Re: [Bug 599780] [NEW] reproducible crash with free(): invalid pointer
On Tue, 29 Jun 2010, Thomas Dickey wrote: > On Tue, 29 Jun 2010, Thomas Dickey wrote: > >> On Tue, 29 Jun 2010, Timo Juhani Lindfors wrote: >> >>> Public bug reported: >>> >>> Binary package hint: xterm >> >>> Package: xterm 256-1ubuntu1 >> >> The current patch-level upstream is #261; the last fix involving memory >> issues was here (2010/5/1): >> >> http://invisible-island.net/xterm/xterm.log.html#xterm_258 > > The description of the bug given here corresponds to > > Patch #257 - 2010/4/22 > compute value for first wide-character rather than assuming it is 256, > fixes problem with -cjk_width introduced in patches 242 and 249 (report by > Thomas Wolff). fwiw, the hint is here: ==3820== Address 0x460edb0 is 16 bytes before a block of size 384 free'd ==3820==at 0x4024B3A: free (vg_replace_malloc.c:366) ==3820==by 0x80803DD: ReallocateBufOffsets (screen.c:579) ==3820==by 0x80804D3: ChangeToWide (screen.c:622) ==3820==by 0x8059408: doparsing (charproc.c:3049) ==3820==by 0x8059838: VTparse (charproc.c:3201) ==3820==by 0x805DA88: VTRun (charproc.c:5314) ==3820==by 0x8070ABF: main (main.c:2415) -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net -- reproducible crash with free(): invalid pointer https://bugs.launchpad.net/bugs/599780 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 599780] [NEW] reproducible crash with free(): invalid pointer
On Tue, 29 Jun 2010, Thomas Dickey wrote: > On Tue, 29 Jun 2010, Timo Juhani Lindfors wrote: > >> Public bug reported: >> >> Binary package hint: xterm > >> Package: xterm 256-1ubuntu1 > > The current patch-level upstream is #261; the last fix involving memory > issues was here (2010/5/1): > > http://invisible-island.net/xterm/xterm.log.html#xterm_258 The description of the bug given here corresponds to Patch #257 - 2010/4/22 compute value for first wide-character rather than assuming it is 256, fixes problem with -cjk_width introduced in patches 242 and 249 (report by Thomas Wolff). -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net -- reproducible crash with free(): invalid pointer https://bugs.launchpad.net/bugs/599780 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 599780] [NEW] reproducible crash with free(): invalid pointer
On Tue, 29 Jun 2010, Timo Juhani Lindfors wrote: > Public bug reported: > > Binary package hint: xterm ... > Package: xterm 256-1ubuntu1 The current patch-level upstream is #261; the last fix involving memory issues was here (2010/5/1): http://invisible-island.net/xterm/xterm.log.html#xterm_258 -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net -- reproducible crash with free(): invalid pointer https://bugs.launchpad.net/bugs/599780 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 599780] [NEW] reproducible crash with free(): invalid pointer
Public bug reported: Binary package hint: xterm Steps to reproduce: 1) start xterm 2) type "cat xterm.testcase" Expected results: 2) xterm does not crash Actual results: 2) xterm crashes with *** glibc detected *** xterm: free(): invalid pointer: 0x097f5830 *** === Backtrace: = /lib/tls/i686/cmov/libc.so.6(+0x6b591)[0xb771d591] /lib/tls/i686/cmov/libc.so.6(+0x6cde8)[0xb771ede8] /lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0xb7721ecd] xterm[0x8076af7] xterm[0x8077130] xterm[0x8079c24] xterm[0x80821d1] xterm[0x805c251] xterm[0x805fb5f] xterm[0x805fc70] xterm[0x806c200] /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb76c8bd6] xterm[0x804d6a1] === Memory map: 08048000-08099000 r-xp 00:10 27821227 /usr/bin/xterm 08099000-0809a000 r--p 0005 00:10 27821227 /usr/bin/xterm 0809a000-080a rw-p 00051000 00:10 27821227 /usr/bin/xterm 080a-080a2000 rw-p 00:00 0 097b7000-098e3000 rw-p 00:00 0 [heap] b6f0-b6f21000 rw-p 00:00 0 b6f21000-b700 ---p 00:00 0 b7046000-b7289000 rw-p 00:00 0 b734a000-b734b000 r-xp 00:10 39346458 /usr/lib/gconv/ISO8859-1.so b734b000-b734c000 r--p 1000 00:10 39346458 /usr/lib/gconv/ISO8859-1.so b734c000-b734d000 rw-p 2000 00:10 39346458 /usr/lib/gconv/ISO8859-1.so b734e000-b736b000 r-xp 00:10 39308646 /lib/libgcc_s.so.1 b736b000-b736c000 r--p 0001c000 00:10 39308646 /lib/libgcc_s.so.1 b736c000-b736d000 rw-p 0001d000 00:10 39308646 /lib/libgcc_s.so.1 b736d000-b7371000 r-xp 00:10 27956029 /usr/lib/libXfixes.so.3.1.0 b7371000-b7372000 r--p 3000 00:10 27956029 /usr/lib/libXfixes.so.3.1.0 b7372000-b7373000 rw-p 4000 00:10 27956029 /usr/lib/libXfixes.so.3.1.0 b7373000-b737b000 r-xp 00:10 27956025 /usr/lib/libXcursor.so.1.0.2 b737b000-b737c000 r--p 7000 00:10 27956025 /usr/lib/libXcursor.so.1.0.2 b737c000-b737d000 rw-p 8000 00:10 27956025 /usr/lib/libXcursor.so.1.0.2 b738e000-b73c5000 r--p 00:10 39343203 /usr/lib/locale/en_US/LC_CTYPE b73c5000-b73ca000 r--p 00:10 39343202 /usr/lib/locale/en_US/LC_COLLATE b73ca000-b73cc000 rw-p 00:00 0 b73cc000-b73cf000 r-xp 00:10 39308706 /lib/libuuid.so.1.3.0 b73cf000-b73d r--p 2000 00:10 39308706 /lib/libuuid.so.1.3.0 b73d-b73d1000 rw-p 3000 00:10 39308706 /lib/libuuid.so.1.3.0 b73d1000-b73d5000 r-xp 00:10 27956027 /usr/lib/libXdmcp.so.6.0.0 b73d5000-b73d6000 r--p 3000 00:10 27956027 /usr/lib/libXdmcp.so.6.0.0 b73d6000-b73d7000 rw-p 4000 00:10 27956027 /usr/lib/libXdmcp.so.6.0.0 b73d7000-b73d9000 r-xp 00:10 27956021 /usr/lib/libXau.so.6.0.0 b73d9000-b73da000 r--p 1000 00:10 27956021 /usr/lib/libXau.so.6.0.0 b73da000-b73db000 rw-p 2000 00:10 27956021 /usr/lib/libXau.so.6.0.0 b73db000-b73dc000 rw-p 00:00 0 b73dc000-b73e3000 r-xp 00:10 27956018 /usr/lib/libSM.so.6.0.1 b73e3000-b73e4000 r--p 6000 00:10 27956018 /usr/lib/libSM.so.6.0.1 b73e4000-b73e5000 rw-p 7000 00:10 27956018 /usr/lib/libSM.so.6.0.1 b73e5000-b73fd000 r-xp 00:10 27956572 /usr/lib/libxcb.so.1.1.0 b73fd000-b73fe000 r--p 00017000 00:10 27956572 /usr/lib/libxcb.so.1.1.0 b73fe000-b73ff000 rw-p 00018000 00:10 27956572 /usr/lib/libxcb.so.1.1.0 b73ff000-b7423000 r-xp 00:10 39308642 /lib/libexpat.so.1.5.2 b7423000-b7425000 r--p 00024000 00:10 39308642 /lib/libexpat.so.1.5.2 b7425000-b7426000 rw-p 00026000 00:10 39308642 /lib/libexpat.so.1.5.2 b7426000-b7439000 r-xp 00:10 39308710 /lib/libz.so.1.2.3.3 b7439000-b743a000 r--p 00012000 00:10 39308710 /lib/libz.so.1.2.3.3 b743a000-b743b000 rw-p 00013000 00:10 39308710 /lib/libz.so.1.2.3.3 b743b000-b743d000 r-xp 00:10 26738713 /lib/tls/i686/cmov/libdl-2.11.1.so b743d000-b743e000 r--p 1000 00:10 26738713 /lib/tls/i686/cmov/libdl-2.11.1.so b743e000-b743f000 rw-p 2000 00:10 26738713 /lib/tls/i686/cmov/libdl-2.11.1.so b743f000-b744 rw-p 00:00 0 b744-b744f000 r-xp 00:10 27956037 /usr/lib/libXpm.so.4.11.0 being printed to .xsession-errors More info: 1) gdb: (gdb) bt full #0 0x002a7422 in __kernel_vsyscall () No symbol table info available. #1 0x002d2651 in raise () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. #2 0x002d5a82 in abort () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. #3 0x0030949d in ?? () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. #4 0x00313591 in ?? () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. #5 0x00314de8 in ?? () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. #6 0x00317ecd in free () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. #7 0x0807f9f1 in addScrollback (screen=0x97c063c) at ../scrollback.c:84 prior = 0x97e4660 where = 0x97e4660 which = 1 nco
