The fixed version is older than anything in Ubuntu currently - close
** Changed in: xterm (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xterm in Ubuntu.
https://bugs.launchpad.net/bugs/599780
Title:
reproducible crash with free(): invalid pointer
Status in “xterm” package in Ubuntu:
Fix Released
Bug description:
Binary package hint: xterm
Steps to reproduce:
1) start xterm
2) type "cat xterm.testcase"
Expected results:
2) xterm does not crash
Actual results:
2) xterm crashes with
*** glibc detected *** xterm: free(): invalid pointer: 0x097f5830 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6b591)[0xb771d591]
/lib/tls/i686/cmov/libc.so.6(+0x6cde8)[0xb771ede8]
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0xb7721ecd]
xterm[0x8076af7]
xterm[0x8077130]
xterm[0x8079c24]
xterm[0x80821d1]
xterm[0x805c251]
xterm[0x805fb5f]
xterm[0x805fc70]
xterm[0x806c200]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb76c8bd6]
xterm[0x804d6a1]
======= Memory map: ========
08048000-08099000 r-xp 00000000 00:10 27821227 /usr/bin/xterm
08099000-0809a000 r--p 00050000 00:10 27821227 /usr/bin/xterm
0809a000-080a0000 rw-p 00051000 00:10 27821227 /usr/bin/xterm
080a0000-080a2000 rw-p 00000000 00:00 0
097b7000-098e3000 rw-p 00000000 00:00 0 [heap]
b6f00000-b6f21000 rw-p 00000000 00:00 0
b6f21000-b7000000 ---p 00000000 00:00 0
b7046000-b7289000 rw-p 00000000 00:00 0
b734a000-b734b000 r-xp 00000000 00:10 39346458 /usr/lib/gconv/ISO8859-1.so
b734b000-b734c000 r--p 00001000 00:10 39346458 /usr/lib/gconv/ISO8859-1.so
b734c000-b734d000 rw-p 00002000 00:10 39346458 /usr/lib/gconv/ISO8859-1.so
b734e000-b736b000 r-xp 00000000 00:10 39308646 /lib/libgcc_s.so.1
b736b000-b736c000 r--p 0001c000 00:10 39308646 /lib/libgcc_s.so.1
b736c000-b736d000 rw-p 0001d000 00:10 39308646 /lib/libgcc_s.so.1
b736d000-b7371000 r-xp 00000000 00:10 27956029 /usr/lib/libXfixes.so.3.1.0
b7371000-b7372000 r--p 00003000 00:10 27956029 /usr/lib/libXfixes.so.3.1.0
b7372000-b7373000 rw-p 00004000 00:10 27956029 /usr/lib/libXfixes.so.3.1.0
b7373000-b737b000 r-xp 00000000 00:10 27956025 /usr/lib/libXcursor.so.1.0.2
b737b000-b737c000 r--p 00007000 00:10 27956025 /usr/lib/libXcursor.so.1.0.2
b737c000-b737d000 rw-p 00008000 00:10 27956025 /usr/lib/libXcursor.so.1.0.2
b738e000-b73c5000 r--p 00000000 00:10 39343203
/usr/lib/locale/en_US/LC_CTYPE
b73c5000-b73ca000 r--p 00000000 00:10 39343202
/usr/lib/locale/en_US/LC_COLLATE
b73ca000-b73cc000 rw-p 00000000 00:00 0
b73cc000-b73cf000 r-xp 00000000 00:10 39308706 /lib/libuuid.so.1.3.0
b73cf000-b73d0000 r--p 00002000 00:10 39308706 /lib/libuuid.so.1.3.0
b73d0000-b73d1000 rw-p 00003000 00:10 39308706 /lib/libuuid.so.1.3.0
b73d1000-b73d5000 r-xp 00000000 00:10 27956027 /usr/lib/libXdmcp.so.6.0.0
b73d5000-b73d6000 r--p 00003000 00:10 27956027 /usr/lib/libXdmcp.so.6.0.0
b73d6000-b73d7000 rw-p 00004000 00:10 27956027 /usr/lib/libXdmcp.so.6.0.0
b73d7000-b73d9000 r-xp 00000000 00:10 27956021 /usr/lib/libXau.so.6.0.0
b73d9000-b73da000 r--p 00001000 00:10 27956021 /usr/lib/libXau.so.6.0.0
b73da000-b73db000 rw-p 00002000 00:10 27956021 /usr/lib/libXau.so.6.0.0
b73db000-b73dc000 rw-p 00000000 00:00 0
b73dc000-b73e3000 r-xp 00000000 00:10 27956018 /usr/lib/libSM.so.6.0.1
b73e3000-b73e4000 r--p 00006000 00:10 27956018 /usr/lib/libSM.so.6.0.1
b73e4000-b73e5000 rw-p 00007000 00:10 27956018 /usr/lib/libSM.so.6.0.1
b73e5000-b73fd000 r-xp 00000000 00:10 27956572 /usr/lib/libxcb.so.1.1.0
b73fd000-b73fe000 r--p 00017000 00:10 27956572 /usr/lib/libxcb.so.1.1.0
b73fe000-b73ff000 rw-p 00018000 00:10 27956572 /usr/lib/libxcb.so.1.1.0
b73ff000-b7423000 r-xp 00000000 00:10 39308642 /lib/libexpat.so.1.5.2
b7423000-b7425000 r--p 00024000 00:10 39308642 /lib/libexpat.so.1.5.2
b7425000-b7426000 rw-p 00026000 00:10 39308642 /lib/libexpat.so.1.5.2
b7426000-b7439000 r-xp 00000000 00:10 39308710 /lib/libz.so.1.2.3.3
b7439000-b743a000 r--p 00012000 00:10 39308710 /lib/libz.so.1.2.3.3
b743a000-b743b000 rw-p 00013000 00:10 39308710 /lib/libz.so.1.2.3.3
b743b000-b743d000 r-xp 00000000 00:10 26738713
/lib/tls/i686/cmov/libdl-2.11.1.so
b743d000-b743e000 r--p 00001000 00:10 26738713
/lib/tls/i686/cmov/libdl-2.11.1.so
b743e000-b743f000 rw-p 00002000 00:10 26738713
/lib/tls/i686/cmov/libdl-2.11.1.so
b743f000-b7440000 rw-p 00000000 00:00 0
b7440000-b744f000 r-xp 00000000 00:10 27956037 /usr/lib/libXpm.so.4.11.0
being printed to .xsession-errors
More info:
1) gdb:
(gdb) bt full
#0 0x002a7422 in __kernel_vsyscall ()
No symbol table info available.
#1 0x002d2651 in raise () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#2 0x002d5a82 in abort () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#3 0x0030949d in ?? () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#4 0x00313591 in ?? () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#5 0x00314de8 in ?? () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#6 0x00317ecd in free () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#7 0x0807f9f1 in addScrollback (screen=0x97c063c) at ../scrollback.c:84
prior = 0x97e4660
where = 0x97e4660
which = 1
ncols = 150
block = 0xbfdae3f8 "(�ڿ\234�\a\b<\006|\t\027"
#8 0x0807fe9c in saveEditBufLines (screen=0x97c063c, sb=0x97e4648, n=1) at
../screen.c:373
dst = 0xbfdae438
src = 0x0
j = 0
#9 0x0808113a in ScrnDeleteLine (xw=0x97c0538, sb=0x97e4648, last=1047,
where=0, n=1) at ../screen.c:1087
screen = 0x97c063c
size = 150
#10 0x0808629d in xtermScroll (xw=0x97c0538, amount=1) at ../util.c:543
screen = 0x97c063c
i = 24
shift = 16
bot = 0
refreshtop = 0
refreshheight = 0
scrolltop = 66
scrollheight = 100
scroll_all_lines = 1 '\001'
#11 0x08065456 in xtermIndex (xw=0x97c0538, amount=1) at ../cursor.c:206
screen = 0x97c063c
j = 0
#12 0x08057078 in doparsing (xw=0x97c0538, c=10, sp=0x80ad200) at
../charproc.c:1693
this_is_wide = 0
screen = 0x97c063c
row = 0
col = 1
top = 1
bot = 24
count = 159300312
laststate = 4
thischar = -1
myRect = {top = 0, left = 134925709, bottom = 134927264, right = 0}
#13 0x08059839 in VTparse (xw=0x97c0538) at ../charproc.c:3201
screen = 0x97c063c
#14 0x0805da89 in VTRun (xw=0x97c0538) at ../charproc.c:5314
screen = 0x97c063c
#15 0x08070ac0 in main (argc=0, argv=0xbfdae838) at ../main.c:2415
form_top = 0x97b8de0
menu_top = 0x97b8de0
menu_high = 0
screen = 0x97c063c
mode = 2050
my_class = 0x809abae "XTerm"
winToEmbedInto = 0
reversed = 0
2) valgrind:
==3823== Warning: invalid file descriptor -1 in syscall close()
==3820== Invalid write of size 2
==3820== at 0x807FBBF: setupLineData (screen.c:207)
==3820== by 0x807FA3F: addScrollback (scrollback.c:93)
==3820== by 0x807FE9B: saveEditBufLines (screen.c:373)
==3820== by 0x8081139: ScrnDeleteLine (screen.c:1087)
==3820== by 0x808629C: xtermScroll (util.c:543)
==3820== by 0x8065455: xtermIndex (cursor.c:206)
==3820== by 0x805A3FD: WrapLine (charproc.c:3671)
==3820== by 0x805A4F9: dotext (charproc.c:3728)
==3820== by 0x8056D80: doparsing (charproc.c:1586)
==3820== by 0x8059838: VTparse (charproc.c:3201)
==3820== by 0x805DA88: VTRun (charproc.c:5314)
==3820== by 0x8070ABF: main (main.c:2415)
==3820== Address 0x460edb0 is 16 bytes before a block of size 384 free'd
==3820== at 0x4024B3A: free (vg_replace_malloc.c:366)
==3820== by 0x80803DD: ReallocateBufOffsets (screen.c:579)
==3820== by 0x80804D3: ChangeToWide (screen.c:622)
==3820== by 0x8059408: doparsing (charproc.c:3049)
==3820== by 0x8059838: VTparse (charproc.c:3201)
==3820== by 0x805DA88: VTRun (charproc.c:5314)
==3820== by 0x8070ABF: main (main.c:2415)
==3820==
==3820== Invalid write of size 1
==3820== at 0x807FBC5: setupLineData (screen.c:208)
==3820== by 0x807FA3F: addScrollback (scrollback.c:93)
==3820== by 0x807FE9B: saveEditBufLines (screen.c:373)
==3820== by 0x8081139: ScrnDeleteLine (screen.c:1087)
==3820== by 0x808629C: xtermScroll (util.c:543)
==3820== by 0x8065455: xtermIndex (cursor.c:206)
==3820== by 0x805A3FD: WrapLine (charproc.c:3671)
==3820== by 0x805A4F9: dotext (charproc.c:3728)
==3820== by 0x8056D80: doparsing (charproc.c:1586)
==3820== by 0x8059838: VTparse (charproc.c:3201)
==3820== by 0x805DA88: VTRun (charproc.c:5314)
==3820== by 0x8070ABF: main (main.c:2415)
==3820== Address 0x460edb2 is 14 bytes before a block of size 384 free'd
==3820== at 0x4024B3A: free (vg_replace_malloc.c:366)
==3820== by 0x80803DD: ReallocateBufOffsets (screen.c:579)
==3820== by 0x80804D3: ChangeToWide (screen.c:622)
==3820== by 0x8059408: doparsing (charproc.c:3049)
==3820== by 0x8059838: VTparse (charproc.c:3201)
==3820== by 0x805DA88: VTRun (charproc.c:5314)
==3820== by 0x8070ABF: main (main.c:2415)
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: xterm 256-1ubuntu1
ProcVersionSignature: Ubuntu 2.6.32-22.36-generic-pae 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic-pae i686
Architecture: i386
Date: Tue Jun 29 15:40:55 2010
DkmsStatus: Error: [Errno 2] No such file or directory
MachineType: ASUSTEK COMPUTER INC P5W
ProcCmdLine: root=/dev/nfs initrd=hostname/initrd.img
nfsroot=10.7.2.17:/tftpboot/hostname ip=dhcp panic=60
BOOT_IMAGE=hostname/vmlinuz
ProcEnviron:
LC_CTYPE=fi_FI
PATH=(custom, user)
SHELL=/bin/bash
SourcePackage: xterm
dmi.bios.date: 06/17/2009
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 0501
dmi.board.asset.tag: To Be Filled By O.E.M.
dmi.board.name: P5W
dmi.board.vendor: ASUSTeK Computer INC.
dmi.board.version: Rev 1.xx
dmi.chassis.asset.tag: Asset-1234567890
dmi.chassis.type: 3
dmi.chassis.vendor: Chassis Manufacture
dmi.chassis.version: Chassis Version
dmi.modalias:
dmi:bvnAmericanMegatrendsInc.:bvr0501:bd06/17/2009:svnASUSTEKCOMPUTERINC:pnP5W:pvrSystemVersion:rvnASUSTeKComputerINC.:rnP5W:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion:
dmi.product.name: P5W
dmi.product.version: System Version
dmi.sys.vendor: ASUSTEK COMPUTER INC
system:
distro: Ubuntu
codename: lucid
architecture: i686
kernel: 2.6.32-22-generic-pae
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xterm/+bug/599780/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
