose
I can hack fvwm to leak memory at worse.
--
Steve
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
