Hello, i would like to try an fix it. But i need the reproduce first, can you provide a minimal example.c for me ?
wh ________________________________________ Von: xorg <xorg-boun...@lists.x.org> im Auftrag von Vittorio Zecca <zec...@gmail.com> Gesendet: Montag, 9. November 2020 07:56:43 An: xorg@lists.x.org Betreff: sanitized version of libX11 crashes on heap-use-after-free in _XimUnRegisterIMInstantiateCallback While running the testsuite of tk8.6.10 a gnu gcc sanitized version of libX11-1.6.12 crashes because of a heap-use-after-free at imInsClbk.c line 238 !strcmp( lcd->core->modifiers, icb->modifiers ))) && the sanitizer error messages suggest that lcd->core->modifiers is referenced after it is freed. This is under Fedora 32 in an x86-64 hardware. The following is the complete sanitizer message (tktest is a program in tk8.6.10) ./tktest ================================================================= ==180767==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020000109f0 at pc 0x146b2ee4868c bp 0x7fff77aa86c0 sp 0x7fff77aa7e68 READ of size 1 at 0x6020000109f0 thread T0 #0 0x146b2ee4868b (/lib64/libasan.so.6+0x8e68b) #1 0x146b2c570453 in _XimUnRegisterIMInstantiateCallback /home/vitti/rpmbuild/SOURCES/X11/modules/im/ximcp/imInsClbk.c:238 #2 0x146b2c4c39e9 in XUnregisterIMInstantiateCallback /home/vitti/rpmbuild/SOURCES/X11/src/xlibi18n/IMWrap.c:200 #3 0x146b2c56f33b in _XimRegisterIMInstantiateCallback /home/vitti/rpmbuild/SOURCES/X11/modules/im/ximcp/imInsClbk.c:209 #4 0x146b2c4c385c in XRegisterIMInstantiateCallback /home/vitti/rpmbuild/SOURCES/X11/src/xlibi18n/IMWrap.c:177 #5 0x146b2e1c92ea in TkpOpenDisplay /home/vitti/rpmbuild/SOURCES/tk/unix/../unix/tkUnixEvent.c:184 #6 0x146b2dd02a17 in GetScreen /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkWindow.c:465 #7 0x146b2dd02a17 in CreateTopLevelWindow /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkWindow.c:348 #8 0x146b2dd04035 in TkCreateMainWindow /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkWindow.c:855 #9 0x146b2dd5c947 in CreateFrame /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkFrame.c:582 #10 0x146b2dd5e8a7 in TkListCreateFrame /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkFrame.c:468 #11 0x146b2dd0f00d in Initialize /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkWindow.c:3255 #12 0x4029b0 in Tcl_AppInit /home/vitti/rpmbuild/SOURCES/tk/unix/../unix/tkAppInit.c:109 #13 0x146b2dc7ea75 in Tk_MainEx /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkMain.c:338 #14 0x4027db in main /home/vitti/rpmbuild/SOURCES/tk/unix/../unix/tkAppInit.c:78 #15 0x146b2b0d21a1 in __libc_start_main (/lib64/libc.so.6+0x281a1) #16 0x4028cd in _start (/home/vitti/rpmbuild/SOURCES/tk8.6.10/unix/tktest+0x4028cd) 0x6020000109f0 is located 0 bytes inside of 1-byte region [0x6020000109f0,0x6020000109f1) freed by thread T0 here: #0 0x146b2ee6a307 in __interceptor_free (/lib64/libasan.so.6+0xb0307) #1 0x146b2c513802 in XSetLocaleModifiers /home/vitti/rpmbuild/SOURCES/X11/src/xlibi18n/lcWrap.c:90 #2 0x146b2e1c7e44 in OpenIM /home/vitti/rpmbuild/SOURCES/tk/unix/../unix/tkUnixEvent.c:750 #3 0x146b2e1c8a64 in InstantiateIMCallback /home/vitti/rpmbuild/SOURCES/tk/unix/../unix/tkUnixEvent.c:705 #4 0x146b2c56f33b in _XimRegisterIMInstantiateCallback /home/vitti/rpmbuild/SOURCES/X11/modules/im/ximcp/imInsClbk.c:209 #5 0x146b2c4c385c in XRegisterIMInstantiateCallback /home/vitti/rpmbuild/SOURCES/X11/src/xlibi18n/IMWrap.c:177 #6 0x146b2e1c92ea in TkpOpenDisplay /home/vitti/rpmbuild/SOURCES/tk/unix/../unix/tkUnixEvent.c:184 #7 0x146b2dd02a17 in GetScreen /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkWindow.c:465 #8 0x146b2dd02a17 in CreateTopLevelWindow /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkWindow.c:348 #9 0x146b2dd04035 in TkCreateMainWindow /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkWindow.c:855 #10 0x146b2dd5c947 in CreateFrame /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkFrame.c:582 #11 0x146b2dd5e8a7 in TkListCreateFrame /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkFrame.c:468 #12 0x146b2dd0f00d in Initialize /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkWindow.c:3255 #13 0x4029b0 in Tcl_AppInit /home/vitti/rpmbuild/SOURCES/tk/unix/../unix/tkAppInit.c:109 #14 0x146b2dc7ea75 in Tk_MainEx /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkMain.c:338 #15 0x4027db in main /home/vitti/rpmbuild/SOURCES/tk/unix/../unix/tkAppInit.c:78 #16 0x146b2b0d21a1 in __libc_start_main (/lib64/libc.so.6+0x281a1) previously allocated by thread T0 here: #0 0x146b2ee6a667 in __interceptor_malloc (/lib64/libasan.so.6+0xb0667) #1 0x146b2c5126d3 in _XlcDefaultMapModifiers /home/vitti/rpmbuild/SOURCES/X11/src/xlibi18n/lcWrap.c:147 #2 0x146b2c51377e in XSetLocaleModifiers /home/vitti/rpmbuild/SOURCES/X11/src/xlibi18n/lcWrap.c:88 #3 0x146b2e1c7e44 in OpenIM /home/vitti/rpmbuild/SOURCES/tk/unix/../unix/tkUnixEvent.c:750 #4 0x146b2e1c92ab in TkpOpenDisplay /home/vitti/rpmbuild/SOURCES/tk/unix/../unix/tkUnixEvent.c:183 #5 0x146b2dd02a17 in GetScreen /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkWindow.c:465 #6 0x146b2dd02a17 in CreateTopLevelWindow /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkWindow.c:348 #7 0x146b2dd04035 in TkCreateMainWindow /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkWindow.c:855 #8 0x146b2dd5c947 in CreateFrame /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkFrame.c:582 #9 0x146b2dd5e8a7 in TkListCreateFrame /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkFrame.c:468 #10 0x146b2dd0f00d in Initialize /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkWindow.c:3255 #11 0x4029b0 in Tcl_AppInit /home/vitti/rpmbuild/SOURCES/tk/unix/../unix/tkAppInit.c:109 #12 0x146b2dc7ea75 in Tk_MainEx /home/vitti/rpmbuild/SOURCES/tk/unix/../generic/tkMain.c:338 #13 0x4027db in main /home/vitti/rpmbuild/SOURCES/tk/unix/../unix/tkAppInit.c:78 #14 0x146b2b0d21a1 in __libc_start_main (/lib64/libc.so.6+0x281a1) SUMMARY: AddressSanitizer: heap-use-after-free (/lib64/libasan.so.6+0x8e68b) _______________________________________________ xorg@lists.x.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: https://lists.x.org/mailman/listinfo/xorg Your subscription address: %(user_address)s _______________________________________________ xorg@lists.x.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: https://lists.x.org/mailman/listinfo/xorg Your subscription address: %(user_address)s