Re: cwm crashes on Linux when combining grouponly/movetogroup

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Christian Neukirchen

Subject: Re: cwm crashes on Linux when combining grouponly/movetogroup

Date: Sunday, October 24, 2010 - 11:46 am

Christian Neukirchen <chneukirchen@gmail.com> writes:

quoted text> I found this key sequence to crash cwm on Linux in CVS HEAD:
>
> Minimal .cwmrc:
> bind C-i grouponly2
> bind CS-i movetogroup2
>
> Run cwm, open a window (say xterm), press C-i, press CS-i, press C-i.
> cwm crashes on Linux with this backtrace:

quoted text> #4  0x0000000000408a72 in group_show (sc=0x625d80, gc=0x625f38) at group.c:135

quoted text> I have not been able to reproduce this on OpenBSD, so it's not clear to
> me where the error actually is.

Analyzing group_show, I found out:

	winlist = (Window *) xcalloc(sizeof(*winlist), (gc->highstack + 1));
...
	TAILQ_FOREACH(cc, &gc->clients, group_entry) {
		winlist[gc->highstack - cc->stackingorder] = cc->win;
		client_unhide(cc);
	}

For some reason cc->stackingorder is bigger than gc->highstack (which is
0 in above use case), thus the assignment writes to a negative address
relative to winlist.  I can reproduce that on OpenBSD 4.8/cwm HEAD as
well, it just doesn't crash there because the heap corruption goes
undetected.

I hope this helps debugging, I don't fully understand the code yet.

-- 
Christian Neukirchen  <chneukirchen@gmail.com>  http://chneukirchen.org

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

cwm crashes on Linux when combining grouponly/movetogroup, Christian Neukirchen, (Fri Oct 22, 10:16 am)

Re: cwm crashes on Linux when combining grouponly/movetogroup, Christian Neukirchen, (Sun Oct 24, 11:46 am)


linux-kernel:
Ken Chen	[patch] sched: fix inconsistency when redistribute per-cpu tg->cfs_rq shares.
Hugh Dickins	Re: Linux 2.6.26-rc1 - pgtable_32.c:178 pmd_bad
Bernhard Beck	[PATCH 001/001] usb-serial: Add ThinkOptics WavIT
Oleg Nesterov	Re: [PATCH 4/5] don't panic if /sbin/init exits or killed
Greg KH	[patch 07/21] rtc-pcf8563: detect polarity of century bit automatically
git:
Jonathan del Strother	Re: [PATCH] Fixing path quoting issues
Gerrit Pape	[PATCH] fix skipping merge-order test with NO_OPENSSL=1.
Linus Torvalds	Re: Implementing branch attributes in git config
Johannes Schindelin	Re: Trying to use git-filter-branch to compress history by removing large, obsolet...
Gerrit Pape	[PATCH] hooks--update: fix test for properly set up project description file
linux-netdev:
David Miller	Re: [PATCH 04/15] tg3: Preserve LAA when device control is released
Jean-Louis Dupond	Re: tg3 driver not advertising 1000mbit
Sven Wegener	[PATCH] ipvs: Add missing locking during connection table hashing and unhashing
David Miller	Re: [PATCH] qlcnic: dont assume NET_IP_ALIGN is 2
Stephen Hemminger	[PATCH 2/2] sky2: fix transmit state on resume
git-commits-head:
Linux Kernel Mailing List	[SCSI] scsi ioctl: fix kernel-doc warning
Linux Kernel Mailing List	ALSA: HDA - Correct trivial typos in comments.
Linux Kernel Mailing List	i2c-viapro: Add support for SMBus Process Call transactions
Linux Kernel Mailing List	i2c: Documentation: upgrading clients HOWTO
Linux Kernel Mailing List	[PATCH] fix sysctl_nr_open bugs
openbsd-misc:
Die Gestalt	Re: How to re-build openssl with SHA1 support?
Edwin Eyan Moragas	Re: managing routes for multiple PPPoE connections
Brian Candler	Re: OBSD's perspective on SELinux
Jonathan Schleifer	Why is getaddrinfo breaking POSIX?
Predrag Punosevac	Re: Kernel developers guide/tutorial