Hi, > Ah, yes, true. Here you go:
ok, the results are really strange. A comparison between the lists of pointers
before and after the crash...
] (BEFORE)
> $1 = {
> 0x54dfa0 "i:Exit -:PrevPg <Space>:NextPg v:View Attachm. d:Del r:Reply
> j:Next ?:Help ",
> 0x541d60 "Delivery-date: Sun, 22 Jul 2007 15:10:28 +0200", ' ' <repeats 34
> times>,
> 0x542090 "From: Steffen Joeris <[EMAIL PROTECTED]>", ' ' <repeats 41
> times>,
> 0x5423c0 "To: [EMAIL PROTECTED]", ' ' <repeats 38 times>, 0x5426f0 "Date:
> Sun, 22 Jul 2007 15:10:08 +0200", ' ' <repeats 43 times>,
> 0x542a20 "X-MIA-SUMMARY: -; says that he gets packages into a good shape
> soon", ' ' <repeats 13 times>,
> 0x542d50 "X-Debian-Message: Signature check passed for Debian member", ' '
> <repeats 22 times>,
> 0x543080 "Mail-Followup-To: [EMAIL PROTECTED]", ' ' <repeats 33 times>,
> 0x5433b0 "X-Rc-Spam: 2007-05-24_01", ' ' <repeats 56 times>,
> 0x5436e0 "X-SA-Do-Not-Rej: Yes", ' ' <repeats 60 times>,
> 0x543a10 "X-SA-Exim-Connect-IP: 70.103.162.31", ' ' <repeats 45 times>,
> 0x543d40 "X-Spam-Level:", ' ' <repeats 67 times>,
> 0x544070 "Subject: Release Announcement: Debian-Edu/Skolelinux 3.0 Terra",
> ' ' <repeats 18 times>, 0x5443a0 ' ' <repeats 80 times>,
> 0x5446d0 "[-- PGP output follows (current time: Pon 19 Stu 2007 01:23:44)
> --]", ' ' <repeats 13 times>,
> 0x544a00 "gpg: Signature made Ned 22 Srp 2007 15:10:18 CEST using DSA key
> ID 893FAD07 ",
> 0x544d30 "gpg: Can't check signature: public key not found", ' ' <repeats
> 32 times>, 0x545060 "[-- End of PGP output --]", ' ' <repeats 55 times>,
> 0x545390 ' ' <repeats 80 times>,
> 0x5456c0 "[-- The following data is signed --]", ' ' <repeats 44 times>,
> 0x5459f0 ' ' <repeats 80 times>,
> 0x545d20 "Debian-Edu: Skolelinux 3.0 Terra available for free download!", '
> ' <repeats 19 times>,
> 0x546050 "- s - 1/2: Steffen Joeris Release Announcement:
> Debian-Edu/Sko -- (16%) ",
> 0x546380 "PGP signature could NOT be verified.", ' ' <repeats 44 times>}
] (AFTER)
> $1 = {0x543a10 "i:Exit -:PrevPg <Space>:NextPg v:View Attachm. d:Del
> r:Reply j:Next ?:Help ",
> 0x543d40 "X-Spam-Level:", ' ' <repeats 67 times>,
> 0x544070 "Delivery-date: Sun, 22 Jul 2007 15:43:56 +0200", ' ' <repeats 34
> times>,
> 0x5443a0 "To: [EMAIL PROTECTED]", ' ' <repeats 56 times>,
> 0x5446d0 "From: [EMAIL PROTECTED]", ' ' <repeats 52 times>,
> 0x544a00 "Date: Sun, 22 Jul 2007 15:43:45 +0200", ' ' <repeats 43 times>,
> 0x544d30 "X-SA-Exim-Connect-IP: 2001:b68:e160:0:20b:dbff:fee6:9fcd", ' '
> <repeats 24 times>,
> 0x545060 "Subject: ** PROBLEM alert - nekkar.CARNet.hr host is DOWN **", '
> ' <repeats 20 times>,
> 0x545390 ' ' <repeats 80 times>, 0x0, 0x0, 0x0, 0x0, 0x0, 0x561490 ' '
> <repeats 80 times>,
> 0x5615a0 ' ' <repeats 80 times>, 0x5616b0 ' ' <repeats 80 times>,
> 0x5617c0 ' ' <repeats 80 times>, 0x5618d0 ' ' <repeats 80 times>,
> 0x5456c0 "[-- The following data is signed --]", ' ' <repeats 44 times>,
> 0x5459f0 ' ' <repeats 80 times>,
> 0x545d20 "Debian-Edu: Skolelinux 3.0 Terra available for free download!", '
> ' <repeats 19 times>, 0x546050 "- s - 1/2: Steffen Joeris Release
> Announcement: Debian-Edu/Sko -- (16%) ",
> 0x546380 ' ' <repeats 80 times>}
... reveals that those buffers that the second mail was already written to all
point to different addresses, i.e. they have been reallocated - the pointers
to the bottom five lines are still untouched.
(Usually these buffers are only reallocated to accommodate size changes of the
terminal window - that's why I suggested setting a breakpoint on scr_reset(),
the function that contains that reallocation code.)
Now I have at least a faint idea what I should be looking for in the source
code... maybe you could speed it up by setting a watchpoint?
1. start rxvt-xterm inside gdb
2. fire up mutt, open the first mail
3. CTRL+C...
] (gdb) p screen.text[TermWin.saveLines]
// check: should be the top line of your window
] (gdb) watch (void *)screen.text[TermWin.saveLines]
] Hardware watchpoint 1: (void *)screen.text[TermWin.saveLines]
] (gdb) c
] Continuing.
4. Try to reproduce the crash.
Now it should not get to the segfault, but interrupt somewhere in between
(exactly at the position where those buffer pointers are altered).
I guess I don't need a core file then - a 'bt full' should provide all
that's necessary to guide my search. ;)
Ah, if you don't have symbols, no problem...
3a. CTRL+C
// assuming once again that TermWin.saveLines == 500:
] (gdb) p (char *)*((void **)screen + 500)
// same check as above: should equal the top line of the rxvt window
] (gdb) watch *((void **)screen + 500)
] Hardware watchpoint 2: *((void **) screen + 500)
] (gdb) c
Thanks for your invaluable help in tracking this one down!
Jan
signature.asc
Description: Digital signature
