I just tried to install again xterm-136 with Robert's unicode patch 0.7
and it crashes right after the start for a rather strange reason, unless
I use a debugging version of the malloc system that is robust against
bogus calls of free():
$ MALLOC_CHECK_=1 ./xterm
malloc: using debugging hooks
free(): invalid pointer 0xbffff3d0!
$ MALLOC_CHECK_=2 ./xterm
IOT trap/Abort (core dumped)
$ gdb xterm core
(gdb) bt
#0 0x401b94e1 in __kill () from /lib/libc.so.6
#1 0x401b9156 in raise (sig=6) at ../sysdeps/posix/raise.c:27
#2 0x401ba868 in abort () at ../sysdeps/generic/abort.c:88
#3 0x401f5b43 in free_check (mem=0xbffff3d0, caller=0x40198819)
at malloc.c:4412
#4 0x401f3cef in __libc_free (mem=0xbffff3d0) at malloc.c:2927
#5 0x40198819 in tgetent () from /lib/libtermcap.so.2
#6 0x805f1e8 in get_termcap (name=0x807477f "vt100", buffer=0xbffff3d0 "",
resized=0xbfffedf4 "") at ./main.c:1154
#7 0x8060775 in spawn () at ./main.c:2612
#8 0x805fdea in main (argc=0, argv=0xbffffb14) at ./main.c:1872
#9 0x401b31eb in __libc_start_main (main=0x805f574 <main>, argc=1,
argv=0xbffffb14, init=0x804b534 <_init>, fini=0x806ff14 <_fini>,
rtld_fini=0x4000a610 <_dl_fini>, stack_end=0xbffffb0c)
at ../sysdeps/generic/libc-start.c:90
It seems as if tgetent() calls free(buffer), which implies that a static
variable "is_malloced" defined inside termcap.c of libtermcap somehow
got a non-0 value. All this was on a Red Hat 6.1 Linux system with the
following libraries:
$ rpm -q libtermcap libtermcap-devel glibc glibc-devel
libtermcap-2.0.8-18
libtermcap-devel-2.0.8-18
glibc-2.1.2-11
glibc-devel-2.1.2-11
In spawn() at xterm/main.c:2612 get_termcap() and thus tgetent() is
called multiple times on the same ptr value, which points to the
automatic array char termcap [TERMCAP_SIZE]; on the stack and not to
anything on the heap. Obviously, free() doesn't like that as an
argument.
Any ideas what goes wrong here?
My best hypothesis so far is that somehow a non-null value gets into the
static variable is_malloced in termcap.c in the termcap library on
ftp://sunsite.unc.edu/pub/Linux/GCC/termcap-2.0.8.tar.gz
which would indeed cause tgetent() to free() the buffer.
Curiously, is_malloced is never initialized by libtermcao! (Bug? I don't
remember whether the C standard requires static variables to be
initialized to zero by the runtime environment. Bad style in any case!)
Could it be that xterm-136+unicode-0.7 contains a memory access error
that somehow affects is_malloced in libtermcap?
Unfortunately, I cannot reproduce the error by linking against a version
of libtermcap with debugging information enabled, so it is difficult for
me to see where exactly this happens.
Suggestion:
When you have again a look at xterm and the unicode patch, please check
carefully for any potential erroneous memory write accesses, especially
in anything that happens before spawn() and therefore tgetent() are
called. There might be something dodgy going on here ...
Markus
--
Markus G. Kuhn, Computer Laboratory, University of Cambridge, UK
Email: mkuhn at acm.org, WWW: <http://www.cl.cam.ac.uk/~mgk25/>
-
Linux-UTF8: i18n of Linux on all levels
Archive: http://mail.nl.linux.org/lists/
