Hi Mathieu,
I've noticed the bug (e can crash if you close a window for an app that
was started with cmd line params from exe-buf or an eap), and had
narrowed it down (looking at the recent changelogs) to that section.
Haven't had any time to follow through thouh.. I'll try to
find time tonight or tomorrow (unless someone beats me to it).
Thanks for the debugging info :)
--
rephorm
On Fri, Jun 09, 2006 at 03:17:33PM +0200, Mathieu Taillefumier wrote:
> Hello,
>
> I found a reproductible bug on the enlightenment code. I am
> using the last cvs version of e17 and compiled it with gcc-4.1.1 and
> glibc 2.4 for informations. The bug occurs when I want to quit
> enlightenment or when I quit the configuration menu. After making a
> debugging session, I found that e17 frees some pointers named
> bd->client.icccm.command.argv[i]. this line can be found at
> e_border.c:2937. I was trying to search a line where this variable is
> allocated but I found nothing interesting. You will find some debugging
> informations in the following.
>
> command line /usr/local/bin/enlightenment -evil
> Reproduction : 100 %
> Way to reproduce it : just quit e17
>
> backtrace with gdb
>
> (gdb) bt
> #0 0xffffe410 in __kernel_vsyscall ()
> #1 0xb798a36d in ___newselect_nocancel () from /lib/libc.so.6
> #2 0xb7a46154 in _XWaitForReadable () from /usr/X11R6/lib/libX11.so.6
> #3 0xb7a46511 in _XRead () from /usr/X11R6/lib/libX11.so.6
> #4 0xb7a47969 in _XReadEvents () from /usr/X11R6/lib/libX11.so.6
> #5 0xb7a3663a in XNextEvent () from /usr/X11R6/lib/libX11.so.6
> #6 0x080d181f in e_alert_show (
> text=0x812efa4 "This is very bad. Enlightenment has
> segfaulted.\nThis is not meant to happen and is likely a sign of a\nbug
> in Enlightenment or the libraries it relies on.\n\nYou can gdb attach
> to this process now to try"...) at e_alert.c:137
> #7 0x080b9fb2 in e_sigseg_act (x=11, info=0xbfd0b52c, data=0xbfd0b5ac)
> at e_signals.c:53
> #8 <signal handler called>
> #9 0xb793878f in free () from /lib/libc.so.6
> #10 0x08082e38 in _e_border_free (bd=0x8474658) at e_border.c:2937
> #11 0x080a1ddd in e_object_free (obj=0x8474658) at e_object.c:77
> #12 0x080a1e2c in e_object_unref (obj=0x8474658) at e_object.c:96
> #13 0x0808c561 in _e_border_event_border_remove_free (data=0x0,
> ev=0x845c028) at e_border.c:6236
> #14 0xb7ca1658 in _ecore_event_del (event=0x8409c98) at
> ecore_events.c:357 #15 0xb7ca1910 in _ecore_event_call () at
> ecore_events.c:445 #16 0xb7ca8a36 in _ecore_main_loop_iterate_internal
> (once_only=0) at ecore_main.c:639
> #17 0xb7ca7c25 in ecore_main_loop_begin () at ecore_main.c:79
> #18 0x080638a9 in main (argc=2, argv=0xbfd0ec34) at e_main.c:689
> (gdb) fr 10
> #10 0x08082e38 in _e_border_free (bd=0x8474658) at e_border.c:2937
> 2937 free(bd->client.icccm.command.argv[i]);
> (gdb) l
> 2932 if ((bd->client.icccm.command.argc > 0) &&
> (bd->client.icccm.command.argv))
> 2933 {
> 2934 int i;
> 2935
> 2936 for (i = 0; i < bd->client.icccm.command.argc; i++)
> 2937 free(bd->client.icccm.command.argv[i]);
> 2938 free(bd->client.icccm.command.argv);
> 2939 }
> 2940 if (bd->client.netwm.name) free(bd->client.netwm.name);
> 2941 if (bd->client.netwm.icon_name)
> free(bd->client.netwm.icon_name); (gdb) p bd
> $11 = (E_Border *) 0x8474658
> (gdb) p bd->client.icccm.command.argv[i]
> $10 = 0x836cd65 "-evil"
> (gdb) p bd->client.icccm.command.argv
> $12 = (char **) 0x8471288
> (gdb) p bd->client.icccm.command
> $13 = {argc = 2, argv = 0x8471288}
> (gdb) p bd->client.icccm
> $14 = {title = 0x0, name = 0x8388ad0 "[EMAIL PROTECTED]", class = 0x8388468
> "?\2128\bfigure", icon_name = 0x0,
> machine = 0x83c90c8 "`\2048\bite", min_w = 352, min_h = 310, max_w =
> 9999, max_h = 9999, base_w = -1, base_h = -1,
> step_w = -1, step_h = -1, start_x = 0, start_y = 0, min_aspect = 0,
> max_aspect = 0,
> initial_state = ECORE_X_WINDOW_STATE_HINT_WITHDRAWN, state =
> ECORE_X_WINDOW_STATE_HINT_ICONIC, icon_pixmap = 0,
> icon_mask = 0, icon_window = 0, window_group = 0, transient_for =
> 163, client_leader = 0, gravity = ECORE_X_GRAVITY_NW,
> window_role = 0x0, take_focus = 0 '\0', accepts_focus = 1 '\001',
> urgent = 0 '\0', delete_request = 1 '\001',
> request_pos = 0 '\0', command = {argc = 2, argv = 0x8471288}, fetch =
> {title = 0 '\0', name_class = 0 '\0',
> icon_name = 0 '\0', machine = 0 '\0', hints = 0 '\0',
> size_pos_hints = 0 '\0', protocol = 0 '\0',
> transient_for = 0 '\0', client_leader = 0 '\0', window_role = 0
> '\0', state = 0 '\0', command = 0 '\0'}}
> (gdb) p bd
> $15 = (E_Border *) 0x8474658
> (gdb) fr 11
> #11 0x080a1ddd in e_object_free (obj=0x8474658) at e_object.c:77
> 77 obj->cleanup_func(obj);
> (gdb) l
> 72 e_object_breadcrumb_debug(obj);
> 73 }
> 74 */
> 75 if (obj->free_att_func) obj->free_att_func(obj);
> 76 obj->magic = E_OBJECT_MAGIC_FREED;
> 77 obj->cleanup_func(obj);
> 78 }
> 79
> 80 EAPI int
> 81 e_object_ref(E_Object *obj)
> (gdb) p obj
> $16 = (E_Object *) 0x8474658
> (gdb) p obj->magic
> $17 = -524325139
>
> If you need more informations about it feel free to contact me
>
> regards
>
> Mathieu
>
>
>
> _______________________________________________
> enlightenment-devel mailing list
> enlightenment-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
