Debian Bug report logs - #541160
xterm: heap corruption when changing window size

version graph

Package: xterm; Maintainer for xterm is Debian X Strike Force <debian-x@lists.debian.org>; Source for xterm is src:xterm.

Reported by: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>

Date: Wed, 12 Aug 2009 01:57:01 UTC

Severity: normal

Tags: fixed-upstream

Merged with 542396

Found in versions xterm/244-1, xterm/244-2

Fixed in version xterm/246-1

Done: Julien Cristau <jcristau@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Wed, 12 Aug 2009 01:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
New Bug report received and forwarded. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Wed, 12 Aug 2009 01:57:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
To: submit@bugs.debian.org
Subject: xterm: heap corruption when changing window size
Date: Wed, 12 Aug 2009 03:53:13 +0200
[Message part 1 (text/plain, inline)]
Package: xterm
Version: 244-1
Severity: normal

Hi,

I just noticed that xterm doesn't like it very much to be resized: when I grab
a window edge and make a circular motion (i.e. enlarge and shrink again in
both dimensions), I usually get it to segfault within fractions of a second.
Here are a few backtrace samples...

=====
(gdb) bt
#0  0xb7e333fc in ?? () from /lib/i686/cmov/libc.so.6
#1  0xb7e349ff in calloc () from /lib/i686/cmov/libc.so.6
#2  0x0807d31e in allocScrnData (screen=0x80ca6b4, nrow=1, ncol=121) at ../screen.c:287
#3  0x0807cfcd in addScrollback (screen=0x80ca6b4) at ../scrollback.c:90
#4  0x0807d3d3 in saveEditBufLines (screen=0x80ca6b4, sb=0x80e2378, n=1) at ../screen.c:340
#5  0x080806fd in ScreenResize (xw=0x80ca5b0, width=730, height=496, flags=0x80cd984) at ../screen.c:1791
#6  0x0805d3a1 in VTResize (w=0x80ca5b0) at ../charproc.c:5021
#7  0xb7c485d9 in XtConfigureWidget () from /usr/lib/libXt.so.6
#8  0xb7c4877a in XtResizeWidget () from /usr/lib/libXt.so.6
#9  0xb7fa5c5a in XawVendorShellExtResize () from /usr/lib/libXaw.so.7
#10 0xb7c612a2 in ?? () from /usr/lib/libXt.so.6
#11 0xb7c450f4 in XtDispatchEventToWidget () from /usr/lib/libXt.so.6
#12 0xb7c45aaf in ?? () from /usr/lib/libXt.so.6
#13 0xb7c44a67 in XtDispatchEvent () from /usr/lib/libXt.so.6
#14 0x08076319 in xevents () at ../misc.c:459
#15 0x08059edb in in_put (xw=0x80ca5b0) at ../charproc.c:3437
#16 0x08059f14 in doinput () at ../charproc.c:3452
#17 0x0805962d in VTparse (xw=0x80ca5b0) at ../charproc.c:3023
#18 0x0805d200 in VTRun (xw=0x80ca5b0) at ../charproc.c:4957
#19 0x0806f416 in main (argc=0, argv=0xbffff4f8) at ../main.c:2414
=====
Program received signal SIGSEGV, Segmentation fault.
0xb7e322a8 in ?? () from /lib/i686/cmov/libc.so.6
(gdb) bt
#0  0xb7e322a8 in ?? () from /lib/i686/cmov/libc.so.6
#1  0xb7e32896 in free () from /lib/i686/cmov/libc.so.6
#2  0x0807d831 in Reallocate (xw=0x80ca5b0, sbuf=0x80cc7b8, sbufaddr=0x80cc7c0, nrow=24, ncol=123, oldrow=25, 
    oldcol=123) at ../screen.c:499
#3  0x08080777 in ScreenResize (xw=0x80ca5b0, width=742, height=292, flags=0x80cd984) at ../screen.c:1837
#4  0x0805d3a1 in VTResize (w=0x80ca5b0) at ../charproc.c:5021
#5  0xb7c485d9 in XtConfigureWidget () from /usr/lib/libXt.so.6
#6  0xb7c4877a in XtResizeWidget () from /usr/lib/libXt.so.6
#7  0xb7fa5c5a in XawVendorShellExtResize () from /usr/lib/libXaw.so.7
#8  0xb7c612a2 in ?? () from /usr/lib/libXt.so.6
#9  0xb7c450f4 in XtDispatchEventToWidget () from /usr/lib/libXt.so.6
#10 0xb7c45aaf in ?? () from /usr/lib/libXt.so.6
#11 0xb7c44a67 in XtDispatchEvent () from /usr/lib/libXt.so.6
#12 0x08076319 in xevents () at ../misc.c:459
#13 0x08059edb in in_put (xw=0x80ca5b0) at ../charproc.c:3437
#14 0x08059f14 in doinput () at ../charproc.c:3452
#15 0x0805962d in VTparse (xw=0x80ca5b0) at ../charproc.c:3023
#16 0x0805d200 in VTRun (xw=0x80ca5b0) at ../charproc.c:4957
#17 0x0806f416 in main (argc=0, argv=0xbffff4f8) at ../main.c:2414
=====
*** glibc detected *** ./xterm: free(): invalid pointer: 0x080d6b78 ***
Program received signal SIGABRT, Aborted.
0xb7fe1424 in __kernel_vsyscall ()
(gdb) bt
#0  0xb7fe1424 in __kernel_vsyscall ()
#1  0xb7ded3d0 in raise () from /lib/i686/cmov/libc.so.6
#2  0xb7df0a85 in abort () from /lib/i686/cmov/libc.so.6
#3  0xb7e262ed in ?? () from /lib/i686/cmov/libc.so.6
#4  0xb7e308f4 in ?? () from /lib/i686/cmov/libc.so.6
#5  0xb7e32835 in free () from /lib/i686/cmov/libc.so.6
#6  0x0807d06d in deleteScrollback (screen=0x80caa74, row=-1) at ../scrollback.c:115
#7  0x08080993 in ScreenResize (xw=0x80ca970, width=472, height=556, flags=0x80cdd44) at ../screen.c:1909
#8  0x0805d3a1 in VTResize (w=0x80ca970) at ../charproc.c:5021
#9  0xb7c485d9 in XtConfigureWidget () from /usr/lib/libXt.so.6
#10 0xb7c4877a in XtResizeWidget () from /usr/lib/libXt.so.6
#11 0xb7fa5c5a in XawVendorShellExtResize () from /usr/lib/libXaw.so.7
#12 0xb7c612a2 in ?? () from /usr/lib/libXt.so.6
#13 0xb7c450f4 in XtDispatchEventToWidget () from /usr/lib/libXt.so.6
#14 0xb7c45aaf in ?? () from /usr/lib/libXt.so.6
#15 0xb7c44a67 in XtDispatchEvent () from /usr/lib/libXt.so.6
#16 0x08076319 in xevents () at ../misc.c:459
#17 0x08059edb in in_put (xw=0x80ca970) at ../charproc.c:3437
#18 0x08059f14 in doinput () at ../charproc.c:3452
#19 0x0805962d in VTparse (xw=0x80ca970) at ../charproc.c:3023
#20 0x0805d200 in VTRun (xw=0x80ca970) at ../charproc.c:4957
#21 0x0806f416 in main (argc=0, argv=0xbffff508) at ../main.c:2414
=====


Regards,

Jan
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Wed, 12 Aug 2009 13:27:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ed Schaller <schallee@darkmist.net>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Wed, 12 Aug 2009 13:27:05 GMT) Full text and rfc822 format available.

Message #10 received at 541160@bugs.debian.org (full text, mbox):

From: Ed Schaller <schallee@darkmist.net>
To: 541160@bugs.debian.org
Subject: ditto: amd64
Date: Wed, 12 Aug 2009 08:23:55 -0500
This appears to be the same issue that I am having. I regularly change xterm sizes via key mappings in fvwm. I'm loosing xterms to segv right and left.

I request that this gets bumped up to important or higher. At the rate it's going for me I'm going to be switching terminal emulators this afternoon...

I've got a lot going on today but I'm happy to help if I can.

Thanks!

>>>------>




Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Wed, 12 Aug 2009 17:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Wed, 12 Aug 2009 17:12:03 GMT) Full text and rfc822 format available.

Message #15 received at 541160@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: 541160@bugs.debian.org
Subject: Re: ditto: amd64
Date: Wed, 12 Aug 2009 19:05:06 +0200
Ditto. Here's a backtrace:

(gdb) run
Starting program: /usr/bin/xterm 
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x0000000000430510 in ?? ()
(gdb) bt
#0  0x0000000000430510 in ?? ()
#1  0x0000000000430e64 in ?? ()
#2  0x00007feb33f313aa in XtConfigureWidget (w=0x1b522a0, 
    x=<value optimized out>, y=<value optimized out>, width=493, height=758, 
    borderWidth=0) at ../../src/Geometry.c:673
#3  0x00007feb34cc1700 in XawVendorShellExtResize () from /usr/lib/libXaw.so.7
#4  0x00007feb33f2e108 in XtDispatchEventToWidget (widget=0x1b44160, 
    event=0x7fff3d30c800) at ../../src/Event.c:874
#5  0x00007feb33f2e92b in DispatchEvent (event=0x7fff3d30c800)
    at ../../src/Event.c:1280
#6  _XtDefaultDispatcher (event=0x7fff3d30c800) at ../../src/Event.c:1341
#7  0x00007feb33f2db3b in XtDispatchEvent (event=0x7fff3d30c800)
    at ../../src/Event.c:1415
#8  0x000000000042adf8 in ?? ()
#9  0x0000000000418796 in ?? ()
#10 0x0000000000418bd2 in ?? ()
#11 0x0000000000424391 in ?? ()
#12 0x00007feb346f65c6 in __libc_start_main (
    main=0x4238c0 <XParseGeometry@plt+115576>, argc=1, ubp_av=0x7fff3d30cdc8, 
    init=0x43d920 <XParseGeometry@plt+222168>, fini=<value optimized out>, 
    rtld_fini=<value optimized out>, stack_end=0x7fff3d30cdb8)
    at libc-start.c:222
#13 0x0000000000407589 in ?? ()
#14 0x00007fff3d30cdb8 in ?? ()
#15 0x000000000000001c in ?? ()
#16 0x0000000000000001 in ?? ()
#17 0x00007fff3d30df76 in ?? ()
#18 0x0000000000000000 in ?? ()
(gdb) 

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Wed, 12 Aug 2009 20:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Wed, 12 Aug 2009 20:09:03 GMT) Full text and rfc822 format available.

Message #20 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: 541160@bugs.debian.org
Cc: 541160-submitter@bugs.debian.org, 541132-submitter@bugs.debian.org, 541236-submitter@bugs.debian.org, 541109-submitter@bugs.debian.org
Subject: re: #541160 xterm: heap corruption when changing window size
Date: Wed, 12 Aug 2009 16:05:39 -0400
[Message part 1 (text/plain, inline)]
...just bad timing (I'm now looking to see the problem).  A short-term fix
should be to configure/build xterm using --disable-fifo-lines

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Wed, 12 Aug 2009 20:09:09 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Wed, 12 Aug 2009 21:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Wed, 12 Aug 2009 21:18:03 GMT) Full text and rfc822 format available.

Message #28 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: 541160@bugs.debian.org
Cc: 541160-submitter@bugs.debian.org
Subject: re: #541160 xterm: heap corruption when changing window size
Date: Wed, 12 Aug 2009 17:15:25 -0400
[Message part 1 (text/plain, inline)]
This one is hard to reproduce (here).  valgrind is not showing me any
problems as I resize the screen in various ways.

There are several special cases in the resizing logic, depending on
resource-settings, as well as the amount of text that has been scrolled
off onto the saved-lines buffer.

More details would be helpful...

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Wed, 12 Aug 2009 21:18:09 GMT) Full text and rfc822 format available.

Information stored :
Bug#541160; Package xterm. (Wed, 12 Aug 2009 21:36:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and filed, but not forwarded. (Wed, 12 Aug 2009 21:36:05 GMT) Full text and rfc822 format available.

Message #36 received at 541160-quiet@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: dickey@his.com, 541160-quiet@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Wed, 12 Aug 2009 23:31:57 +0200
On 2009-08-12 17:15:25 -0400, Thomas Dickey wrote:
> This one is hard to reproduce (here).  valgrind is not showing me any
> problems as I resize the screen in various ways.
> 
> There are several special cases in the resizing logic, depending on
> resource-settings, as well as the amount of text that has been scrolled
> off onto the saved-lines buffer.
> 
> More details would be helpful...

I can reproduce the crash every time with the example given in
bug 541236 (see step 4). In case this depends on the window manager,
I use fvwm.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Information stored :
Bug#541160; Package xterm. (Wed, 12 Aug 2009 21:42:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Dickey <dickey@his.com>:
Extra info received and filed, but not forwarded. (Wed, 12 Aug 2009 21:42:07 GMT) Full text and rfc822 format available.

Message #41 received at 541160-quiet@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Vincent Lefevre <vincent@vinc17.org>
Cc: 541160-quiet@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Wed, 12 Aug 2009 17:40:10 -0400 (EDT)
On Wed, 12 Aug 2009, Vincent Lefevre wrote:

> On 2009-08-12 17:15:25 -0400, Thomas Dickey wrote:
>> This one is hard to reproduce (here).  valgrind is not showing me any
>> problems as I resize the screen in various ways.
>>
>> There are several special cases in the resizing logic, depending on
>> resource-settings, as well as the amount of text that has been scrolled
>> off onto the saved-lines buffer.
>>
>> More details would be helpful...
>
> I can reproduce the crash every time with the example given in
> bug 541236 (see step 4). In case this depends on the window manager,
> I use fvwm.

still no....  But the stack traces look useful...

-- 
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net




Reply sent to Julien Cristau <jcristau@debian.org>:
You have taken responsibility. (Wed, 12 Aug 2009 22:39:30 GMT) Full text and rfc822 format available.

Notification sent to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug acknowledged by developer. (Wed, 12 Aug 2009 22:39:31 GMT) Full text and rfc822 format available.

Message #46 received at 541160-close@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: 541160-close@bugs.debian.org
Subject: Bug#541160: fixed in xterm 244-2
Date: Wed, 12 Aug 2009 22:10:48 +0000
Source: xterm
Source-Version: 244-2

We believe that the bug you reported is fixed in the latest version of
xterm, which is due to be installed in the Debian FTP archive:

xterm_244-2.diff.gz
  to pool/main/x/xterm/xterm_244-2.diff.gz
xterm_244-2.dsc
  to pool/main/x/xterm/xterm_244-2.dsc
xterm_244-2_i386.deb
  to pool/main/x/xterm/xterm_244-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 541160@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated xterm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 12 Aug 2009 22:25:16 +0200
Source: xterm
Binary: xterm
Architecture: source i386
Version: 244-2
Distribution: unstable
Urgency: low
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Description: 
 xterm      - X terminal emulator
Closes: 541109 541132 541160 541236
Changes: 
 xterm (244-2) unstable; urgency=low
 .
   * Configure with --disable-fifo-lines to work around a crash in the new
     saved-lines handling code (closes: #541236, #541160, #541132, #541109).
     Thanks to Thomas Dickey for the workaround.
Checksums-Sha1: 
 c348379fba7126d8fa75b851ebcb1d5b466012d5 1339 xterm_244-2.dsc
 f9df25a257f7ea52eaa49f3db4404e30ab79fab1 73095 xterm_244-2.diff.gz
 676e9f54a470b162f9bf5c9fd256fb75b3b1fd07 495094 xterm_244-2_i386.deb
Checksums-Sha256: 
 d43e5912488ddafa81cb0e5bde04c861baa35920fd7d9f52ed7de327603d5c6f 1339 xterm_244-2.dsc
 900153967c5de4c153544cab734d8b87d5dce87b5f0b35e7e613e89271795cee 73095 xterm_244-2.diff.gz
 5bb330e5b862a6ca98f9c7f4ee4f2bbc26d21c9922c2d57ab5040ffddf0f8950 495094 xterm_244-2_i386.deb
Files: 
 48a1847692e0e85d7c1e0d56d126496f 1339 x11 optional xterm_244-2.dsc
 7562993a3b4b9757715f612d44435b02 73095 x11 optional xterm_244-2.diff.gz
 e85a0b155e6e5459a7b89320f394f75e 495094 x11 optional xterm_244-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqDKY4ACgkQmEvTgKxfcAwa1wCeJ++RoLUsWQGG9tup6ZS7UXoB
8O8AoK4e8Py1JUqXfRp+XoGVEOkr2S9Q
=OtTF
-----END PGP SIGNATURE-----





Information stored :
Bug#541160; Package xterm. (Wed, 12 Aug 2009 23:24:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and filed, but not forwarded. (Wed, 12 Aug 2009 23:24:05 GMT) Full text and rfc822 format available.

Message #51 received at 541160-quiet@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: Thomas Dickey <dickey@his.com>
Cc: 541160-quiet@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Thu, 13 Aug 2009 01:23:07 +0200
On 2009-08-12 17:40:10 -0400, Thomas Dickey wrote:
> On Wed, 12 Aug 2009, Vincent Lefevre wrote:
> >I can reproduce the crash every time with the example given in
> >bug 541236 (see step 4). In case this depends on the window manager,
> >I use fvwm.
> 
> still no....  But the stack traces look useful...

I wanted to try to record the X events, in case this would be useful,
but xnee doesn't work.

Note: the same bug occurs on a different machine.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Information stored :
Bug#541160; Package xterm. (Wed, 12 Aug 2009 23:36:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Dickey <dickey@his.com>:
Extra info received and filed, but not forwarded. (Wed, 12 Aug 2009 23:36:02 GMT) Full text and rfc822 format available.

Message #56 received at 541160-quiet@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Vincent Lefevre <vincent@vinc17.org>
Cc: 541160-quiet@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Wed, 12 Aug 2009 19:31:13 -0400 (EDT)
On Thu, 13 Aug 2009, Vincent Lefevre wrote:

> On 2009-08-12 17:40:10 -0400, Thomas Dickey wrote:
>> On Wed, 12 Aug 2009, Vincent Lefevre wrote:
>>> I can reproduce the crash every time with the example given in
>>> bug 541236 (see step 4). In case this depends on the window manager,
>>> I use fvwm.
>>
>> still no....  But the stack traces look useful...
>
> I wanted to try to record the X events, in case this would be useful,
> but xnee doesn't work.
>
> Note: the same bug occurs on a different machine.

given the number of reports, I'm not disagreeing.  So far, all I can
reproduce is the positioning error.  I'm about halfway through a fix
for that - perhaps the bugs are related (it would be nice if they had
the same cause...).

-- 
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net




Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Thu, 13 Aug 2009 00:21:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Thu, 13 Aug 2009 00:21:02 GMT) Full text and rfc822 format available.

Message #61 received at 541160@bugs.debian.org (full text, mbox):

From: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
To: dickey@his.com
Cc: 541160@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Thu, 13 Aug 2009 02:17:55 +0200
[Message part 1 (text/plain, inline)]
Hi Thomas,

> This one is hard to reproduce (here).  valgrind is not showing me any
> problems as I resize the screen in various ways.
> 
> There are several special cases in the resizing logic, depending on
> resource-settings, as well as the amount of text that has been scrolled
> off onto the saved-lines buffer.
> 
> More details would be helpful...

while Julien has uploaded a new xterm package with fifo-lines disabled,
I can still help debugging the actual problem if this is desired. I
can reliably reproduce the problem with an empty (i.e. freshly started)
xterm with a bare prompt - once the buffer is full I can no longer make
it crash. My .Xresources only contains modifications to the font settings.

I'll do a few valgrind runs myself and report back.


Regards,

Jan 
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Thu, 13 Aug 2009 00:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Dickey <dickey@his.com>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Thu, 13 Aug 2009 00:27:03 GMT) Full text and rfc822 format available.

Message #66 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
Cc: 541160@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Wed, 12 Aug 2009 20:24:23 -0400 (EDT)
On Thu, 13 Aug 2009, Jan Christoph Nordholz wrote:

> Hi Thomas,
>
>> This one is hard to reproduce (here).  valgrind is not showing me any
>> problems as I resize the screen in various ways.
>>
>> There are several special cases in the resizing logic, depending on
>> resource-settings, as well as the amount of text that has been scrolled
>> off onto the saved-lines buffer.
>>
>> More details would be helpful...
>
> while Julien has uploaded a new xterm package with fifo-lines disabled,
> I can still help debugging the actual problem if this is desired. I
> can reliably reproduce the problem with an empty (i.e. freshly started)
> xterm with a bare prompt - once the buffer is full I can no longer make
> it crash. My .Xresources only contains modifications to the font settings.
>
> I'll do a few valgrind runs myself and report back.

The positioning problem is mostly a logic error (incorrect bounds 
checking) around the call to saveEditBufLines in screen.c; which I think I 
understand.  Once I have a fix for that, I'm interested to see if applying 
_that_ fix makes this problem go away.

-- 
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net




Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Thu, 13 Aug 2009 00:42:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Thu, 13 Aug 2009 00:42:09 GMT) Full text and rfc822 format available.

Message #71 received at 541160@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>, 541160@bugs.debian.org
Cc: dickey@his.com
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Thu, 13 Aug 2009 02:39:39 +0200
On 2009-08-13 02:17:55 +0200, Jan Christoph Nordholz wrote:
> I'll do a few valgrind runs myself and report back.

I've just done a test with valgrind. Here's the output:

==22673== Memcheck, a memory error detector.
==22673== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==22673== Using LibVEX rev 1884, a library for dynamic binary translation.
==22673== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==22673== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation framework.
==22673== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==22673== For more details, rerun with: -v
==22673== 
==22676== Warning: invalid file descriptor -1 in syscall close()
==22673== Invalid write of size 1
==22673==    at 0x430510: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673==    by 0x430E63: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673==    by 0x5DD03A9: XtConfigureWidget (in /usr/lib/libXt.so.6.0.0)
==22673==    by 0x508E6FF: XawVendorShellExtResize (in /usr/lib/libXaw7.so.7.0.0)
==22673==    by 0x5DCD107: XtDispatchEventToWidget (in /usr/lib/libXt.so.6.0.0)
==22673==    by 0x5DCD92A: (within /usr/lib/libXt.so.6.0.0)
==22673==    by 0x5DCCB3A: XtDispatchEvent (in /usr/lib/libXt.so.6.0.0)
==22673==    by 0x42ADF7: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673==    by 0x418795: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673==    by 0x418BD1: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673==    by 0x424390: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673==    by 0x550D5C5: (below main) (libc-start.c:222)
==22673==  Address 0x1080c0902 is not stack'd, malloc'd or (recently) free'd
==22673== 
==22673== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==22673==  Access not within mapped region at address 0x1080C0902
==22673==    at 0x430510: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673==    by 0x430E63: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673==    by 0x5DD03A9: XtConfigureWidget (in /usr/lib/libXt.so.6.0.0)
==22673==    by 0x508E6FF: XawVendorShellExtResize (in /usr/lib/libXaw7.so.7.0.0)
==22673==    by 0x5DCD107: XtDispatchEventToWidget (in /usr/lib/libXt.so.6.0.0)
==22673==    by 0x5DCD92A: (within /usr/lib/libXt.so.6.0.0)
==22673==    by 0x5DCCB3A: XtDispatchEvent (in /usr/lib/libXt.so.6.0.0)
==22673==    by 0x42ADF7: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673==    by 0x418795: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673==    by 0x418BD1: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673==    by 0x424390: (within /home/vinc17/wd/bugs/xterm/xterm)
==22673==    by 0x550D5C5: (below main) (libc-start.c:222)
==22673==  If you believe this happened as a result of a stack overflow in your
==22673==  program's main thread (unlikely but possible), you can try to increase
==22673==  the size of the main thread stack using the --main-stacksize= flag.
==22673==  The main thread stack size used in this run was 8388608.
==22673== 
==22673== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 1)
==22673== malloc/free: in use at exit: 477,264 bytes in 2,155 blocks.
==22673== malloc/free: 6,610 allocs, 4,455 frees, 1,032,863 bytes allocated.
==22673== For counts of detected errors, rerun with: -v
==22673== searching for pointers to 2,155 not-freed blocks.
==22673== checked 816,152 bytes.
==22673== 
==22673== LEAK SUMMARY:
==22673==    definitely lost: 3,689 bytes in 6 blocks.
==22673==      possibly lost: 0 bytes in 0 blocks.
==22673==    still reachable: 473,575 bytes in 2,149 blocks.
==22673==         suppressed: 0 bytes in 0 blocks.
==22673== Rerun with --leak-check=full to see details of leaked memory.
zsh: segmentation fault  valgrind ./xterm

Note: I had to copy the xterm binary because it is setgid and valgrind
cannot run it.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Thu, 13 Aug 2009 00:42:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Thu, 13 Aug 2009 00:42:10 GMT) Full text and rfc822 format available.

Message #76 received at 541160@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>, 541160@bugs.debian.org
Cc: dickey@his.com
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Thu, 13 Aug 2009 02:39:26 +0200
On Thu, Aug 13, 2009 at 02:17:55 +0200, Jan Christoph Nordholz wrote:

> I'll do a few valgrind runs myself and report back.
> 
I got a crash (glibc abort in free()) once, can't seem to reproduce now.
valgrind reports these issues though:

==864== Invalid write of size 1
==864==    at 0x402766C: memset (mc_replace_strmem.c:493)
==864==    by 0x807DE7F: ClearCells (screen.c:702)
==864==    by 0x8085E1B: ClearInLine2 (util.c:1205)
==864==    by 0x8085E84: ClearInLine (util.c:1226)
==864==    by 0x808601A: ClearRight (util.c:1270)
==864==    by 0x8086350: do_erase_line (util.c:1361)
==864==    by 0x8057701: doparsing (charproc.c:1870)
==864==    by 0x8059673: VTparse (charproc.c:3023)
==864==    by 0x805D22F: VTRun (charproc.c:4957)
==864==    by 0x806F445: main (main.c:2414)
==864==  Address 0x4fdcf9e is 0 bytes after a block of size 1,598 alloc'd
==864==    at 0x40240D2: calloc (vg_replace_malloc.c:397)
==864==    by 0x807D3F5: allocScrnData (screen.c:287)
==864==    by 0x807D0A4: addScrollback (scrollback.c:90)
==864==    by 0x807D4AA: saveEditBufLines (screen.c:340)
==864==    by 0x80807D4: ScreenResize (screen.c:1791)
==864==    by 0x805D3D0: VTResize (charproc.c:5021)
==864==    by 0x43AA5D8: XtConfigureWidget (Geometry.c:673)
==864==    by 0x43AA779: XtResizeWidget (Geometry.c:586)
==864==    by 0x409BC59: XawVendorShellExtResize (Vendor.c:448)
==864==    by 0x43C32A1: EventHandler (Shell.c:1671)
==864==    by 0x43A70F3: XtDispatchEventToWidget (Event.c:874)
==864==    by 0x43A7AAE: _XtDefaultDispatcher (Event.c:1335)

==864== Invalid write of size 2
==864==    at 0x806D6AC: getLineData (linedata.c:67)
==864==    by 0x805166F: okPosition (button.c:2631)
==864==    by 0x80522AE: ComputeSelect (button.c:3006)
==864==    by 0x805042B: StartSelect (button.c:2126)
==864==    by 0x805002E: do_select_start (button.c:2010)
==864==    by 0x80500BD: HandleSelectStart (button.c:2034)
==864==    by 0x43CF970: HandleActions (TMstate.c:636)
==864==    by 0x43CFD4A: HandleSimpleState (TMstate.c:875)
==864==    by 0x43D0347: _XtTranslateEvent (TMstate.c:1093)
==864==    by 0x43A7340: XtDispatchEventToWidget (Event.c:898)
==864==    by 0x43A7B45: _XtDefaultDispatcher (Event.c:1359)
==864==    by 0x43A6A66: XtDispatchEvent (Event.c:1415)
==864==  Address 0x5074e50 is 0 bytes after a block of size 384 alloc'd
==864==    at 0x40240D2: calloc (vg_replace_malloc.c:397)
==864==    by 0x807D359: allocScrnHead (screen.c:242)
==864==    by 0x807D7E3: Reallocate (screen.c:472)
==864==    by 0x808084E: ScreenResize (screen.c:1837)
==864==    by 0x805D3D0: VTResize (charproc.c:5021)
==864==    by 0x43AA5D8: XtConfigureWidget (Geometry.c:673)
==864==    by 0x43AA779: XtResizeWidget (Geometry.c:586)
==864==    by 0x409BC59: XawVendorShellExtResize (Vendor.c:448)
==864==    by 0x43C32A1: EventHandler (Shell.c:1671)
==864==    by 0x43A70F3: XtDispatchEventToWidget (Event.c:874)
==864==    by 0x43A7AAE: _XtDefaultDispatcher (Event.c:1335)
==864==    by 0x43A6A66: XtDispatchEvent (Event.c:1415)

==1278== Invalid write of size 1
==1278==    at 0x806D6CB: getLineData (linedata.c:70)
==1278==    by 0x805166F: okPosition (button.c:2631)
==1278==    by 0x80522CF: ComputeSelect (button.c:3007)
==1278==    by 0x8050D14: ExtendExtend (button.c:2309)
==1278==    by 0x8050493: EndExtend (button.c:2146)
==1278==    by 0x804E4E4: do_select_end (button.c:1016)
==1278==    by 0x804E65F: HandleSelectEnd (button.c:1044)
==1278==    by 0x43CF970: HandleActions (TMstate.c:636)
==1278==    by 0x43CFD4A: HandleSimpleState (TMstate.c:875)
==1278==    by 0x43D0347: _XtTranslateEvent (TMstate.c:1093)
==1278==    by 0x43A7340: XtDispatchEventToWidget (Event.c:898)
==1278==    by 0x43A7B45: _XtDefaultDispatcher (Event.c:1359)
==1278==  Address 0x5236833 is 3 bytes after a block of size 672 alloc'd
==1278==    at 0x40240D2: calloc (vg_replace_malloc.c:397)
==1278==    by 0x807D359: allocScrnHead (screen.c:242)
==1278==    by 0x807D7E3: Reallocate (screen.c:472)
==1278==    by 0x8080900: ScreenResize (screen.c:1865)
==1278==    by 0x805D3D0: VTResize (charproc.c:5021)
==1278==    by 0x43AA5D8: XtConfigureWidget (Geometry.c:673)
==1278==    by 0x43AA779: XtResizeWidget (Geometry.c:586)
==1278==    by 0x409BC59: XawVendorShellExtResize (Vendor.c:448)
==1278==    by 0x43C32A1: EventHandler (Shell.c:1671)
==1278==    by 0x43A70F3: XtDispatchEventToWidget (Event.c:874)
==1278==    by 0x43A7AAE: _XtDefaultDispatcher (Event.c:1335)
==1278==    by 0x43A6A66: XtDispatchEvent (Event.c:1415)

Cheers,
Julien




Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Thu, 13 Aug 2009 00:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Thu, 13 Aug 2009 00:48:03 GMT) Full text and rfc822 format available.

Message #81 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
Cc: dickey@his.com, 541160@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Wed, 12 Aug 2009 20:46:26 -0400
[Message part 1 (text/plain, inline)]
On Thu, Aug 13, 2009 at 02:17:55AM +0200, Jan Christoph Nordholz wrote:
> Hi Thomas,
> 
> > This one is hard to reproduce (here).  valgrind is not showing me any
> > problems as I resize the screen in various ways.
> > 
> > There are several special cases in the resizing logic, depending on
> > resource-settings, as well as the amount of text that has been scrolled
> > off onto the saved-lines buffer.
> > 
> > More details would be helpful...
> 
> while Julien has uploaded a new xterm package with fifo-lines disabled,
> I can still help debugging the actual problem if this is desired. I
> can reliably reproduce the problem with an empty (i.e. freshly started)
> xterm with a bare prompt - once the buffer is full I can no longer make
> it crash. My .Xresources only contains modifications to the font settings.
> 
> I'll do a few valgrind runs myself and report back.

Here's a fix for the positioning problem that I've been seeing (attached).

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[db-541109a.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Thu, 13 Aug 2009 01:00:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Thu, 13 Aug 2009 01:00:06 GMT) Full text and rfc822 format available.

Message #86 received at 541160@bugs.debian.org (full text, mbox):

From: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
To: Thomas Dickey <dickey@his.com>
Cc: 541160@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Thu, 13 Aug 2009 02:57:18 +0200
[Message part 1 (text/plain, inline)]
Hi Thomas,

> Here's a fix for the positioning problem that I've been seeing (attached).

thank you very much, the malloc corruption is gone now, too.


Regards,

Jan
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Thu, 13 Aug 2009 01:06:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Dickey <dickey@his.com>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Thu, 13 Aug 2009 01:06:06 GMT) Full text and rfc822 format available.

Message #91 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
Cc: 541160@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Wed, 12 Aug 2009 21:02:02 -0400 (EDT)
On Thu, 13 Aug 2009, Jan Christoph Nordholz wrote:

> Hi Thomas,
>
>> Here's a fix for the positioning problem that I've been seeing (attached).
>
> thank you very much, the malloc corruption is gone now, too.

thanks (I can see how the addressing-error might happen, but am puzzled 
that I could not trigger it here).

>
> Regards,

no problem (report bugs).

> Jan
>

-- 
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net




Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Thu, 13 Aug 2009 01:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Dickey <dickey@his.com>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Thu, 13 Aug 2009 01:18:03 GMT) Full text and rfc822 format available.

Message #96 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Julien Cristau <jcristau@debian.org>
Cc: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>, 541160@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Wed, 12 Aug 2009 21:15:45 -0400 (EDT)
On Thu, 13 Aug 2009, Julien Cristau wrote:

> On Thu, Aug 13, 2009 at 02:17:55 +0200, Jan Christoph Nordholz wrote:
>
>> I'll do a few valgrind runs myself and report back.
>>
> I got a crash (glibc abort in free()) once, can't seem to reproduce now.
> valgrind reports these issues though:

I'm puzzled that I cannot reproduce the valgrind errors, but it's nice 
that there was some slice of it that I could see.

(I'll put out a #245 with my fix, to avoid having other people stumble
into the hole).

-- 
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net




Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Thu, 13 Aug 2009 10:39:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Thu, 13 Aug 2009 10:39:03 GMT) Full text and rfc822 format available.

Message #101 received at 541160@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: 541160@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#541160: fixed in xterm 244-2
Date: Thu, 13 Aug 2009 12:00:12 +0200
reopen 541160
found 541160 xterm/244-2
thanks

On 2009-08-12 22:10:48 +0000, Julien Cristau wrote:
> Changes: 
>  xterm (244-2) unstable; urgency=low
>  .
>    * Configure with --disable-fifo-lines to work around a crash in the new
>      saved-lines handling code (closes: #541236, #541160, #541132, #541109).
>      Thanks to Thomas Dickey for the workaround.

I still get a crash with xterm 244-2.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Bug No longer marked as fixed in versions xterm/244-2 and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 13 Aug 2009 10:39:04 GMT) Full text and rfc822 format available.

Bug Marked as found in versions xterm/244-2. Request was from Vincent Lefevre <vincent@vinc17.org> to control@bugs.debian.org. (Thu, 13 Aug 2009 10:39:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Thu, 13 Aug 2009 20:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Thu, 13 Aug 2009 20:45:03 GMT) Full text and rfc822 format available.

Message #110 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: 541160@bugs.debian.org
Cc: 541160-submitter@bugs.debian.org
Subject: re: #541160 xterm: heap corruption when changing window size
Date: Thu, 13 Aug 2009 16:43:10 -0400
[Message part 1 (text/plain, inline)]
hmm.  It's supposed to work.  However, for background: most of the changes
from 244 are restructuring changes (actually, making structs for the index
of line-data).  So before, I had something like

	unsigned char *a;
	unsigned char *b;
	unsigned char *c;
	unsigned char *d;

and now it's a struct which can have different pointer types than unsigned
char *.

The enable-fifo-lines option turns on/off a modification which lets the
saved-line area be a separate memory buffer from the visible-lines.  In turn,
that saved-line area is accessed as a circular buffer.

Because of the way saved-lines and visible-lines were all one array, the new
scheme has several special cases - and up to this point, I've been assuming the
problems lie just in that chunk - particularly since more than half of the code
related to just enable-fifo-lines is in the resizing logic.

However - in that "most of the changes" chunk, it may address memory
differently, and we may be looking for a subscripting error, etc.

If I were able to reproduce this, I'd build xterm using the --enable-trace
option, to see if that gave me more information.  Besides writing to
Trace-parent.out the display information, it turns on several assert's
(which may catch the problem a little earlier).  There's a little more
trace that could be turned on by #define'ing OPT_TRACE to 2, though I'm
not sure if that's needed.  But that's where I'd start - to find
xterm's sizes for the buffer.

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Thu, 13 Aug 2009 20:45:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Fri, 14 Aug 2009 00:45:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Fri, 14 Aug 2009 00:45:02 GMT) Full text and rfc822 format available.

Message #118 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: 541160@bugs.debian.org
Cc: 541160-submitter@bugs.debian.org
Subject: re: #541160 xterm: heap corruption when changing window size
Date: Thu, 13 Aug 2009 20:43:40 -0400
[Message part 1 (text/plain, inline)]
On a different (non-Debian) bug report, it seems that the underlying
cause is misaligned data, which would affect either type (fifo-lines
or not).  Now that I know where to look, I'll work on a fix...

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Fri, 14 Aug 2009 00:45:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Fri, 14 Aug 2009 10:42:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Fri, 14 Aug 2009 10:42:04 GMT) Full text and rfc822 format available.

Message #126 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: 541160@bugs.debian.org
Cc: 541160-submitter@bugs.debian.org
Subject: re: #541160 xterm: heap corruption when changing window size
Date: Fri, 14 Aug 2009 06:38:54 -0400
[Message part 1 (text/plain, inline)]
Here's the current changes I've made for the other bug report,
including a fix for misalignment.  It would be nice to see if
this fixes #541160 also.

thanks

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[xterm-245a.patch.gz (application/octet-stream, attachment)]
[signature.asc (application/pgp-signature, inline)]

Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Fri, 14 Aug 2009 10:42:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Fri, 14 Aug 2009 13:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Fri, 14 Aug 2009 13:12:03 GMT) Full text and rfc822 format available.

Message #134 received at 541160@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: dickey@his.com, 541160@bugs.debian.org
Cc: 541160-submitter@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Fri, 14 Aug 2009 15:08:09 +0200
On 2009-08-14 06:38:54 -0400, Thomas Dickey wrote:
> Here's the current changes I've made for the other bug report,
> including a fix for misalignment.  It would be nice to see if
> this fixes #541160 also.

I've included patch 245 and this patch in xterm-244/debian/patches
and added these patches to "series", compiled the package with
"dpkg-buildpackage -b -uc", installed the new version with "dpkg -i",
then started xterm.

"xterm -version" says XTerm(246) as expected. But both problems still
occur.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Fri, 14 Aug 2009 13:12:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Fri, 14 Aug 2009 13:51:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Fri, 14 Aug 2009 13:51:02 GMT) Full text and rfc822 format available.

Message #142 received at 541160@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: dickey@his.com, 541160@bugs.debian.org
Cc: 541160-submitter@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Fri, 14 Aug 2009 15:48:27 +0200
[Message part 1 (text/plain, inline)]
On 2009-08-14 15:08:09 +0200, Vincent Lefevre wrote:
> I've included patch 245 and this patch in xterm-244/debian/patches
> and added these patches to "series", compiled the package with
> "dpkg-buildpackage -b -uc", installed the new version with "dpkg -i",
> then started xterm.
> 
> "xterm -version" says XTerm(246) as expected. But both problems still
> occur.

I've rebuilt the package with --enable-trace. Here are the traces
(attached).

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
[Trace-245a.tar.xz (application/octet-stream, attachment)]

Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Fri, 14 Aug 2009 13:51:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Fri, 14 Aug 2009 14:21:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Fri, 14 Aug 2009 14:21:06 GMT) Full text and rfc822 format available.

Message #150 received at 541160@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: dickey@his.com, 541160@bugs.debian.org
Cc: 541160-submitter@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Fri, 14 Aug 2009 16:15:00 +0200
[Message part 1 (text/plain, inline)]
Perhaps you could reproduce the problem with

  xterm -e "gunzip -c Xterm.log.gz; sleep 60"

and the attached compressed log file.

* Double-clicking on a "aaa...aaa" (*except* one of the first 5)
  selects the previous "bbb...bbb" too.

* Decreasing the number of lines of the window makes xterm segfault.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
[Xterm.log.gz (application/x-gunzip, attachment)]

Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Fri, 14 Aug 2009 14:21:09 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Fri, 14 Aug 2009 14:24:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Fri, 14 Aug 2009 14:24:06 GMT) Full text and rfc822 format available.

Message #158 received at 541160@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: dickey@his.com, 541160@bugs.debian.org
Cc: 541160-submitter@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Fri, 14 Aug 2009 16:20:52 +0200
On 2009-08-14 16:15:00 +0200, Vincent Lefevre wrote:
> Perhaps you could reproduce the problem with
> 
>   xterm -e "gunzip -c Xterm.log.gz; sleep 60"
> 
> and the attached compressed log file.
> 
> * Double-clicking on a "aaa...aaa" (*except* one of the first 5)
>   selects the previous "bbb...bbb" too.
> 
> * Decreasing the number of lines of the window makes xterm segfault.

I forgot: the log has been generated with a 80x60 terminal.
So, I think that you should make sure that you use this size.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Fri, 14 Aug 2009 14:24:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Fri, 14 Aug 2009 21:18:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Fri, 14 Aug 2009 21:18:10 GMT) Full text and rfc822 format available.

Message #166 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Vincent Lefevre <vincent@vinc17.org>
Cc: 541160@bugs.debian.org, 541160-submitter@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Fri, 14 Aug 2009 17:14:04 -0400
[Message part 1 (text/plain, inline)]
On Fri, Aug 14, 2009 at 04:15:00PM +0200, Vincent Lefevre wrote:
> Perhaps you could reproduce the problem with
> 
>   xterm -e "gunzip -c Xterm.log.gz; sleep 60"

    xterm -geom 80x60 -e "gunzip -c Xterm.log.gz; sleep 60"

With this combination, I can see the highlighting you're describing
(will investigate - thanks).
 
> * Double-clicking on a "aaa...aaa" (*except* one of the first 5)
>   selects the previous "bbb...bbb" too.
> 
> * Decreasing the number of lines of the window makes xterm segfault.

...but still no segfault (but perhaps it will be part of the same bug).

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Fri, 14 Aug 2009 21:18:14 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Fri, 14 Aug 2009 22:18:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Fri, 14 Aug 2009 22:18:05 GMT) Full text and rfc822 format available.

Message #174 received at 541160@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: Thomas Dickey <dickey@his.com>
Cc: 541160@bugs.debian.org, 541160-submitter@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Sat, 15 Aug 2009 00:17:23 +0200
On 2009-08-14 17:14:04 -0400, Thomas Dickey wrote:
> On Fri, Aug 14, 2009 at 04:15:00PM +0200, Vincent Lefevre wrote:
> > * Decreasing the number of lines of the window makes xterm segfault.
> 
> ...but still no segfault (but perhaps it will be part of the same bug).

Perhaps valgrind can detect the faulty memory access.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Fri, 14 Aug 2009 22:18:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Fri, 14 Aug 2009 22:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Dickey <dickey@his.com>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Fri, 14 Aug 2009 22:30:03 GMT) Full text and rfc822 format available.

Message #182 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Vincent Lefevre <vincent@vinc17.org>
Cc: 541160@bugs.debian.org, 541160-submitter@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Fri, 14 Aug 2009 18:27:53 -0400 (EDT)
On Sat, 15 Aug 2009, Vincent Lefevre wrote:

> On 2009-08-14 17:14:04 -0400, Thomas Dickey wrote:
>> On Fri, Aug 14, 2009 at 04:15:00PM +0200, Vincent Lefevre wrote:
>>> * Decreasing the number of lines of the window makes xterm segfault.
>>
>> ...but still no segfault (but perhaps it will be part of the same bug).
>
> Perhaps valgrind can detect the faulty memory access.

I did try that - found nothing (except of course memory leaks).
I assume there's something different about the way I'm building
xterm...

The memory alignment wasn't obvious,
except with the -ftree-vectorize gcc option.

-- 
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net




Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Fri, 14 Aug 2009 22:30:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Fri, 14 Aug 2009 22:54:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Fri, 14 Aug 2009 22:54:05 GMT) Full text and rfc822 format available.

Message #190 received at 541160@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: Thomas Dickey <dickey@his.com>
Cc: 541160@bugs.debian.org, 541160-submitter@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Sat, 15 Aug 2009 00:51:53 +0200
On 2009-08-14 18:27:53 -0400, Thomas Dickey wrote:
> I did try that - found nothing (except of course memory leaks).
> I assume there's something different about the way I'm building
> xterm...

Did you try with the same options as Debian?

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Fri, 14 Aug 2009 22:54:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Fri, 14 Aug 2009 22:57:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Dickey <dickey@his.com>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Fri, 14 Aug 2009 22:57:08 GMT) Full text and rfc822 format available.

Message #198 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Vincent Lefevre <vincent@vinc17.org>
Cc: 541160@bugs.debian.org, 541160-submitter@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Fri, 14 Aug 2009 18:53:54 -0400 (EDT)
On Sat, 15 Aug 2009, Vincent Lefevre wrote:

> On 2009-08-14 18:27:53 -0400, Thomas Dickey wrote:
>> I did try that - found nothing (except of course memory leaks).
>> I assume there's something different about the way I'm building
>> xterm...
>
> Did you try with the same options as Debian?

initially, yes - not today (since I'm making progress with the wrapping 
issue).

-- 
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net




Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Fri, 14 Aug 2009 22:57:11 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Fri, 14 Aug 2009 23:33:11 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Dickey <dickey@his.com>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Fri, 14 Aug 2009 23:33:11 GMT) Full text and rfc822 format available.

Message #206 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Vincent Lefevre <vincent@vinc17.org>
Cc: 541160@bugs.debian.org, 541160-submitter@bugs.debian.org
Subject: Re: Bug#541160: #541160 xterm: heap corruption when changing window size
Date: Fri, 14 Aug 2009 19:25:42 -0400 (EDT)
On Sat, 15 Aug 2009, Vincent Lefevre wrote:

> On 2009-08-14 17:14:04 -0400, Thomas Dickey wrote:
>> On Fri, Aug 14, 2009 at 04:15:00PM +0200, Vincent Lefevre wrote:
>>> * Decreasing the number of lines of the window makes xterm segfault.
>>
>> ...but still no segfault (but perhaps it will be part of the same bug).

I see the error in #541236 (I broke a macro in a rewrite last week, having 
found that bitfields for smaller types than int are a gcc extension).  So 
it's separate from this bug.

-- 
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net




Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Fri, 14 Aug 2009 23:33:19 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Sun, 16 Aug 2009 15:03:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Sun, 16 Aug 2009 15:03:06 GMT) Full text and rfc822 format available.

Message #214 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Vincent Lefevre <vincent@vinc17.org>
Cc: dickey@his.com, 541160@bugs.debian.org, 541160-submitter@bugs.debian.org
Subject: Re: Bug#541236: #541236 xterm: word selection selects whitespace characters too
Date: Sun, 16 Aug 2009 10:59:14 -0400
[Message part 1 (text/plain, inline)]
On Sat, Aug 15, 2009 at 03:26:45AM +0200, Vincent Lefevre wrote:
> tags 541236 patch
> thanks
> 
> On 2009-08-14 20:53:52 -0400, Thomas Dickey wrote:
> > Here's a copy of current changes for #246, which includes a fix for this bug.
> 
> Thanks, I've tested it and it indeed fixes this bug.

Looking at my email, it's not clear whether you still found a segmentation
violation after applying the patch for alignment, which would also address
541160.

Is that still reproducible?

If so, perhaps a valgrind log would help.

thanks

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Sun, 16 Aug 2009 15:03:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Sun, 16 Aug 2009 17:06:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Sun, 16 Aug 2009 17:06:07 GMT) Full text and rfc822 format available.

Message #222 received at 541160@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: Thomas Dickey <dickey@his.com>
Cc: 541160@bugs.debian.org, 541160-submitter@bugs.debian.org
Subject: Re: Bug#541236: #541236 xterm: word selection selects whitespace characters too
Date: Sun, 16 Aug 2009 19:01:58 +0200
On 2009-08-16 10:59:14 -0400, Thomas Dickey wrote:
> On Sat, Aug 15, 2009 at 03:26:45AM +0200, Vincent Lefevre wrote:
> > tags 541236 patch
> > thanks
> > 
> > On 2009-08-14 20:53:52 -0400, Thomas Dickey wrote:
> > > Here's a copy of current changes for #246, which includes a fix
> > > for this bug.
> > 
> > Thanks, I've tested it and it indeed fixes this bug.
> 
> Looking at my email, it's not clear whether you still found a segmentation
> violation after applying the patch for alignment, which would also address
> 541160.

Your patch fixes bug 541236 only. Bug 541160 is still there.

> Is that still reproducible?
> 
> If so, perhaps a valgrind log would help.

==32692== Memcheck, a memory error detector.
==32692== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==32692== Using LibVEX rev 1884, a library for dynamic binary translation.
==32692== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==32692== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation framework.
==32692== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==32692== For more details, rerun with: -v
==32692== 
==32692== My PID = 32692, parent PID = 32263.  Prog and args are:
==32692==    /home/vinc17/software/xterm-244.patched/obj-x86_64-linux-gnu/xterm
==32692== 
==32696== Warning: invalid file descriptor -1 in syscall close()
==32692== Invalid write of size 1
==32692==    at 0x430560: Reallocate (screen.c:547)
==32692==    by 0x4308B9: ScreenResize (screen.c:2009)
==32692==    by 0x5DD03A9: XtConfigureWidget (in /usr/lib/libXt.so.6.0.0)
==32692==    by 0x508E6FF: XawVendorShellExtResize (in /usr/lib/libXaw7.so.7.0.0)
==32692==    by 0x5DCD107: XtDispatchEventToWidget (in /usr/lib/libXt.so.6.0.0)
==32692==    by 0x5DCD92A: (within /usr/lib/libXt.so.6.0.0)
==32692==    by 0x5DCCB3A: XtDispatchEvent (in /usr/lib/libXt.so.6.0.0)
==32692==    by 0x42AE17: xevents (misc.c:459)
==32692==    by 0x4187AD: VTparse (charproc.c:3437)
==32692==    by 0x418BE1: VTRun (charproc.c:4957)
==32692==    by 0x4243B0: main (main.c:2414)
==32692==  Address 0x108103dd2 is not stack'd, malloc'd or (recently) free'd
==32692== 
==32692== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==32692==  Access not within mapped region at address 0x108103DD2
==32692==    at 0x430560: Reallocate (screen.c:547)
==32692==    by 0x4308B9: ScreenResize (screen.c:2009)
==32692==    by 0x5DD03A9: XtConfigureWidget (in /usr/lib/libXt.so.6.0.0)
==32692==    by 0x508E6FF: XawVendorShellExtResize (in /usr/lib/libXaw7.so.7.0.0)
==32692==    by 0x5DCD107: XtDispatchEventToWidget (in /usr/lib/libXt.so.6.0.0)
==32692==    by 0x5DCD92A: (within /usr/lib/libXt.so.6.0.0)
==32692==    by 0x5DCCB3A: XtDispatchEvent (in /usr/lib/libXt.so.6.0.0)
==32692==    by 0x42AE17: xevents (misc.c:459)
==32692==    by 0x4187AD: VTparse (charproc.c:3437)
==32692==    by 0x418BE1: VTRun (charproc.c:4957)
==32692==    by 0x4243B0: main (main.c:2414)
==32692==  If you believe this happened as a result of a stack overflow in your
==32692==  program's main thread (unlikely but possible), you can try to increase
==32692==  the size of the main thread stack using the --main-stacksize= flag.
==32692==  The main thread stack size used in this run was 8388608.
==32692== 
==32692== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 1)
==32692== malloc/free: in use at exit: 785,352 bytes in 2,154 blocks.
==32692== malloc/free: 6,605 allocs, 4,451 frees, 1,299,471 bytes allocated.
==32692== For counts of detected errors, rerun with: -v
==32692== searching for pointers to 2,154 not-freed blocks.
==32692== checked 1,124,184 bytes.
==32692== 
==32692== LEAK SUMMARY:
==32692==    definitely lost: 3,689 bytes in 6 blocks.
==32692==      possibly lost: 0 bytes in 0 blocks.
==32692==    still reachable: 781,663 bytes in 2,148 blocks.
==32692==         suppressed: 0 bytes in 0 blocks.
==32692== Rerun with --leak-check=full to see details of leaked memory.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Sun, 16 Aug 2009 17:06:14 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Sun, 16 Aug 2009 18:21:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Sun, 16 Aug 2009 18:21:02 GMT) Full text and rfc822 format available.

Message #230 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Vincent Lefevre <vincent@vinc17.org>
Cc: Thomas Dickey <dickey@his.com>, 541160@bugs.debian.org, 541160-submitter@bugs.debian.org
Subject: Re: Bug#541236: #541236 xterm: word selection selects whitespace characters too
Date: Sun, 16 Aug 2009 14:18:02 -0400
[Message part 1 (text/plain, inline)]
On Sun, Aug 16, 2009 at 07:01:58PM +0200, Vincent Lefevre wrote:
> On 2009-08-16 10:59:14 -0400, Thomas Dickey wrote:
> > On Sat, Aug 15, 2009 at 03:26:45AM +0200, Vincent Lefevre wrote:
> > > tags 541236 patch
> > > thanks
> > > 
> > > On 2009-08-14 20:53:52 -0400, Thomas Dickey wrote:
> > > > Here's a copy of current changes for #246, which includes a fix
> > > > for this bug.
> > > 
> > > Thanks, I've tested it and it indeed fixes this bug.
> > 
> > Looking at my email, it's not clear whether you still found a segmentation
> > violation after applying the patch for alignment, which would also address
> > 541160.
> 
> Your patch fixes bug 541236 only. Bug 541160 is still there.
> 
> > Is that still reproducible?
> > 
> > If so, perhaps a valgrind log would help.

That's helpful.  I'm puzzled (since I don't have all of the traces, etc).
I suspect that it's something related to 32/64-bit differences, but it's
not apparent.

But in investigation, I realized that the chunk which has the problem is
actually obsolete (something that's now done as part of the copyLineData
function).  So the whole chunk can be removed (along with the part that
sets up the data).

Please verify if the attached diff solves the problem.

> ==32696== Warning: invalid file descriptor -1 in syscall close()
> ==32692== Invalid write of size 1
> ==32692==    at 0x430560: Reallocate (screen.c:547)
> ==32692==    by 0x4308B9: ScreenResize (screen.c:2009)
> ==32692==    by 0x5DD03A9: XtConfigureWidget (in /usr/lib/libXt.so.6.0.0)
> ==32692==    by 0x508E6FF: XawVendorShellExtResize (in /usr/lib/libXaw7.so.7.0.0)
> ==32692==    by 0x5DCD107: XtDispatchEventToWidget (in /usr/lib/libXt.so.6.0.0)
> ==32692==    by 0x5DCD92A: (within /usr/lib/libXt.so.6.0.0)
> ==32692==    by 0x5DCCB3A: XtDispatchEvent (in /usr/lib/libXt.so.6.0.0)
> ==32692==    by 0x42AE17: xevents (misc.c:459)
> ==32692==    by 0x4187AD: VTparse (charproc.c:3437)
> ==32692==    by 0x418BE1: VTRun (charproc.c:4957)
> ==32692==    by 0x4243B0: main (main.c:2414)
> ==32692==  Address 0x108103dd2 is not stack'd, malloc'd or (recently) free'd

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[screen.c.diff.gz (application/octet-stream, attachment)]
[signature.asc (application/pgp-signature, inline)]

Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Sun, 16 Aug 2009 18:21:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Mon, 17 Aug 2009 00:06:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Mon, 17 Aug 2009 00:06:06 GMT) Full text and rfc822 format available.

Message #238 received at 541160@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: Thomas Dickey <dickey@his.com>
Cc: 541160@bugs.debian.org, 541160-submitter@bugs.debian.org
Subject: Re: Bug#541236: #541236 xterm: word selection selects whitespace characters too
Date: Mon, 17 Aug 2009 02:03:22 +0200
On 2009-08-16 14:18:02 -0400, Thomas Dickey wrote:
> But in investigation, I realized that the chunk which has the problem is
> actually obsolete (something that's now done as part of the copyLineData
> function).  So the whole chunk can be removed (along with the part that
> sets up the data).
> 
> Please verify if the attached diff solves the problem.

Yes, this solves the problem. Thanks.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Mon, 17 Aug 2009 00:06:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Mon, 17 Aug 2009 00:12:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Dickey <dickey@his.com>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Mon, 17 Aug 2009 00:12:06 GMT) Full text and rfc822 format available.

Message #246 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Vincent Lefevre <vincent@vinc17.org>
Cc: 541160@bugs.debian.org, 541160-submitter@bugs.debian.org
Subject: Re: Bug#541236: #541236 xterm: word selection selects whitespace characters too
Date: Sun, 16 Aug 2009 20:10:45 -0400 (EDT)
On Mon, 17 Aug 2009, Vincent Lefevre wrote:

> On 2009-08-16 14:18:02 -0400, Thomas Dickey wrote:
>> But in investigation, I realized that the chunk which has the problem is
>> actually obsolete (something that's now done as part of the copyLineData
>> function).  So the whole chunk can be removed (along with the part that
>> sets up the data).
>>
>> Please verify if the attached diff solves the problem.
>
> Yes, this solves the problem. Thanks.

good (I was uncertain if the problem originated in that chunk, or 
whether more digging was needed).

I added that fix to patch #246, which is available now...

-- 
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net




Message sent on to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug#541160. (Mon, 17 Aug 2009 00:12:10 GMT) Full text and rfc822 format available.

Added tag(s) fixed-upstream. Request was from Vincent Lefevre <vincent@vinc17.org> to control@bugs.debian.org. (Mon, 17 Aug 2009 00:27:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#541160; Package xterm. (Mon, 17 Aug 2009 00:39:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Mon, 17 Aug 2009 00:39:09 GMT) Full text and rfc822 format available.

Message #256 received at 541160@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: 541160@bugs.debian.org
Subject: re: #541160 xterm: heap corruption when changing window size
Date: Sun, 16 Aug 2009 20:38:12 -0400
[Message part 1 (text/plain, inline)]
fixed in patch #246

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Merged 541160 542396. Request was from Thomas Dickey <dickey@his.com> to control@bugs.debian.org. (Thu, 20 Aug 2009 00:24:11 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Julien Cristau <jcristau@debian.org> to control@bugs.debian.org. (Thu, 20 Aug 2009 22:06:10 GMT) Full text and rfc822 format available.

Reply sent to Julien Cristau <jcristau@debian.org>:
You have taken responsibility. (Sat, 22 Aug 2009 23:00:24 GMT) Full text and rfc822 format available.

Notification sent to Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>:
Bug acknowledged by developer. (Sat, 22 Aug 2009 23:00:24 GMT) Full text and rfc822 format available.

Message #265 received at 541160-close@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: 541160-close@bugs.debian.org
Subject: Bug#541160: fixed in xterm 246-1
Date: Sat, 22 Aug 2009 22:47:32 +0000
Source: xterm
Source-Version: 246-1

We believe that the bug you reported is fixed in the latest version of
xterm, which is due to be installed in the Debian FTP archive:

xterm_246-1.diff.gz
  to pool/main/x/xterm/xterm_246-1.diff.gz
xterm_246-1.dsc
  to pool/main/x/xterm/xterm_246-1.dsc
xterm_246-1_amd64.deb
  to pool/main/x/xterm/xterm_246-1_amd64.deb
xterm_246.orig.tar.gz
  to pool/main/x/xterm/xterm_246.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 541160@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated xterm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 23 Aug 2009 00:35:21 +0200
Source: xterm
Binary: xterm
Architecture: source amd64
Version: 246-1
Distribution: unstable
Urgency: low
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Description: 
 xterm      - X terminal emulator
Closes: 531597 541089 541160 541236 541603
Changes: 
 xterm (246-1) unstable; urgency=low
 .
   * New upstream release
     + interaction between allowSendEvents and the various allowXXXOps
       resources clarified in manpage (closes: #531597)
     + remove obsolete logic for saving/restoring wrapping flags, which did not
       work on 64-bit platform.  Wrapping flags (stored in the line-index) are
       now copied with line-data (closes: #541160)
     + modify comments in app-defaults files to avoid problem with C
       preprocessor used by xrdb (closes: #541603)
     + restore special case in makeColorPair needed for colorBDMode resource
       (closes: #541089)
     + correct SetLineFlags() macro, broken in patch #244 when recoding to
       avoid gcc-specific bitfields (closes: #541236)
   * The issues with the fifo-lines code should now be fixed, so enable it
     again.
Checksums-Sha1: 
 a02c720f07994a8961dfd5821a3b1c74b66e6773 1339 xterm_246-1.dsc
 08a10609f40e5da1c2a1612abdf3a89e09282a3b 883376 xterm_246.orig.tar.gz
 cb7f14b5e480af04a934b30af34cb511d2a0116a 74206 xterm_246-1.diff.gz
 a417cbb1830cbd76776a54159a9c2941b2517f28 513600 xterm_246-1_amd64.deb
Checksums-Sha256: 
 b6001b175ac781f557bd693ef000174a2bce193232997380300afd5c1994976f 1339 xterm_246-1.dsc
 dcb19d412be91e0dfef75aa0ca4cee3483d9a8fa356351300e3919a377e863cf 883376 xterm_246.orig.tar.gz
 c7918d0a0572b62c5bc2b39c51a0d7f340979ec770ae48767e40c94e07eb3e52 74206 xterm_246-1.diff.gz
 83d5be92a44e5c3b6701e6dfcdf44379023e1d00a46b82ce67c23e586a80db55 513600 xterm_246-1_amd64.deb
Files: 
 eb6639a92a73e4402718df5365588817 1339 x11 optional xterm_246-1.dsc
 b0c3aa021031742d6f5009833fc4d800 883376 x11 optional xterm_246.orig.tar.gz
 33595abc54cbea7c47fbb8183e2c10a1 74206 x11 optional xterm_246-1.diff.gz
 f0c1445d8f2c007bf7b9f66e100ff21b 513600 x11 optional xterm_246-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqQc3AACgkQmEvTgKxfcAyGLACfbsR3Fbqim8670EAhX8CxEM2d
ISUAn3lif2wbjhtwHI/ABT3ZHr8/DO0N
=r08v
-----END PGP SIGNATURE-----





Reply sent to Julien Cristau <jcristau@debian.org>:
You have taken responsibility. (Sat, 22 Aug 2009 23:00:25 GMT) Full text and rfc822 format available.

Notification sent to Aleksi Suhonen <debian-reportbug-2008@ssd.axu.tm>:
Bug acknowledged by developer. (Sat, 22 Aug 2009 23:00:25 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 30 Sep 2009 07:59:35 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 08:45:46 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.