Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 455286 - x86_64 specific: Seg fault on close of dialog box
Summary: x86_64 specific: Seg fault on close of dialog box
Alias: None
Product: Fedora
Classification: Fedora
Component: lesstif
Version: 9
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Patrice Dumas
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2008-07-14 17:29 UTC by david schuller
Modified: 2008-08-01 11:57 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-08-01 11:57:02 UTC

Attachments (Terms of Use)
Source code for test app (deleted)
2008-07-14 17:29 UTC, david schuller
no flags Details

Description david schuller 2008-07-14 17:29:21 UTC
Description of problem: Test app crashes with Segmentation fault when Dialog box
should close

Version-Release number of selected component (if applicable):

How reproducible:
Completely, every single time

Steps to Reproduce:
1. Download test app, compile, run
2. Choose "STOP" button, select "After Current Image" from drop-down menu
3. When Dialog box appears, choose "YES" or "NO" pushbutton.
Actual results:
with lesstif on x86_64, entire app crashes with "Segmentation fault"

Expected results:
Dialog box closes, leaving main menu intact (this behaviour seen with i386
version of lesstif, and with openmotif-2.3.0)

Additional info: Dialog contains BulletinBoard, which contains a label and two

Comment 1 david schuller 2008-07-14 17:29:22 UTC
Created attachment 311738 [details]
Source code for test app

Comment 2 Hans de Goede 2008-08-01 11:57:02 UTC
(In reply to comment #1)
> Created an attachment (id=311738) [edit]
> Source code for test app

Make that: "Buggy source code for test app".

/me is grumpy after debugging a problem that turns out to be in someone else's
code for 2 hours GRMMNBL

Anyways your code in the stop_activateCallback() callback handler trashes the
stack, making lesstif unhappy. The only reason motif is not unhappy is luck.

Your code says:

stop_activateCallback(w, client, call)  
Widget w;
XtPointer client;
XtPointer call;
        int user_data;

        XtVaGetValues(w, XmNuserData, &user_data, NULL);


Notice how you get XmNuserData and store that in an int, but XmNuserData
actually has a type of XtPointer, so XtVaGetValues stores 64 bits, but you've
only reserved 32 bits on the stack -> boom stack smashed

The correct code would be:

stop_activateCallback(w, client, call)  
Widget w;
XtPointer client;
XtPointer call;
        XtPointer user_data;

        XtVaGetValues(w, XmNuserData, &user_data, NULL);


Note You need to log in before you can comment on or make changes to this bug.