tags 276103 patch tags 276103 - help thanks On Thu, May 05, 2005 at 08:19:00AM -0400, Stephen Gran wrote: > This one time, at band camp, Frank Lichtenheld said: > > On Mon, Oct 11, 2004 at 09:23:33PM -0400, Stephen Gran wrote: > > > Since it does not happen here, with tonight's sid, I am downgrading to > > > normal for now, and tagging. Let me know if you can dig out any > > > additional information that may be pertinent. I woul dsuggest > > > rebuilding the package with debugging symbols enabled, except that all > > > of the libraries installed will also be stripped, so it will be largely > > > useless. > > > > FWIW, I can fully reproduce both SEGV mentioned in this bug report. > > Any hints for where to start digging into this? > > Well, the original crash (on save) is in kcdlabel/kcdlabel.cpp, in the > function KCDLabel::slotFileSave, and the write begins on about line 477. [...] > The cddb crash is kcdlabel/cddbaccessdialog.cpp, I believe, and if it > crashes for you when you click OK, then the problem is in > CDDBAccessDialog::CmOk, starting on line 53.
Actually a gdb backtrace on a unstripped kcdlabel pointed me to the right locations. The following patch seems to fix both segfaults: diff -ur kcdlabel-2.13-KDE3.bak/kcdlabel/kcoverfont.cpp kcdlabel-2.13-KDE3/kcdlabel/kcoverfont.cpp --- kcdlabel-2.13-KDE3.bak/kcdlabel/kcoverfont.cpp 2003-10-27 15:59:02.000000000 +0100 +++ kcdlabel-2.13-KDE3/kcdlabel/kcoverfont.cpp 2005-05-05 15:07:20.582490928 +0200 @@ -51,9 +51,9 @@ // save the font information QFontInfo fi(*Font); - r1 = strlen(fi.family()); + r1 = fi.family().length(); file.writeBlock( (char *)&r1, sizeof(int) ); - file.writeBlock( fi.family(), r1 ); + file.writeBlock( fi.family().ascii(), r1 ); r1 = fi.pointSize(); file.writeBlock( (char *)&r1, sizeof(int) ); r1 = fi.weight(); diff -ur kcdlabel-2.13-KDE3.bak/kcdlabel/psocket.cpp kcdlabel-2.13-KDE3/kcdlabel/psocket.cpp --- kcdlabel-2.13-KDE3.bak/kcdlabel/psocket.cpp 2005-03-01 08:26:27.000000000 +0100 +++ kcdlabel-2.13-KDE3/kcdlabel/psocket.cpp 2005-05-05 14:39:17.423370008 +0200 @@ -102,11 +102,11 @@ /** write a block of data of maximum len bytes */ int PSocket::writeBlock(char * buffer, int len) { - char *msg = NULL; + char *msg = (char*)malloc(len+2); if ( State!=StateType(CONNECTED)) return -1; - snprintf(msg, len, "%s\n", buffer); + snprintf(msg, len+1, "%s\n", buffer); // int r = send(sockfd, buffer, len, MSG_NOSIGNAL ); fprintf(sk, "%s\n", msg); But given the quality of the code I've seen during my search I would really recommend to remove this package instead. The whole thing just screems for segfaults and I doubt this were the lasts to be found... Gruesse, -- Frank Lichtenheld <[EMAIL PROTECTED]> www: http://www.djpig.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]