Re: [XForms] Problem with fdesign (fdesigns menu bar)

From: Clive Stubbings
Subject: Re: [XForms] Problem with fdesign (fdesigns menu bar)
Date: Thu, 12 May 2022 22:53:43 +0100 (BST)


Glad it has solved your problem.

I have followed 'popup.c' file usage pattern:

   if ( popup->title )
       XStoreName( flx->display, popup->win, popup->title );

and modified 'xpopup.c' accordingly:

-       XStoreName( flx->display, m->win, m->title );
+       if ( m->title )
+         XStoreName( flx->display, m->win, m->title );

and it seems to have fixed the problem.

That will stop the crash but be aware it may be a change in behavior.

In the old (and new fixed) X libraries, passing a NULL pointer would call XChangeProperty for XA_WM_NAME to replace any current value with a NULL argument. Your change has removed that call (mine replaced the NULL with an empty string).

Your change may, or may not, be better. One would need to understand both the context (ie intent) and how the library handles NULL property values.

Interestingly, on MX-21 Linux (based on Debian 11), fdesign built on
Git code works fine w/o any modifications. The system has xserver-xorg
version 1.20.13-1~mx21ahs+1 (compared to 1.20.13-1ubuntu1~20.04.2 in
Ubuntu 20.04 and 1.20.11-2 in Rocky Linux 8.5)

Useful. The fix in X11 has been available upstream for just short of a year.



On Thu, May 12, 2022 at 04:01:48PM +0100, Clive Stubbings wrote:

-       XStoreName(flx->display, m->win, m->title);
+       XStoreName(flx->display, m->win, m->title ? m->title : "");


On Thu, 12 May 2022, Michal Szymanski wrote:

I have built the current git version
(https://git.savannah.gnu.org/git/xforms.git) on Ubuntu 20.04 and
Rocky Linux 8.5 and got the same problem: fdesign segfaults when
'File' is clicked on.

Following Clive's hint I have found just 4 places XStoreName is used:

lib/canvas.c:            XStoreName( flx->display, sp->window, ob->label );
lib/canvas.c:            XStoreName( flx->display, sp->window, name );
lib/popup.c:        XStoreName( flx->display, popup->win, popup->title );
lib/xpopup.c:        XStoreName( flx->display, m->win, m->title );

but I do not have any idea how to fix the problem. I have even
localized the segfault to be originating in 'xpopup.c', with m->title
being 0x0, so I made it point to an empty static string (""). The
program did not segfault on "File" but aborted on "SaveAs" from File
popup, saying
munmap_chunk(): invalid pointer
Abort (core dumped)

so I surrendered.

Any more hints? Without working fdesign the whole library is pretty unusable :(

regards, Michal

On Wed, Jun 30, 2021 at 02:27:35AM +0100, Clive Stubbings wrote:


There has been a regression in the xorg libX11

It is likely this is your issue - it was spotted in one of my xforms programs a 
few weeks ago by one of my users.

XStoreName used to tolerate a NULL pointer (it checked before using it). New 
code has been added ahead of that check.

If your system has recently updated its libraries, thats likely the cause.

I believe it has now been fixed upstream thanks to the person who spotted the 
problem feeding the cause back to the developers and a new version should come 
through in due course.

If you need a quicker fix, hack the library to make sure it doesn't pass a NULL 
pointer to XStoreName.


On Sun, 27 Jun 2021, ternaryd wrote:

On Sat, 26 Jun 2021 15:47:12 -0700
Coby Hochstein <cjh39@cox.net> wrote:


when I load fdesign and click on the "File"
menu bar fdesign segmentation faults.
I'm running xforms-1.2.4

(gdb) run
Starting program: /usr/local/bin/fdesign
[Thread debugging using libthread_db enabled]
Using host libthread_db library

Program received signal SIGSEGV, Segmentation
strlen () at ../sysdeps/arm/armv6/strlen.S:26
26 ../sysdeps/arm/armv6/strlen.S: No such
file or directory.

Any idea ?

fdesign is calculating the string length of a
string pointing to NULL.

Use a version of fdesign compiled with debugging
enabled, run it again until crash, and check the
coredump in gdb. Use the "up" command until you
reach a stack level belonging to fdesign (or
xforms). You should see which pointer is NULL.
Then you can try to figure out, why it is NULL
and how to fix it.

 $ ulimit -c unlimited
 $ ./fdesign ...
 $ gdb ./fdesign coredump
 (gdb> up

you can query the value of any variable at the
time of the crash with

 (gdb) p varname



Michal Szymanski (msz at astrouw dot edu dot pl)
Warsaw University Observatory, Warszawa, POLAND

 Michal Szymanski (msz at astrouw dot edu dot pl)
 Warsaw University Observatory, Warszawa, POLAND

