On Sat, Sep 13, 2014 at 11:44:30AM +0100, Thomas Adam wrote:
> I'm showing the fact that this NearestNeigbour function is run from
> MvwmEvent usually, although enabling that by default causes the segfault
> to happen more quickly so I've disabled that.
>
Do you have a reliable way to trigger this? I don't know what to do.
> As soon as I manually call "NearestNeighbour" from MvwmConsole. I see
> errors printed to stderr (in MvwmConsole as well as my ~/.xinitrc-errors
> with:
>
> [mvwm][__execute_command_line]: <<ERRROR> No such command '@@@@'
>
> Where "@@@@" is just a long string of garbage.
>
> Looking at the corefile, I see the following:
>
> (gdb) f 6
> #6 0x00000789eb096909 in __execute_command_line
> (cond_rc=0x7f7ffffbccd8, exc=0x78c07f12700, xaction=0x78c27d2cf2a '
> <repeats 200 times>...,
> caller_pc=0x7f7ffffbc700, exec_flags=256, args=0x0,
> has_ref_window_moved=0) at functions.c:481
> 481 cmdparser_hooks->debug(&pc, "!!!J");
> (gdb) p xaction
> $1 = 0x78c27d2cf2a ' <repeats 200 times>...
> (gdb) p *xaction
> $2 = -33 '
> (gdb) p *caller_pc
> $3 = {is_created = -1 '?', line = 0x78c27d2c700 "All (CurrentScreen,
> AcceptsFocus, !Iconic) WindowStyle Colorset 0",
> cline = 0x78c27d2c700 "All (CurrentScreen, AcceptsFocus, !Iconic)
> WindowStyle Colorset 0", expline = 0x78c27d2cf00 ' <repeats 200
> times>...,
> do_free_expline = -1, command = 0x78c4a0294e0 "All", call_depth
> = 0, pos_args = {0x78c4a029450 "", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
> 0x0, 0x0, 0x0}}
> (gdb)
>
> So there's definitely something odd going on here. I'm wondering if
> this is a stack-related issue with pc/caller_pc coming from
> __execute_function()?
I think some string has been freed that the debug function tried
to print, but I need the full stack trace, not just the call of
the debug function. :-)
> I'm attaching the debug log (stderr) along with this email. You can see
> the corruption in there as well.
Uff, where?
> Remember, Dominik, this isn't running on Linux, it's OpenBSD.
That doesn't matter, except that there was a memory leak because
I used a "char : 1" insetd of "unsigend char : 1" and then
compared with "is_created == 1". If you ever again see me
comparing flags in C with literal literal values, please slap me.
;-)
> If you need any further infomation, let me know. I am going to look
> into this, but you might have a quicker response than me. ;)
I think set_repeat_data is the culprit. It seems to free a string
that has already been freed. If you have patches, please don't
commit them but send them to me.
Ciao
Dominik ^_^ ^_^
--
Dominik Vogt
