Dear Maintainer,
I tried to reproduce, and it got it crashing too
when trying to move a window just by keyboard, before
moving any windows by mouse.
It looks like in that case the variable currentClient
never got set, therefore the access in UpdateDesktop
dereferences a null pointer.
This seems to get fixed by upstream issue and commit [2].
Unfortunately there seems also to be no upstream
release since 2.3.7.
Kind regards,
Bernhard
[1]
(gdb) bt
#0 UpdateDesktop (now=<optimized out>, now=<optimized out>) at move.c:842
#1 0x0000559b2e28d28f in Signal () at event.c:269
#2 0x0000559b2e28e41c in WaitForEvent (event=event@entry=0x7ffdc924c010)
at event.c:129
#3 0x0000559b2e29a2f8 in MoveClientKeyboard (np=0x559b2ed2b400) at
move.c:339
#4 0x0000559b2e29857e in UpdateMotion (event=0x7ffdc924c1b0,
runner=0x559b2e2a78f0 <RunWindowCommand>, menu=0x559b2ed296d0) at menu.c:710
#5 MenuLoop (runner=0x559b2e2a78f0 <RunWindowCommand>,
menu=0x559b2ed296d0) at menu.c:405
#6 ShowSubmenu (menu=menu@entry=0x559b2ed296d0, parent=parent@entry=0x0,
runner=runner@entry=0x559b2e2a78f0 <RunWindowCommand>, x=<optimized out>,
y=<optimized out>, keyboard=keyboard@entry=1 '\001') at menu.c:296
#7 0x0000559b2e298a0f in ShowMenu (menu=menu@entry=0x559b2ed296d0,
runner=runner@entry=0x559b2e2a78f0 <RunWindowCommand>, x=<optimized out>, x@entry=4,
y=<optimized out>, y@entry=21, keyboard=keyboard@entry=1 '\001') at menu.c:213
#8 0x0000559b2e2a836b in ShowWindowMenu (np=np@entry=0x559b2ed2b400, x=4,
y=21, keyboard=keyboard@entry=1 '\001') at winmenu.c:33
#9 0x0000559b2e28dc3b in HandleKeyPress (event=0x7ffdc924c3b0) at
event.c:567
#10 ProcessEvent (event=0x7ffdc924c3b0) at event.c:283
#11 0x0000559b2e2833ac in EventLoop () at main.c:262
#12 main (argc=-920337520, argv=0x7ffdc924c5a8) at main.c:207
[2]
https://github.com/joewing/jwm/issues/410
https://github.com/rdnvndr/jwm/commit/d0e28abd8eb8748470f07595be6da5cec05b4939
# Bullseye/testing amd64 qemu VM 2021-03-18
# to be able to paste with mouse
echo "set enable-bracketed-paste off" >> /etc/inputrc; bash
apt update
# to speedup testing
mv /etc/manpath.config /etc/manpath.config.renamed
apt install libeatmydata1
export LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libeatmydata.so
apt dist-upgrade
apt install systemd-coredump lightdm xterm psmisc gdb jwm \
jwm-dbgsym
wget
https://snapshot.debian.org/archive/debian/20191125T025441Z/pool/main/j/jwm/jwm_2.3.7-3_amd64.deb
wget
https://snapshot.debian.org/archive/debian-debug/20191125T024842Z/pool/main/j/jwm/jwm-dbgsym_2.3.7-3_amd64.deb
dpkg -i jwm_2.3.7-3_amd64.deb jwm-dbgsym_2.3.7-3_amd64.deb
https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash
[ 507.316484] jwm[1767]: segfault at a0 ip 00005606f1be0bf9 sp
00007ffd942aa450 error 6 in jwm[5606f1bca000+26000]
[ 507.316501] Code: 00 53 48 8d 35 68 d0 01 00 48 89 fb e8 c0 bf 00 00 49 89
c0 8b 05 eb da 01 00 49 39 c0 72 4f 48 8b 05 5b d0 01 00 f3 0f 6f 03 <83> 88 a0
00 00 00 04 80 3d 55 d0 01 00 00 0f 29 05 32 d0 01 00 0f
error 6 == 0b110
1: user-mode access
1: write access
0: no page found
echo -n "find /b ..., ..., 0x" && \
echo "00 53 48 8d 35 68 d0 01 00 48 89 fb e8 c0 bf 00 00 49 89 c0 8b 05 eb da
01 00 49 39 c0 72 4f 48 8b 05 5b d0 01 00 f3 0f 6f 03 <83> 88 a0 00 00 00 04 80
3d 55 d0 01 00 00 0f 29 05 32 d0 01 00 0f" \
| sed 's/[<>]//g' | sed 's/ /, 0x/g'
find /b ..., ..., 0x00, 0x53, 0x48, 0x8d, 0x35, 0x68, 0xd0, 0x01, 0x00, 0x48,
0x89, 0xfb, 0xe8, 0xc0, 0xbf, 0x00, 0x00, 0x49, 0x89, 0xc0, 0x8b, 0x05, 0xeb,
0xda, 0x01, 0x00, 0x49, 0x39, 0xc0, 0x72, 0x4f, 0x48, 0x8b, 0x05, 0x5b, 0xd0,
0x01, 0x00, 0xf3, 0x0f, 0x6f, 0x03, 0x83, 0x88, 0xa0, 0x00, 0x00, 0x00, 0x04,
0x80, 0x3d, 0x55, 0xd0, 0x01, 0x00, 0x00, 0x0f, 0x29, 0x05, 0x32, 0xd0, 0x01,
0x00, 0x0f
(gdb) info target
Symbols from "/usr/bin/jwm".
Native process:
Using the running image of attached Thread 0x7f8787081240 (LWP 1403).
While running this, GDB does not access memory from...
Local exec file:
`/usr/bin/jwm', file type elf64-x86-64.
Entry point: 0x556228b47530
...
0x0000556228b46f80 - 0x0000556228b6b411 is .text
...
find /b 0x0000556228b46f80, 0x0000556228b6b411, 0x00, 0x53, 0x48, 0x8d, 0x35,
0x68, 0xd0, 0x01, 0x00, 0x48, 0x89, 0xfb, 0xe8, 0xc0, 0xbf, 0x00, 0x00, 0x49,
0x89, 0xc0, 0x8b, 0x05, 0xeb, 0xda, 0x01, 0x00, 0x49, 0x39, 0xc0, 0x72, 0x4f,
0x48, 0x8b, 0x05, 0x5b, 0xd0, 0x01, 0x00, 0xf3, 0x0f, 0x6f, 0x03, 0x83, 0x88,
0xa0, 0x00, 0x00, 0x00, 0x04, 0x80, 0x3d, 0x55, 0xd0, 0x01, 0x00, 0x00, 0x0f,
0x29, 0x05, 0x32, 0xd0, 0x01, 0x00, 0x0f
benutzer@debian:~$ gdb -q --pid $(pidof jwm)
Attaching to process 1403
...
(gdb) find /b 0x0000556228b46f80, 0x0000556228b6b411, 0x00, 0x53, 0x48, 0x8d,
0x35, 0x68, 0xd0, 0x01, 0x00, 0x48, 0x89, 0xfb, 0xe8, 0xc0, 0xbf, 0x00, 0x00,
0x49, 0x89, 0xc0, 0x8b, 0x05, 0xeb, 0xda, 0x01, 0x00, 0x49, 0x39, 0xc0, 0x72,
0x4f, 0x48, 0x8b, 0x05, 0x5b, 0xd0, 0x01, 0x00, 0xf3, 0x0f, 0x6f, 0x03, 0x83,
0x88, 0xa0, 0x00, 0x00, 0x00, 0x04, 0x80, 0x3d, 0x55, 0xd0, 0x01, 0x00, 0x00,
0x0f, 0x29, 0x05, 0x32, 0xd0, 0x01, 0x00, 0x0f
0x556228b5cbcf <UpdateDesktop+15>
1 pattern found.
(gdb) b * (0x556228b5cbcf + 42)
Breakpoint 1 at 0x556228b5cbf9: file move.c, line 842.
(gdb) info b
Num Type Disp Enb Address What
1 breakpoint keep y 0x0000556228b5cbf9 in UpdateDesktop at
move.c:842
(gdb) disassemble 0x556228b5cbcf,0x556228b5cbcf + 62
Dump of assembler code from 0x556228b5cbcf to 0x556228b5cc0d:
0x0000556228b5cbcf <UpdateDesktop+15>: add %dl,0x48(%rbx)
0x0000556228b5cbd2 <UpdateDesktop+18>: lea 0x1d068(%rip),%esi
# 0x556228b79c40 <moveTime>
0x0000556228b5cbd8 <UpdateDesktop+24>: mov %rdi,%rbx
0x0000556228b5cbdb <UpdateDesktop+27>: call 0x556228b68ba0
<GetTimeDifference>
0x0000556228b5cbe0 <UpdateDesktop+32>: mov %rax,%r8
0x0000556228b5cbe3 <UpdateDesktop+35>: mov 0x1daeb(%rip),%eax
# 0x556228b7a6d4 <settings+52>
0x0000556228b5cbe9 <UpdateDesktop+41>: cmp %rax,%r8
0x0000556228b5cbec <UpdateDesktop+44>: jb 0x556228b5cc3d
<UpdateDesktop+125>
0x0000556228b5cbee <UpdateDesktop+46>: mov 0x1d05b(%rip),%rax
# 0x556228b79c50 <currentClient>
0x0000556228b5cbf5 <UpdateDesktop+53>: movdqu (%rbx),%xmm0
-> 0x0000556228b5cbf9 <UpdateDesktop+57>: orl $0x4,0xa0(%rax)
0x0000556228b5cc00 <UpdateDesktop+64>: cmpb $0x0,0x1d055(%rip)
# 0x556228b79c5c <atLeft>
0x0000556228b5cc07 <UpdateDesktop+71>: movaps %xmm0,0x1d032(%rip)
# 0x556228b79c40 <moveTime>
End of assembler dump.
https://sources.debian.org/src/jwm/2.3.7-5/src/move.c/#L842
https://github.com/joewing/jwm/issues/410
https://github.com/rdnvndr/jwm/commit/d0e28abd8eb8748470f07595be6da5cec05b4939
(gdb) bt
#0 UpdateDesktop (now=<optimized out>, now=<optimized out>) at move.c:842
#1 0x0000559b2e28d28f in Signal () at event.c:269
#2 0x0000559b2e28e41c in WaitForEvent (event=event@entry=0x7ffdc924c010) at
event.c:129
#3 0x0000559b2e29a2f8 in MoveClientKeyboard (np=0x559b2ed2b400) at move.c:339
#4 0x0000559b2e29857e in UpdateMotion (event=0x7ffdc924c1b0,
runner=0x559b2e2a78f0 <RunWindowCommand>, menu=0x559b2ed296d0) at menu.c:710
#5 MenuLoop (runner=0x559b2e2a78f0 <RunWindowCommand>, menu=0x559b2ed296d0) at
menu.c:405
#6 ShowSubmenu (menu=menu@entry=0x559b2ed296d0, parent=parent@entry=0x0,
runner=runner@entry=0x559b2e2a78f0 <RunWindowCommand>, x=<optimized out>,
y=<optimized out>, keyboard=keyboard@entry=1 '\001') at menu.c:296
#7 0x0000559b2e298a0f in ShowMenu (menu=menu@entry=0x559b2ed296d0,
runner=runner@entry=0x559b2e2a78f0 <RunWindowCommand>, x=<optimized out>,
x@entry=4, y=<optimized out>, y@entry=21, keyboard=keyboard@entry=1 '\001') at
menu.c:213
#8 0x0000559b2e2a836b in ShowWindowMenu (np=np@entry=0x559b2ed2b400, x=4,
y=21, keyboard=keyboard@entry=1 '\001') at winmenu.c:33
#9 0x0000559b2e28dc3b in HandleKeyPress (event=0x7ffdc924c3b0) at event.c:567
#10 ProcessEvent (event=0x7ffdc924c3b0) at event.c:283
#11 0x0000559b2e2833ac in EventLoop () at main.c:262
#12 main (argc=-920337520, argv=0x7ffdc924c5a8) at main.c:207
