2942 – "xman" may crash when opening the print dialog

Bug 2942 - "xman" may crash when opening the print dialog

Summary: "xman" may crash when opening the print dialog

Status:	RESOLVED FIXED

Alias:	None

Product:	xorg
Classification:	Unclassified
Component:	App/xman (show other bugs)
Version:	6.8.2
Hardware:	All All

Importance:	high blocker
Assignee:	Roland Mainz
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-04-08 23:23 UTC by Roland Mainz
Modified:	2005-04-08 06:47 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
Patch for 2005-04-09-trunk which uses \|XtCalloc()\| instead of \|XtMalloc()\| to clear the \|ManpageGlobals\| structure correctly (3.08 KB, patch) 2005-04-08 23:39 UTC, Roland Mainz	roland.mainz: 6.8-branch?	Details \| Splinter Review
View All

Description Roland Mainz 2005-04-08 23:23:53 UTC

[Originally reported by Daniel Martini]
"xman" may crash when opening the print dialog due usage of uninitalised
pointers.

A quick test using "valgrind" shows this:
-- snip --
valgrind --num-callers=15 ./xman)==24920== Memcheck, a.k.a. Valgrind, a memory
error detector for x86-linux.
==24920== Copyright (C) 2002-2003, and GNU GPL'd, by Julian Seward.
==24920== Using valgrind-2.0.0, a program supervision framework for x86-linux.
==24920== Copyright (C) 2000-2003, and GNU GPL'd, by Julian Seward.
==24920== Estimated CPU clock rate is 1197 MHz
==24920== For more details, rerun with: -v
==24920== 
==24920== Conditional jump or move depends on uninitialised value(s)
==24920==    at 0x40010606: strchr (in /lib/ld-2.3.2.so)
==24920== 
==24920== Conditional jump or move depends on uninitialised value(s)
==24920==    at 0x804D3FB: PrintThisManpage (in
/home/gismobile/projects/xorg/commit1/xc/programs/xman/xman)
==24920==    by 0x804C81F: OptionCallback (in
/home/gismobile/projects/xorg/commit1/xc/programs/xman/xman)
==24920==    by 0x402B173F: XtCallCallbacks (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402638C9: Notify (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xaw/libXaw.so.8.0)
==24920==    by 0x4026223C: Notify (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xaw/libXaw.so.8.0)
==24920==    by 0x402E5BA3: HandleActions (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402E619D: HandleSimpleState (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402E67FB: _XtTranslateEvent (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BE67F: XtDispatchEventToWidget (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BF1F4: _XtDefaultDispatcher (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BF2F0: XtDispatchEvent (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BF861: XtAppMainLoop (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x80532F0: main (in
/home/gismobile/projects/xorg/commit1/xc/programs/xman/xman)
==24920==    by 0x404318AD: __libc_start_main (in /lib/libc.so.6)
==24920==    by 0x804B2C0: (within
/home/gismobile/projects/xorg/commit1/xc/programs/xman/xman)
==24920== 
==24920== Conditional jump or move depends on uninitialised value(s)
==24920==    at 0x402E9A31: XtVaGetValues (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x804D426: PrintThisManpage (in
/home/gismobile/projects/xorg/commit1/xc/programs/xman/xman)
==24920==    by 0x804C81F: OptionCallback (in
/home/gismobile/projects/xorg/commit1/xc/programs/xman/xman)
==24920==    by 0x402B173F: XtCallCallbacks (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402638C9: Notify (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xaw/libXaw.so.8.0)
==24920==    by 0x4026223C: Notify (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xaw/libXaw.so.8.0)
==24920==    by 0x402E5BA3: HandleActions (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402E619D: HandleSimpleState (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402E67FB: _XtTranslateEvent (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BE67F: XtDispatchEventToWidget (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BF1F4: _XtDefaultDispatcher (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BF2F0: XtDispatchEvent (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BF861: XtAppMainLoop (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x80532F0: main (in
/home/gismobile/projects/xorg/commit1/xc/programs/xman/xman)
==24920==    by 0x404318AD: __libc_start_main (in /lib/libc.so.6)
==24920== 
==24920== Use of uninitialised value of size 4
==24920==    at 0x402BB9D8: XtWidgetToApplicationContext (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402C325D: XtGetValues (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402E9BC4: XtVaGetValues (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x804D426: PrintThisManpage (in
/home/gismobile/projects/xorg/commit1/xc/programs/xman/xman)
==24920==    by 0x804C81F: OptionCallback (in
/home/gismobile/projects/xorg/commit1/xc/programs/xman/xman)
==24920==    by 0x402B173F: XtCallCallbacks (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402638C9: Notify (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xaw/libXaw.so.8.0)
==24920==    by 0x4026223C: Notify (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xaw/libXaw.so.8.0)
==24920==    by 0x402E5BA3: HandleActions (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402E619D: HandleSimpleState (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402E67FB: _XtTranslateEvent (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BE67F: XtDispatchEventToWidget (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BF1F4: _XtDefaultDispatcher (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BF2F0: XtDispatchEvent (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BF861: XtAppMainLoop (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920== 
==24920== Invalid read of size 1
==24920==    at 0x402BB9EA: XtWidgetToApplicationContext (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402C325D: XtGetValues (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402E9BC4: XtVaGetValues (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x804D426: PrintThisManpage (in
/home/gismobile/projects/xorg/commit1/xc/programs/xman/xman)
==24920==    by 0x804C81F: OptionCallback (in
/home/gismobile/projects/xorg/commit1/xc/programs/xman/xman)
==24920==    by 0x402B173F: XtCallCallbacks (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402638C9: Notify (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xaw/libXaw.so.8.0)
==24920==    by 0x4026223C: Notify (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xaw/libXaw.so.8.0)
==24920==    by 0x402E5BA3: HandleActions (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402E619D: HandleSimpleState (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402E67FB: _XtTranslateEvent (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BE67F: XtDispatchEventToWidget (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BF1F4: _XtDefaultDispatcher (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BF2F0: XtDispatchEvent (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BF861: XtAppMainLoop (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    Address 0x61687343 is not stack'd, malloc'd or free'd
==24920== 
==24920== Use of uninitialised value of size 4
==24920==    at 0x402C385A: _XtIsHookObject (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402C325D: XtGetValues (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402E9BC4: XtVaGetValues (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x804D426: PrintThisManpage (in
/home/gismobile/projects/xorg/commit1/xc/programs/xman/xman)
==24920==    by 0x804C81F: OptionCallback (in
/home/gismobile/projects/xorg/commit1/xc/programs/xman/xman)
==24920==    by 0x402B173F: XtCallCallbacks (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402638C9: Notify (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xaw/libXaw.so.8.0)
==24920==    by 0x4026223C: Notify (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xaw/libXaw.so.8.0)
==24920==    by 0x402E5BA3: HandleActions (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402E619D: HandleSimpleState (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402E67FB: _XtTranslateEvent (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BE67F: XtDispatchEventToWidget (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BF1F4: _XtDefaultDispatcher (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BF2F0: XtDispatchEvent (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
==24920==    by 0x402BF861: XtAppMainLoop (in
/home/gismobile/projects/xorg/commit1/xc/lib/Xt/libXt.so.6.0)
-- snip --
etc. etc.
The problem may or may not crash "xman" depending on what's in the memory block
returned by |GetGlobals()|.

Comment 1 Roland Mainz 2005-04-08 23:26:15 UTC

A quick analysis shows that the "xman" code has _two_ (and not _one_) place
where the |ManpageGlobals| structure gets allocated. Opening the print dialog
from a real manpoage window does not cause any problems - but opening it from
the "welcome" page may lead to a crash.

Taking bug myself, the fix for this is quite easy...

Comment 2 Roland Mainz 2005-04-08 23:39:59 UTC

Created attachment 2360 [details] [review]
Patch for 2005-04-09-trunk which uses |XtCalloc()| instead of |XtMalloc()| to clear the |ManpageGlobals| structure correctly

Comment 3 Roland Mainz 2005-04-08 23:44:17 UTC

Patch checked-in...

/cvs/xorg/xc/ChangeLog,v  <--  xc/ChangeLog
new revision: 1.863; previous revision: 1.862
/cvs/xorg/xc/programs/xman/buttons.c,v  <--  xc/programs/xman/buttons.c
new revision: 1.6; previous revision: 1.5
Mailing the commit message to xorg-commit@lists.freedesktop.org...

... marking bug as FIXED.

Comment 4 Roland Mainz 2005-04-08 23:47:01 UTC

Comment on attachment 2360 [details] [review]
Patch for 2005-04-09-trunk which uses |XtCalloc()| instead of |XtMalloc()| to clear the |ManpageGlobals| structure correctly

Requesting approval for X11R6.8.x stable branch. The patches cures a quite
common crasher in "xman"'s print dialog which may occur on opening the dialog
due an uninitalised structure.

The fix is to clear the structure before using it (=allocating it using
|XtCalloc()| instead of |XtMalloc()|).

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.