libx11-6: SEGV in _XTextPropertyToTextList() causes apps to crash

Bug #7170 reported by Debian Bug Importer
20
Affects Status Importance Assigned to Milestone
libx11 (Debian)
Fix Released
Unknown
libx11 (Ubuntu)
Invalid
High
Fabio Massimo Di Nitto

Bug Description

Automatically imported from Debian bug report #250655 http://bugs.debian.org/250655

Revision history for this message
In , Thomas Dickey (dickey) wrote : Re: Bug#250655: xterm: crashes on paste from abiword

On Mon, May 24, 2004 at 01:40:10PM +0200, Max Kutny wrote:
> Package: xterm
> Version: 4.3.0.dfsg.1-1
> Severity: normal
>
> Selecting any text in abiword editor and pasting it with middle mouse
> button into opened exterm window crashes xterm. xterm nicely performs
> with pastes from other applications I tested (firefox, openoffice.org,
> xterm itself) and other applications can smoothly accept pastes from
> abiword without any problems.

valgrind seems to point down into the X libraries (perhaps xterm is
doing something that is not correct, but I don't see that immediately).
To isolate the problem, will have to debug the X libraries. Here's
the fragment from valgrind's log (bear in mind that running valgrind
sometimes alters behavior):

==8273== Invalid read of size 4
==8273== at 0x3C0B89D9: _XlcResetConverter (in /usr/X11R6/lib/libX11.so.6.2)
==8273== by 0x3C0BEE08: (within /usr/X11R6/lib/libX11.so.6.2)
==8273== by 0x3C0BF074: _Xutf8TextPropertyToTextList (in /usr/X11R6/lib/libX11.so.6.2)
==8273== by 0x3C096EF7: Xutf8TextPropertyToTextList (in /usr/X11R6/lib/libX11.so.6.2)
==8273== by 0x804F89B: SelectionReceived (button.c:1382)
==8273== by 0x3C257CC2: (within /usr/X11R6/lib/libXt.so.6.0)
==8273== by 0x3C257FFD: (within /usr/X11R6/lib/libXt.so.6.0)
==8273== by 0x3C24376E: XtDispatchEventToWidget (in /usr/X11R6/lib/libXt.so.6.2)
==8273== by 0x3C24411C: (within /usr/X11R6/lib/libXt.so.6.0)
==8273== by 0x3C24443E: XtDispatchEvent (in /usr/X11R6/lib/libXt.so.6.0)
==8273== Address 0x0 is not stack'd, malloc'd or free'd
==8273==
==8273== Process terminating with default action of signal 11 (SIGSEGV): dumpin>
==8273== Access not within mapped region at address 0x0
==8273== at 0x3C0B89D9: _XlcResetConverter (in /usr/X11R6/lib/libX11.so.6.2)
==8273== by 0x3C0BEE08: (within /usr/X11R6/lib/libX11.so.6.2)
==8273== by 0x3C0BF074: _Xutf8TextPropertyToTextList (in /usr/X11R6/lib/libX11.so.6.2)
==8273== by 0x3C096EF7: Xutf8TextPropertyToTextList (in /usr/X11R6/lib/libX11.so.6.2)
==8273== by 0x804F89B: SelectionReceived (button.c:1382)
==8273== by 0x3C257CC2: (within /usr/X11R6/lib/libXt.so.6.0)
==8273== by 0x3C257FFD: (within /usr/X11R6/lib/libXt.so.6.0)
==8273== by 0x3C24376E: XtDispatchEventToWidget (in /usr/X11R6/lib/libXt.so.6.2)
==8273== by 0x3C24411C: (within /usr/X11R6/lib/libXt.so.6.0)
==8273== by 0x3C24443E: XtDispatchEvent (in /usr/X11R6/lib/libXtso.6.0)

Tracing some of the values does seem to indicate it crashes with a UTF8_STRING.

--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

Revision history for this message
In , Thomas Dickey (dickey) wrote :

On Wed, May 26, 2004 at 03:10:08AM +0200, Thomas Dickey wrote:

Running xterm against current XFree86, this problem does not appear.

--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

Revision history for this message
In , Branden Robinson (branden) wrote :

On Wed, May 26, 2004 at 05:03:43PM -0400, Thomas Dickey wrote:
> On Wed, May 26, 2004 at 03:10:08AM +0200, Thomas Dickey wrote:
>
> Running xterm against current XFree86, this problem does not appear.

By "current XFree86", do you mean Debian's latest packages of it,
XFree86 4.4.0, or XFree86 CVS HEAD?

--
G. Branden Robinson | What cause deserves following if
Debian GNU/Linux | its adherents must bury their
<email address hidden> | opposition with lies?
http://people.debian.org/~branden/ | -- Noel O'Connor

Revision history for this message
In , Thomas Dickey (dickey) wrote :

On Fri, May 28, 2004 at 05:17:45AM -0500, Branden Robinson wrote:
> On Wed, May 26, 2004 at 05:03:43PM -0400, Thomas Dickey wrote:
> > On Wed, May 26, 2004 at 03:10:08AM +0200, Thomas Dickey wrote:
> >
> > Running xterm against current XFree86, this problem does not appear.
>
> By "current XFree86", do you mean Debian's latest packages of it,
> XFree86 4.4.0, or XFree86 CVS HEAD?

I was looking at the latter. (I do have a build tree for 4.4.0, but since I
made a few fixes for Xt, was looking at the current code, partly to see if
there were other fixes I might make).

unrelated - I'm using a static copy of XFree86 for my X server on Debian (can't
recall entirely at the moment, but the previous set of X packages didn't
successfully start X, but seem to recall that the current one does).

Both current XFree86 server and current Debian libraries have problems though
(I have observed that the current Debian libraries are causing Opera to use a
lot of CPU, and also went back to a previous snapshot of my X servers to avoid
a bug - debugging the server is out of my range of interests).

I do a full build on each xterm patch check xterm and to update the XFree86
binary. When I was testing this report, it was against the build tree, since
(if I'd seen an issue) it would be simple to recompile the related libraries
with -g so valgrind could offer more insight). Since I already have the
trees setup, it was the least work (but doesn't completely answer the
report of course).

--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

Revision history for this message
In , Branden Robinson (branden) wrote :

On Fri, May 28, 2004 at 06:45:39AM -0400, Thomas Dickey wrote:
> On Fri, May 28, 2004 at 05:17:45AM -0500, Branden Robinson wrote:
> > On Wed, May 26, 2004 at 05:03:43PM -0400, Thomas Dickey wrote:
> > > On Wed, May 26, 2004 at 03:10:08AM +0200, Thomas Dickey wrote:
> > >
> > > Running xterm against current XFree86, this problem does not appear.
> >
> > By "current XFree86", do you mean Debian's latest packages of it,
> > XFree86 4.4.0, or XFree86 CVS HEAD?
>
> I was looking at the latter. (I do have a build tree for 4.4.0, but since I
> made a few fixes for Xt, was looking at the current code, partly to see if
> there were other fixes I might make).

Okay, I will be patient while you explore this.

Just as a remark to myself and my fellow "debian-x"ers, if it turns out
the bug is in Xt, this bug should be reassigned to libxt6.

--
G. Branden Robinson | Fair use is irrelevant and
Debian GNU/Linux | improper.
<email address hidden> | -- Asst. U.S. Attorney Scott
http://people.debian.org/~branden/ | Frewing, explaining the DMCA

Revision history for this message
In , Thomas Dickey (dickey) wrote :

On Fri, May 28, 2004 at 10:27:16PM -0500, Branden Robinson wrote:
> On Fri, May 28, 2004 at 06:45:39AM -0400, Thomas Dickey wrote:
> > On Fri, May 28, 2004 at 05:17:45AM -0500, Branden Robinson wrote:
> > > On Wed, May 26, 2004 at 05:03:43PM -0400, Thomas Dickey wrote:
> > > > On Wed, May 26, 2004 at 03:10:08AM +0200, Thomas Dickey wrote:
> > > >
> > > > Running xterm against current XFree86, this problem does not appear.
> > >
> > > By "current XFree86", do you mean Debian's latest packages of it,
> > > XFree86 4.4.0, or XFree86 CVS HEAD?
> >
> > I was looking at the latter. (I do have a build tree for 4.4.0, but since I
> > made a few fixes for Xt, was looking at the current code, partly to see if
> > there were other fixes I might make).
>
> Okay, I will be patient while you explore this.

no problem (just a lot of things to work through).

--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

Revision history for this message
In , Thomas Dickey (dickey) wrote :

On Fri, May 28, 2004 at 10:27:16PM -0500, Branden Robinson wrote:

> Just as a remark to myself and my fellow "debian-x"ers, if it turns out
> the bug is in Xt, this bug should be reassigned to libxt6.

I can reproduce it with XFree86 4.3.0. The immediate cause of failure is
dererencing a null pointer but that part of the code and the intervening
functions on the walkback appear much the same in 4.4.0 - so I expect the
cause is one of the other functions called before that point.

Here's a walkback (it doesn't make any difference whether it's for xterm #174
or xterm #190, so while it might ultimately be a bug in xterm, the difference
in behaviour - works with current X - is due to X libraries):

#0 0x40251a83 in _XlcResetConverter (conv=0x0) at lcConv.c:336
336 if (conv->methods->reset)
(gdb) where
#0 0x40251a83 in _XlcResetConverter (conv=0x0) at lcConv.c:336
#1 0x40258fd6 in _XTextPropertyToTextList (lcd=0x80b2b98, dpy=0x8098728,
    text_prop=0xbfffec00, to_type=0x402725c9 "utf8String",
    list_ret=0xbfffec1c, count_ret=0xbfffec18) at lcPrTxt.c:216
#2 0x4025915c in _Xutf8TextPropertyToTextList (lcd=0x80b2b98, dpy=0x8098728,
    text_prop=0xbfffec00, list_ret=0xbfffec1c, count_ret=0xbfffec18)
    at lcPrTxt.c:275
#3 0x40228589 in Xutf8TextPropertyToTextList (dpy=0x8098728,
    text_prop=0xbfffec00, list_ret=0xbfffec1c, count_ret=0xbfffec18)
    at lcWrap.c:420
#4 0x0804da1c in SelectionReceived (w=0x80bd268, client_data=0x8166e90,
    selection=0xbfffecb4, type=0xbfffec80, value=0x8167080, length=0xbfffec88,
    format=0xbfffec84) at button.c:1372
#5 0x401676d9 in HandleNormal (dpy=0x8098728, widget=0x80bd268, property=453,
    info=0x8166fc0, closure=0x8166e90, selection=449) at Selection.c:1310
#6 0x40167b5f in HandleSelectionReplies (widget=0x80bd268, closure=0x8166fc0,
    ev=0xbfffee40, cont=0xbfffed6d "\001") at Selection.c:1408
#7 0x4014fdbe in XtDispatchEventToWidget (widget=0x80bd268, event=0xbfffee40)
    at Event.c:956
#8 0x401508ce in _XtDefaultDispatcher (event=0xbfffee40) at Event.c:1417
#9 0x40150c93 in XtDispatchEvent (event=0xbfffee40) at Event.c:1497
#10 0x08064e62 in xevents () at misc.c:202
#11 0x08053e8e in in_put () at charproc.c:2751
#12 0x08051414 in VTparse () at charproc.c:910
#13 0x08056eda in VTRun () at charproc.c:4142
#14 0x0807957f in main (argc=0, argv=0xbffff180) at main.c:2222

--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

Revision history for this message
In , Thomas Dickey (dickey-his) wrote :

On Fri, May 28, 2004 at 10:27:16PM -0500, Branden Robinson wrote:
>
> Okay, I will be patient while you explore this.
>
> Just as a remark to myself and my fellow "debian-x"ers, if it turns out
> the bug is in Xt, this bug should be reassigned to libxt6.

As far as I can determine, the bug is in the X libraries. Running against
the XFree86 4.3.0 build tree, I can reproduce the bug. Running against
XFree86 4.4.0 I cannot reproduce the bug. This is independent of the
version of xterm, and since it appears to have been fixed in the later
X libraries indicates to me that it should be reassigned to libxt6.

--
Thomas E. Dickey <email address hidden>
http://invisible-island.net
ftp://invisible-island.net

Revision history for this message
In , Thomas Dickey (dickey-his) wrote :

On Sun, 13 Jun 2004, Branden Robinson wrote:

> On Thu, Jun 10, 2004 at 06:17:50PM -0400, Thomas Dickey wrote:
> > On Fri, May 28, 2004 at 10:27:16PM -0500, Branden Robinson wrote:
> > >
> > > Okay, I will be patient while you explore this.
> > >
> > > Just as a remark to myself and my fellow "debian-x"ers, if it turns out
> > > the bug is in Xt, this bug should be reassigned to libxt6.
> >
> > As far as I can determine, the bug is in the X libraries. Running against
> > the XFree86 4.3.0 build tree, I can reproduce the bug. Running against
> > XFree86 4.4.0 I cannot reproduce the bug. This is independent of the
> > version of xterm, and since it appears to have been fixed in the later
> > X libraries indicates to me that it should be reassigned to libxt6.
>
> Are you reasonably confident that it's Xt that has been fixed upstream
> or is that just a guess? I.e., could it be Xlib insteaad? Which way
> would you bet?

It's only a guess. I don't see any reason why (don't know that there are
interface changes) one couldn't mix the 4.3/4.4 Xlib, Xt, Xmu libraries to
point to a specific library which is most likely the cause. That might
be more efficient than building whole snapshots from different dates.

What I normally do on fishing expeditions like this is to do a binary
search with the snapshot dates to narrow it down.

(It's also possible that the problem exists in 4.4 but is obscured by
something else).

> It's not a really big deal, but I'm trying to get as much data as
> possible in case someone else wants to sink their teeth into this.
>
> (That might be me, armed with a diff of xf-4_3-branch and xf-4_4_0.)
>
> --
> G. Branden Robinson | I'm not going to waste my precious
> Debian GNU/Linux | flash memory with Perl when I can
> <email address hidden> | do so much more with it.
> http://people.debian.org/~branden/ | -- Joey Hess
>

--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

Revision history for this message
In , Branden Robinson (branden) wrote :

reassign 250655 xterm,xfree86
retitle 250655 xterm: crashes on paste from AbiWord [fixed by Xlib, Xt, or Xmu in XFree86 4.4.0]
tag 250655 + upstream help fixed-upstream
thanks

On Mon, Jun 14, 2004 at 05:09:22AM -0400, Thomas Dickey wrote:
> On Sun, 13 Jun 2004, Branden Robinson wrote:
> > Are you reasonably confident that it's Xt that has been fixed upstream
> > or is that just a guess? I.e., could it be Xlib insteaad? Which way
> > would you bet?
>
> It's only a guess. I don't see any reason why (don't know that there are
> interface changes) one couldn't mix the 4.3/4.4 Xlib, Xt, Xmu libraries to
> point to a specific library which is most likely the cause. That might
> be more efficient than building whole snapshots from different dates.
>
> What I normally do on fishing expeditions like this is to do a binary
> search with the snapshot dates to narrow it down.
>
> (It's also possible that the problem exists in 4.4 but is obscured by
> something else).

Tweaking bug accordingly.

We know the bug is fixed upstream; we just don't know where *exactly*.

--
G. Branden Robinson |
Debian GNU/Linux | // // // / /
<email address hidden> | EI 'AANIIGOO 'AHOOT'E
http://people.debian.org/~branden/ |

Revision history for this message
In , Branden Robinson (branden) wrote : Re: Bug#254674: xterm crashes on paste event

reassign 254674 xterm,xfree86
retitle 254674 xterm: crashes on paste event
merge 250655 254674
severity 250655 important
thanks

On Wed, Jun 16, 2004 at 10:25:48AM -0400, Thomas Dickey wrote:
> On Wed, Jun 16, 2004 at 03:51:27PM +0300, Andrey Lebedev wrote:
> > On Wed, Jun 16, 2004 at 08:40:45AM -0400, Thomas Dickey wrote:
> > > > xterm crashes with segmentation fault when i middle click or press
> > > > shift+insert inside xterm. gnome-terminal doesn't crash.
> > > Is this the same as 250655 ?
> > >
> >
> > No, since in my case problem is not specific to AbiWord. Xterm always
> > crashes when I try to paste into xterm window, no matter which app has
> > the selection.
> >
> > #250655 says xterm crashes with AbiWord only if I understand it
> > correctly.
>
> I think it's a little more general than that. The AbiWord case breaks
> when one pastes UTF-8 text into xterm, and seems to be a bug in the X
> libraries.

Merging bugs accordingly.

--
G. Branden Robinson | "To be is to do" -- Plato
Debian GNU/Linux | "To do is to be" -- Aristotle
<email address hidden> | "Do be do be do" -- Sinatra
http://people.debian.org/~branden/ |

Revision history for this message
In , Thomas Dickey (dickey-his) wrote : Re: Bug#250655: xterm: crashes on paste from abiword

On Sun, Jun 13, 2004 at 11:29:11PM -0500, Branden Robinson wrote:
> On Thu, Jun 10, 2004 at 06:17:50PM -0400, Thomas Dickey wrote:
> > On Fri, May 28, 2004 at 10:27:16PM -0500, Branden Robinson wrote:
> > >
> > > Okay, I will be patient while you explore this.

;-)

> > > Just as a remark to myself and my fellow "debian-x"ers, if it turns out
> > > the bug is in Xt, this bug should be reassigned to libxt6.
> >
> > As far as I can determine, the bug is in the X libraries. Running against
> > the XFree86 4.3.0 build tree, I can reproduce the bug. Running against
> > XFree86 4.4.0 I cannot reproduce the bug. This is independent of the
> > version of xterm, and since it appears to have been fixed in the later
> > X libraries indicates to me that it should be reassigned to libxt6.
>
> Are you reasonably confident that it's Xt that has been fixed upstream
> or is that just a guess? I.e., could it be Xlib insteaad? Which way
> would you bet?

I narrowed it down by test-builds to the end of May 2003. There's a
changelog entry which at that point stood out, and applying the fix to
my build tree seems to fix the bug we're discussing. Here's the URL:

 http://bugs.xfree86.org/show_bug.cgi?id=315

(it's a file in Xlib)

--
Thomas E. Dickey <email address hidden>
http://invisible-island.net
ftp://invisible-island.net

Revision history for this message
In , Branden Robinson (branden) wrote :

reassign 250655 libx11-6
retitle 250655 libx11-6: SEGV in _XTextPropertyToTextList() causes apps to crash
# This bug potentially affects many, many X clients. I also think it's a
# regression from woody.
severity 250655 serious
tag 250655 - help

On Sat, Jul 17, 2004 at 02:07:38PM -0400, Thomas Dickey wrote:
> On Sun, Jun 13, 2004 at 11:29:11PM -0500, Branden Robinson wrote:
> > On Thu, Jun 10, 2004 at 06:17:50PM -0400, Thomas Dickey wrote:
> > > As far as I can determine, the bug is in the X libraries. Running against
> > > the XFree86 4.3.0 build tree, I can reproduce the bug. Running against
> > > XFree86 4.4.0 I cannot reproduce the bug. This is independent of the
> > > version of xterm, and since it appears to have been fixed in the later
> > > X libraries indicates to me that it should be reassigned to libxt6.
> >
> > Are you reasonably confident that it's Xt that has been fixed upstream
> > or is that just a guess? I.e., could it be Xlib insteaad? Which way
> > would you bet?
>
> I narrowed it down by test-builds to the end of May 2003. There's a
> changelog entry which at that point stood out, and applying the fix to
> my build tree seems to fix the bug we're discussing. Here's the URL:
>
> http://bugs.xfree86.org/show_bug.cgi?id=315
>
> (it's a file in Xlib)

Thanks, Thomas!

Reassigning and updating this bug accordingly.

Bug submitters: assuming our diagnosis is correct, you can expect this bug
to be fixed in the next Debian package release of XFree86.

--
G. Branden Robinson | It is the responsibility of
Debian GNU/Linux | intellectuals to tell the truth and
<email address hidden> | expose lies.
http://people.debian.org/~branden/ | -- Noam Chomsky

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #250655 http://bugs.debian.org/250655

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <E1BSDU5-000250-UJ@localhost>
Date: Mon, 24 May 2004 14:19:09 +0300
From: Max Kutny <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: xterm: crashes on paste from abiword

Package: xterm
Version: 4.3.0.dfsg.1-1
Severity: normal

Selecting any text in abiword editor and pasting it with middle mouse
button into opened exterm window crashes xterm. xterm nicely performs
with pastes from other applications I tested (firefox, openoffice.org,
xterm itself) and other applications can smoothly accept pastes from
abiword without any problems.

Last portion of strace output:

readv(3, [{"Revenue\0", 8}, {"", 0}], 2) = 8
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

Last unfinished calls from ltrace are:

mkut@maxmobil:~$ ltrace xterm
...
XtAppNextEvent(0x808f8d8, 0xbffff7f0, 0xbffff808, 0x402169e4, 28) = 0
XtDispatchEvent(0xbffff7f0, 0xbffff7f0, 0xbffff808, 0x402169e4, 31 <unfinished ...>
XmuInternAtom(0x80904e8, 0x40160110, 1, 0x401b06b0, 0x80b2f40) = 430
Xutf8TextPropertyToTextList(0x80904e8, 0xbffff600, 0xbffff5f8, 0xbffff5fc, 0x80b2f40 <unfinished ...>
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.6-1-686
Locale: LANG=uk_UA.UTF-8, LC_CTYPE=uk_UA.UTF-8

Versions of packages xterm depends on:
ii libc6 2.3.2.ds1-12 GNU C Library: Shared libraries an
ii libexpat1 1.95.6-8 XML parsing C library - runtime li
ii libfontconfig1 2.2.2-2 generic font configuration library
ii libfreetype6 2.1.7-2 FreeType 2 font engine, shared lib
ii libice6 4.3.0.dfsg.1-1 Inter-Client Exchange library
ii libncurses5 5.4-3 Shared libraries for terminal hand
ii libsm6 4.3.0.dfsg.1-1 X Window System Session Management
ii libxaw7 4.3.0.dfsg.1-1 X Athena widget set library
ii libxext6 4.3.0.dfsg.1-1 X Window System miscellaneous exte
ii libxft2 2.1.2-6 FreeType-based font drawing librar
ii libxmu6 4.3.0.dfsg.1-1 X Window System miscellaneous util
ii libxpm4 4.3.0.dfsg.1-1 X pixmap library
ii libxrender1 0.8.3-7 X Rendering Extension client libra
ii libxt6 4.3.0.dfsg.1-1 X Toolkit Intrinsics
ii xlibs 4.3.0.dfsg.1-1 X Window System client libraries m
ii xlibs-data 4.3.0.dfsg.1-1 X Window System client data

-- no debconf information

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (3.5 KiB)

Message-ID: <email address hidden>
Date: Tue, 25 May 2004 20:46:23 -0400
From: Thomas Dickey <email address hidden>
To: Max Kutny <email address hidden>, <email address hidden>
Subject: Re: Bug#250655: xterm: crashes on paste from abiword

--82I3+IH0IqGh5yIs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, May 24, 2004 at 01:40:10PM +0200, Max Kutny wrote:
> Package: xterm
> Version: 4.3.0.dfsg.1-1
> Severity: normal
>=20
> Selecting any text in abiword editor and pasting it with middle mouse
> button into opened exterm window crashes xterm. xterm nicely performs
> with pastes from other applications I tested (firefox, openoffice.org,
> xterm itself) and other applications can smoothly accept pastes from
> abiword without any problems.

valgrind seems to point down into the X libraries (perhaps xterm is
doing something that is not correct, but I don't see that immediately).
To isolate the problem, will have to debug the X libraries. Here's
the fragment from valgrind's log (bear in mind that running valgrind
sometimes alters behavior):

=3D=3D8273=3D=3D Invalid read of size 4
=3D=3D8273=3D=3D at 0x3C0B89D9: _XlcResetConverter (in /usr/X11R6/lib/li=
bX11.so.6.2)
=3D=3D8273=3D=3D by 0x3C0BEE08: (within /usr/X11R6/lib/libX11.so.6.2)
=3D=3D8273=3D=3D by 0x3C0BF074: _Xutf8TextPropertyToTextList (in /usr/X1=
1R6/lib/libX11.so.6.2)
=3D=3D8273=3D=3D by 0x3C096EF7: Xutf8TextPropertyToTextList (in /usr/X11=
R6/lib/libX11.so.6.2)
=3D=3D8273=3D=3D by 0x804F89B: SelectionReceived (button.c:1382)
=3D=3D8273=3D=3D by 0x3C257CC2: (within /usr/X11R6/lib/libXt.so.6.0)
=3D=3D8273=3D=3D by 0x3C257FFD: (within /usr/X11R6/lib/libXt.so.6.0)
=3D=3D8273=3D=3D by 0x3C24376E: XtDispatchEventToWidget (in /usr/X11R6/l=
ib/libXt.so.6.2)
=3D=3D8273=3D=3D by 0x3C24411C: (within /usr/X11R6/lib/libXt.so.6.0)
=3D=3D8273=3D=3D by 0x3C24443E: XtDispatchEvent (in /usr/X11R6/lib/libXt=
.so.6.0)
=3D=3D8273=3D=3D Address 0x0 is not stack'd, malloc'd or free'd
=3D=3D8273=3D=3D
=3D=3D8273=3D=3D Process terminating with default action of signal 11 (SIGS=
EGV): dumpin>
=3D=3D8273=3D=3D Access not within mapped region at address 0x0
=3D=3D8273=3D=3D at 0x3C0B89D9: _XlcResetConverter (in /usr/X11R6/lib/li=
bX11.so.6.2)
=3D=3D8273=3D=3D by 0x3C0BEE08: (within /usr/X11R6/lib/libX11.so.6.2)
=3D=3D8273=3D=3D by 0x3C0BF074: _Xutf8TextPropertyToTextList (in /usr/X1=
1R6/lib/libX11.so.6.2)
=3D=3D8273=3D=3D by 0x3C096EF7: Xutf8TextPropertyToTextList (in /usr/X11=
R6/lib/libX11.so.6.2)
=3D=3D8273=3D=3D by 0x804F89B: SelectionReceived (button.c:1382)
=3D=3D8273=3D=3D by 0x3C257CC2: (within /usr/X11R6/lib/libXt.so.6.0)
=3D=3D8273=3D=3D by 0x3C257FFD: (within /usr/X11R6/lib/libXt.so.6.0)
=3D=3D8273=3D=3D by 0x3C24376E: XtDispatchEventToWidget (in /usr/X11R6/l=
ib/libXt.so.6.2)
=3D=3D8273=3D=3D by 0x3C24411C: (within /usr/X11R6/lib/libXt.so.6.0)
=3D=3D8273=3D=3D by 0x3C24443E: XtDispatchEvent (in /usr/X11R6/lib/libXt=
so.6.0)

Tracing some of the values does seem to indicate it crashes with a UTF8_STR=
ING.

--=20
Thomas E. Dickey
http://invisible-i...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Wed, 26 May 2004 17:03:43 -0400
From: Thomas Dickey <email address hidden>
To: <email address hidden>
Subject: Re: Bug#250655: xterm: crashes on paste from abiword

--h31gzZEtNLTqOjlF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, May 26, 2004 at 03:10:08AM +0200, Thomas Dickey wrote:

Running xterm against current XFree86, this problem does not appear.

--=20
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

--h31gzZEtNLTqOjlF
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SunOS)
Comment: For info see http://www.gnupg.org

iD8DBQFAtQYttIqByHxlDocRAo1eAJ95fN3ei2V3ByjjJ/taemuQRYElNACfQhGF
WIVKh0DEBBdztDgKnNRieGA=
=h/Ze
-----END PGP SIGNATURE-----

--h31gzZEtNLTqOjlF--

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 28 May 2004 05:17:45 -0500
From: Branden Robinson <email address hidden>
To: Thomas Dickey <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#250655: xterm: crashes on paste from abiword

--pnwJnpr18esoRWH7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, May 26, 2004 at 05:03:43PM -0400, Thomas Dickey wrote:
> On Wed, May 26, 2004 at 03:10:08AM +0200, Thomas Dickey wrote:
>=20
> Running xterm against current XFree86, this problem does not appear.

By "current XFree86", do you mean Debian's latest packages of it,
XFree86 4.4.0, or XFree86 CVS HEAD?

--=20
G. Branden Robinson | What cause deserves following if
Debian GNU/Linux | its adherents must bury their
<email address hidden> | opposition with lies?
http://people.debian.org/~branden/ | -- Noel O'Connor

--pnwJnpr18esoRWH7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iEYEARECAAYFAkC3EckACgkQ6kxmHytGonzKJgCfctwjBWmvCEPXYvfg9Mj7k4cl
IrsAoJn1/FRivdz4kcso4fNYIcmiTVB+
=wsfm
-----END PGP SIGNATURE-----

--pnwJnpr18esoRWH7--

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 28 May 2004 06:45:39 -0400
From: Thomas Dickey <email address hidden>
To: Branden Robinson <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#250655: xterm: crashes on paste from abiword

--VbJkn9YxBvnuCH5J
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, May 28, 2004 at 05:17:45AM -0500, Branden Robinson wrote:
> On Wed, May 26, 2004 at 05:03:43PM -0400, Thomas Dickey wrote:
> > On Wed, May 26, 2004 at 03:10:08AM +0200, Thomas Dickey wrote:
> >=20
> > Running xterm against current XFree86, this problem does not appear.
>=20
> By "current XFree86", do you mean Debian's latest packages of it,
> XFree86 4.4.0, or XFree86 CVS HEAD?

I was looking at the latter. (I do have a build tree for 4.4.0, but since I
made a few fixes for Xt, was looking at the current code, partly to see if
there were other fixes I might make).

unrelated - I'm using a static copy of XFree86 for my X server on Debian (c=
an't
recall entirely at the moment, but the previous set of X packages didn't
successfully start X, but seem to recall that the current one does).

Both current XFree86 server and current Debian libraries have problems thou=
gh
(I have observed that the current Debian libraries are causing Opera to use=
 a
lot of CPU, and also went back to a previous snapshot of my X servers to av=
oid
a bug - debugging the server is out of my range of interests).

I do a full build on each xterm patch check xterm and to update the XFree86
binary. When I was testing this report, it was against the build tree, sin=
ce
(if I'd seen an issue) it would be simple to recompile the related libraries
with -g so valgrind could offer more insight). Since I already have the
trees setup, it was the least work (but doesn't completely answer the
report of course).

--=20
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

--VbJkn9YxBvnuCH5J
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SunOS)
Comment: For info see http://www.gnupg.org

iD8DBQFAtxhOtIqByHxlDocRApdqAJ9/dHtp7MFutoCPPpc7O9YbVUJRlQCbBvjJ
7+KlSUvrV3UWVa8fPfYydE0=
=tFCU
-----END PGP SIGNATURE-----

--VbJkn9YxBvnuCH5J--

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 28 May 2004 22:27:16 -0500
From: Branden Robinson <email address hidden>
To: Thomas Dickey <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#250655: xterm: crashes on paste from abiword

--hl1kWnBARzJiTscN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, May 28, 2004 at 06:45:39AM -0400, Thomas Dickey wrote:
> On Fri, May 28, 2004 at 05:17:45AM -0500, Branden Robinson wrote:
> > On Wed, May 26, 2004 at 05:03:43PM -0400, Thomas Dickey wrote:
> > > On Wed, May 26, 2004 at 03:10:08AM +0200, Thomas Dickey wrote:
> > >=20
> > > Running xterm against current XFree86, this problem does not appear.
> >=20
> > By "current XFree86", do you mean Debian's latest packages of it,
> > XFree86 4.4.0, or XFree86 CVS HEAD?
>=20
> I was looking at the latter. (I do have a build tree for 4.4.0, but sinc=
e I
> made a few fixes for Xt, was looking at the current code, partly to see if
> there were other fixes I might make).

Okay, I will be patient while you explore this.

Just as a remark to myself and my fellow "debian-x"ers, if it turns out
the bug is in Xt, this bug should be reassigned to libxt6.

--=20
G. Branden Robinson | Fair use is irrelevant and
Debian GNU/Linux | improper.
<email address hidden> | -- Asst. U.S. Attorney Scott
http://people.debian.org/~branden/ | Frewing, explaining the DMCA

--hl1kWnBARzJiTscN
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iEYEARECAAYFAkC4AxQACgkQ6kxmHytGonx4kQCfYG8d1JGzI2M1Q1gu3ODvax7L
AcwAn2b6g1m2ZBUWPR5Mi35qjwSiLvoZ
=FZ2v
-----END PGP SIGNATURE-----

--hl1kWnBARzJiTscN--

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Sat, 29 May 2004 06:53:37 -0400
From: Thomas Dickey <email address hidden>
To: Branden Robinson <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#250655: xterm: crashes on paste from abiword

--AhhlLboLdkugWU4S
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, May 28, 2004 at 10:27:16PM -0500, Branden Robinson wrote:
> On Fri, May 28, 2004 at 06:45:39AM -0400, Thomas Dickey wrote:
> > On Fri, May 28, 2004 at 05:17:45AM -0500, Branden Robinson wrote:
> > > On Wed, May 26, 2004 at 05:03:43PM -0400, Thomas Dickey wrote:
> > > > On Wed, May 26, 2004 at 03:10:08AM +0200, Thomas Dickey wrote:
> > > >=20
> > > > Running xterm against current XFree86, this problem does not appear.
> > >=20
> > > By "current XFree86", do you mean Debian's latest packages of it,
> > > XFree86 4.4.0, or XFree86 CVS HEAD?
> >=20
> > I was looking at the latter. (I do have a build tree for 4.4.0, but si=
nce I
> > made a few fixes for Xt, was looking at the current code, partly to see=
 if
> > there were other fixes I might make).
>=20
> Okay, I will be patient while you explore this.

no problem (just a lot of things to work through).
=20
--=20
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

--AhhlLboLdkugWU4S
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SunOS)
Comment: For info see http://www.gnupg.org

iD8DBQFAuGuvtIqByHxlDocRAujlAJ95abUo34ut0q+AOXvN9GjZ5T420wCbBBGC
1MBsfB+EuKjXJln+O75Zwh0=
=Onfn
-----END PGP SIGNATURE-----

--AhhlLboLdkugWU4S--

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (3.2 KiB)

Message-ID: <email address hidden>
Date: Sun, 30 May 2004 17:09:24 -0400
From: Thomas Dickey <email address hidden>
To: Branden Robinson <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#250655: xterm: crashes on paste from abiword

--qDbXVdCdHGoSgWSk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, May 28, 2004 at 10:27:16PM -0500, Branden Robinson wrote:

> Just as a remark to myself and my fellow "debian-x"ers, if it turns out
> the bug is in Xt, this bug should be reassigned to libxt6.

I can reproduce it with XFree86 4.3.0. The immediate cause of failure is
dererencing a null pointer but that part of the code and the intervening
functions on the walkback appear much the same in 4.4.0 - so I expect the
cause is one of the other functions called before that point.

Here's a walkback (it doesn't make any difference whether it's for xterm #1=
74
or xterm #190, so while it might ultimately be a bug in xterm, the differen=
ce
in behaviour - works with current X - is due to X libraries):

#0 0x40251a83 in _XlcResetConverter (conv=3D0x0) at lcConv.c:336
336 if (conv->methods->reset)
(gdb) where
#0 0x40251a83 in _XlcResetConverter (conv=3D0x0) at lcConv.c:336
#1 0x40258fd6 in _XTextPropertyToTextList (lcd=3D0x80b2b98, dpy=3D0x809872=
8,=20
    text_prop=3D0xbfffec00, to_type=3D0x402725c9 "utf8String",=20
    list_ret=3D0xbfffec1c, count_ret=3D0xbfffec18) at lcPrTxt.c:216
#2 0x4025915c in _Xutf8TextPropertyToTextList (lcd=3D0x80b2b98, dpy=3D0x80=
98728,=20
    text_prop=3D0xbfffec00, list_ret=3D0xbfffec1c, count_ret=3D0xbfffec18)
    at lcPrTxt.c:275
#3 0x40228589 in Xutf8TextPropertyToTextList (dpy=3D0x8098728,=20
    text_prop=3D0xbfffec00, list_ret=3D0xbfffec1c, count_ret=3D0xbfffec18)
    at lcWrap.c:420
#4 0x0804da1c in SelectionReceived (w=3D0x80bd268, client_data=3D0x8166e90=
,=20
    selection=3D0xbfffecb4, type=3D0xbfffec80, value=3D0x8167080, length=3D=
0xbfffec88,=20
    format=3D0xbfffec84) at button.c:1372
#5 0x401676d9 in HandleNormal (dpy=3D0x8098728, widget=3D0x80bd268, proper=
ty=3D453,=20
    info=3D0x8166fc0, closure=3D0x8166e90, selection=3D449) at Selection.c:=
1310
#6 0x40167b5f in HandleSelectionReplies (widget=3D0x80bd268, closure=3D0x8=
166fc0,=20
    ev=3D0xbfffee40, cont=3D0xbfffed6d "\001") at Selection.c:1408
#7 0x4014fdbe in XtDispatchEventToWidget (widget=3D0x80bd268, event=3D0xbf=
ffee40)
    at Event.c:956
#8 0x401508ce in _XtDefaultDispatcher (event=3D0xbfffee40) at Event.c:1417
#9 0x40150c93 in XtDispatchEvent (event=3D0xbfffee40) at Event.c:1497
#10 0x08064e62 in xevents () at misc.c:202
#11 0x08053e8e in in_put () at charproc.c:2751
#12 0x08051414 in VTparse () at charproc.c:910
#13 0x08056eda in VTRun () at charproc.c:4142
#14 0x0807957f in main (argc=3D0, argv=3D0xbffff180) at main.c:2222

--=20
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

--qDbXVdCdHGoSgWSk
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SunOS)
Comment: For info see http://www.gnupg.org

iD8DBQFAuk2CtIqByHxlDoc...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Thu, 10 Jun 2004 18:17:50 -0400
From: Thomas Dickey <email address hidden>
To: Branden Robinson <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#250655: xterm: crashes on paste from abiword

--nFreZHaLTZJo0R7j
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, May 28, 2004 at 10:27:16PM -0500, Branden Robinson wrote:
>=20
> Okay, I will be patient while you explore this.
>=20
> Just as a remark to myself and my fellow "debian-x"ers, if it turns out
> the bug is in Xt, this bug should be reassigned to libxt6.

As far as I can determine, the bug is in the X libraries. Running against
the XFree86 4.3.0 build tree, I can reproduce the bug. Running against
XFree86 4.4.0 I cannot reproduce the bug. This is independent of the
version of xterm, and since it appears to have been fixed in the later
X libraries indicates to me that it should be reassigned to libxt6.

--=20
Thomas E. Dickey <email address hidden>
http://invisible-island.net
ftp://invisible-island.net

--nFreZHaLTZJo0R7j
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAyN4OcCNT4PfkjtsRAqzfAJwN9YYt++5omy6SJM2rXF3piNYumACgz0J7
kT6sH9MDctCafo6PmDedMBs=
=618L
-----END PGP SIGNATURE-----

--nFreZHaLTZJo0R7j--

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Sun, 13 Jun 2004 23:29:11 -0500
From: Branden Robinson <email address hidden>
To: Thomas Dickey <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#250655: xterm: crashes on paste from abiword

--rQ2U398070+RC21q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment
Content-Transfer-Encoding: quoted-printable

On Thu, Jun 10, 2004 at 06:17:50PM -0400, Thomas Dickey wrote:
> On Fri, May 28, 2004 at 10:27:16PM -0500, Branden Robinson wrote:
> >=20
> > Okay, I will be patient while you explore this.
> >=20
> > Just as a remark to myself and my fellow "debian-x"ers, if it turns out
> > the bug is in Xt, this bug should be reassigned to libxt6.
>=20
> As far as I can determine, the bug is in the X libraries. Running against
> the XFree86 4.3.0 build tree, I can reproduce the bug. Running against
> XFree86 4.4.0 I cannot reproduce the bug. This is independent of the
> version of xterm, and since it appears to have been fixed in the later
> X libraries indicates to me that it should be reassigned to libxt6.

Are you reasonably confident that it's Xt that has been fixed upstream
or is that just a guess? I.e., could it be Xlib insteaad? Which way
would you bet?

It's not a really big deal, but I'm trying to get as much data as
possible in case someone else wants to sink their teeth into this.

(That might be me, armed with a diff of xf-4_3-branch and xf-4_4_0.)

--=20
G. Branden Robinson | I'm not going to waste my precious
Debian GNU/Linux | flash memory with Perl when I can
<email address hidden> | do so much more with it.
http://people.debian.org/~branden/ | -- Joey Hess

--rQ2U398070+RC21q
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iEYEARECAAYFAkDNKZYACgkQ6kxmHytGonwqYACffLshOrq7TPvkzSVRvHhbnYoE
vgYAn0qMnxEO9eG4zQ//jOLiTyelvbSs
=G5TW
-----END PGP SIGNATURE-----

--rQ2U398070+RC21q--

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Mon, 14 Jun 2004 05:09:22 -0400 (EDT)
From: Thomas Dickey <email address hidden>
To: Branden Robinson <email address hidden>
cc: <email address hidden>
Subject: Re: Bug#250655: xterm: crashes on paste from abiword

On Sun, 13 Jun 2004, Branden Robinson wrote:

> On Thu, Jun 10, 2004 at 06:17:50PM -0400, Thomas Dickey wrote:
> > On Fri, May 28, 2004 at 10:27:16PM -0500, Branden Robinson wrote:
> > >
> > > Okay, I will be patient while you explore this.
> > >
> > > Just as a remark to myself and my fellow "debian-x"ers, if it turns out
> > > the bug is in Xt, this bug should be reassigned to libxt6.
> >
> > As far as I can determine, the bug is in the X libraries. Running against
> > the XFree86 4.3.0 build tree, I can reproduce the bug. Running against
> > XFree86 4.4.0 I cannot reproduce the bug. This is independent of the
> > version of xterm, and since it appears to have been fixed in the later
> > X libraries indicates to me that it should be reassigned to libxt6.
>
> Are you reasonably confident that it's Xt that has been fixed upstream
> or is that just a guess? I.e., could it be Xlib insteaad? Which way
> would you bet?

It's only a guess. I don't see any reason why (don't know that there are
interface changes) one couldn't mix the 4.3/4.4 Xlib, Xt, Xmu libraries to
point to a specific library which is most likely the cause. That might
be more efficient than building whole snapshots from different dates.

What I normally do on fishing expeditions like this is to do a binary
search with the snapshot dates to narrow it down.

(It's also possible that the problem exists in 4.4 but is obscured by
something else).

> It's not a really big deal, but I'm trying to get as much data as
> possible in case someone else wants to sink their teeth into this.
>
> (That might be me, armed with a diff of xf-4_3-branch and xf-4_4_0.)
>
> --
> G. Branden Robinson | I'm not going to waste my precious
> Debian GNU/Linux | flash memory with Perl when I can
> <email address hidden> | do so much more with it.
> http://people.debian.org/~branden/ | -- Joey Hess
>

--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 25 Jun 2004 18:44:59 -0500
From: Branden Robinson <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: Bug#250655: xterm: crashes on paste from abiword

--magLDk5D4XGaUXcd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

reassign 250655 xterm,xfree86
retitle 250655 xterm: crashes on paste from AbiWord [fixed by Xlib, Xt, or =
Xmu in XFree86 4.4.0]
tag 250655 + upstream help fixed-upstream
thanks

On Mon, Jun 14, 2004 at 05:09:22AM -0400, Thomas Dickey wrote:
> On Sun, 13 Jun 2004, Branden Robinson wrote:
> > Are you reasonably confident that it's Xt that has been fixed upstream
> > or is that just a guess? I.e., could it be Xlib insteaad? Which way
> > would you bet?
>=20
> It's only a guess. I don't see any reason why (don't know that there are
> interface changes) one couldn't mix the 4.3/4.4 Xlib, Xt, Xmu libraries to
> point to a specific library which is most likely the cause. That might
> be more efficient than building whole snapshots from different dates.
>=20
> What I normally do on fishing expeditions like this is to do a binary
> search with the snapshot dates to narrow it down.
>=20
> (It's also possible that the problem exists in 4.4 but is obscured by
> something else).

Tweaking bug accordingly.

We know the bug is fixed upstream; we just don't know where *exactly*.

--=20
G. Branden Robinson |
Debian GNU/Linux | // // // / /
<email address hidden> | EI 'AANIIGOO 'AHOOT'E
http://people.debian.org/~branden/ |

--magLDk5D4XGaUXcd
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iEYEARECAAYFAkDcuPsACgkQ6kxmHytGonwcWwCfVnomlH6UVltHkkBNEbVmu7Tc
HYYAnA+6EvvkERQI6cwnot1uq8Qmwimr
=ZT/m
-----END PGP SIGNATURE-----

--magLDk5D4XGaUXcd--

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Thu, 8 Jul 2004 13:44:21 -0500
From: Branden Robinson <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: Bug#254674: xterm crashes on paste event

--R10gueRtU1pFqy+X
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

reassign 254674 xterm,xfree86
retitle 254674 xterm: crashes on paste event
merge 250655 254674
severity 250655 important
thanks

On Wed, Jun 16, 2004 at 10:25:48AM -0400, Thomas Dickey wrote:
> On Wed, Jun 16, 2004 at 03:51:27PM +0300, Andrey Lebedev wrote:
> > On Wed, Jun 16, 2004 at 08:40:45AM -0400, Thomas Dickey wrote:
> > > > xterm crashes with segmentation fault when i middle click or press
> > > > shift+insert inside xterm. gnome-terminal doesn't crash.
> > > Is this the same as 250655 ?
> > >=20
> >=20
> > No, since in my case problem is not specific to AbiWord. Xterm always
> > crashes when I try to paste into xterm window, no matter which app has
> > the selection.
> >=20
> > #250655 says xterm crashes with AbiWord only if I understand it
> > correctly.
>=20
> I think it's a little more general than that. The AbiWord case breaks
> when one pastes UTF-8 text into xterm, and seems to be a bug in the X
> libraries.

Merging bugs accordingly.

--=20
G. Branden Robinson | "To be is to do" -- Plato
Debian GNU/Linux | "To do is to be" -- Aristotle
<email address hidden> | "Do be do be do" -- Sinatra
http://people.debian.org/~branden/ |

--R10gueRtU1pFqy+X
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iEYEARECAAYFAkDtlgUACgkQ6kxmHytGonxfIQCgkSpuxYu5D3U0iFXa3og0lyfk
D+4An0gRzaBk9RihoV35cA+7TV1RuD0/
=6yVc
-----END PGP SIGNATURE-----

--R10gueRtU1pFqy+X--

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Sat, 17 Jul 2004 14:07:38 -0400
From: Thomas Dickey <email address hidden>
To: <email address hidden>
Subject: Re: Bug#250655: xterm: crashes on paste from abiword

--T4sUOijqQbZv57TR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Jun 13, 2004 at 11:29:11PM -0500, Branden Robinson wrote:
> On Thu, Jun 10, 2004 at 06:17:50PM -0400, Thomas Dickey wrote:
> > On Fri, May 28, 2004 at 10:27:16PM -0500, Branden Robinson wrote:
> > >=20
> > > Okay, I will be patient while you explore this.

;-)

> > > Just as a remark to myself and my fellow "debian-x"ers, if it turns o=
ut
> > > the bug is in Xt, this bug should be reassigned to libxt6.
> >=20
> > As far as I can determine, the bug is in the X libraries. Running agai=
nst
> > the XFree86 4.3.0 build tree, I can reproduce the bug. Running against
> > XFree86 4.4.0 I cannot reproduce the bug. This is independent of the
> > version of xterm, and since it appears to have been fixed in the later
> > X libraries indicates to me that it should be reassigned to libxt6.
>=20
> Are you reasonably confident that it's Xt that has been fixed upstream
> or is that just a guess? I.e., could it be Xlib insteaad? Which way
> would you bet?

I narrowed it down by test-builds to the end of May 2003. There's a
changelog entry which at that point stood out, and applying the fix to
my build tree seems to fix the bug we're discussing. Here's the URL:

 http://bugs.xfree86.org/show_bug.cgi?id=3D315

(it's a file in Xlib)

--=20
Thomas E. Dickey <email address hidden>
http://invisible-island.net
ftp://invisible-island.net

--T4sUOijqQbZv57TR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA+WrqcCNT4PfkjtsRAvCdAJ9wHIir4EK6ElvMMzEqKl9GFW4n5wCguMt2
yHWBKJhFJy0JvPOQa9GcmEg=
=ZnJj
-----END PGP SIGNATURE-----

--T4sUOijqQbZv57TR--

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Mon, 26 Jul 2004 16:22:01 -0500
From: Branden Robinson <email address hidden>
To: <email address hidden>, <email address hidden>
Cc: <email address hidden>,
 <email address hidden>
Subject: Re: Bug#250655: xterm: crashes on paste from abiword

--tAmVnWIZ6lqEAvSf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

reassign 250655 libx11-6
retitle 250655 libx11-6: SEGV in _XTextPropertyToTextList() causes apps to =
crash
# This bug potentially affects many, many X clients. I also think it's a
# regression from woody.
severity 250655 serious
tag 250655 - help

On Sat, Jul 17, 2004 at 02:07:38PM -0400, Thomas Dickey wrote:
> On Sun, Jun 13, 2004 at 11:29:11PM -0500, Branden Robinson wrote:
> > On Thu, Jun 10, 2004 at 06:17:50PM -0400, Thomas Dickey wrote:
> > > As far as I can determine, the bug is in the X libraries. Running ag=
ainst
> > > the XFree86 4.3.0 build tree, I can reproduce the bug. Running again=
st
> > > XFree86 4.4.0 I cannot reproduce the bug. This is independent of the
> > > version of xterm, and since it appears to have been fixed in the later
> > > X libraries indicates to me that it should be reassigned to libxt6.
> >=20
> > Are you reasonably confident that it's Xt that has been fixed upstream
> > or is that just a guess? I.e., could it be Xlib insteaad? Which way
> > would you bet?
>=20
> I narrowed it down by test-builds to the end of May 2003. There's a
> changelog entry which at that point stood out, and applying the fix to
> my build tree seems to fix the bug we're discussing. Here's the URL:
>=20
> http://bugs.xfree86.org/show_bug.cgi?id=3D315
>=20
> (it's a file in Xlib)

Thanks, Thomas!

Reassigning and updating this bug accordingly.

Bug submitters: assuming our diagnosis is correct, you can expect this bug
to be fixed in the next Debian package release of XFree86.

--=20
G. Branden Robinson | It is the responsibility of
Debian GNU/Linux | intellectuals to tell the truth and
<email address hidden> | expose lies.
http://people.debian.org/~branden/ | -- Noam Chomsky

--tAmVnWIZ6lqEAvSf
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iEYEARECAAYFAkEFdfkACgkQ6kxmHytGonwmtACfSEkgr1/q2elS4vsaCUcqX17+
fGoAoKO7eYIBUUM2CwAxBRV3svFcbVzj
=3lxf
-----END PGP SIGNATURE-----

--tAmVnWIZ6lqEAvSf--

Revision history for this message
Debian Bug Importer (debzilla) wrote :

*** Bug 7171 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Branden Robinson (branden) wrote : tagging 250655

# Automatically generated email from bts, devscripts version 2.7.95.1
 # fixed in Debian X Strike Force XFree86 repository; to view, run "svn diff -r 1706:1707 svn://necrotic.deadbeast.net/xfree86"
tags 250655 + pending

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Thu, 29 Jul 2004 15:30:40 -0500
From: Branden Robinson <email address hidden>
To: <email address hidden>
Subject: tagging 250655

# Automatically generated email from bts, devscripts version 2.7.95.1
 # fixed in Debian X Strike Force XFree86 repository; to view, run "svn diff -r 1706:1707 svn://necrotic.deadbeast.net/xfree86"
tags 250655 + pending

Revision history for this message
Fabio Massimo Di Nitto (fabbione) wrote :

Fixed with 4.3.0.dfsg.1-6ubuntu1 upload.

Revision history for this message
In , Branden Robinson (branden) wrote : Re: Bug#266684: xterm: Segmentation fault on start
Download full text (4.7 KiB)

reassign 266684 libx11-6
severity 266684 serious
merge 250655 266684
thanks

On Wed, Aug 18, 2004 at 08:42:01PM +0300, Anton wrote:
> Package: xterm
>
> xterm crashes on start in XtToolkitThreadInitialize () from
> /usr/X11R6/lib/libXt.so.6
>
> I am using debian sarge installed from debian-installer-rc1

This was already filed as #250655. If it had not already been filed,
however, your report would not have included enough information for us to
handle it well.

[The following is a form letter.]

Hello,

You recently filed a duplicate bug report against a Debian package; that
is, the problem had already been reported.

While there is often nothing inherently wrong with doing so, the filing of
duplicate reports can cause Debian package maintainers to spend time
performing triage and maintenance operations on bug reports (e.g.,
instructing the Debian Bug Tracking System to merge the duplicates) that
could otherwise be spent resolving problems and doing other work on the
package.

One very good way to file bugs with the Debian Bug Tracking System is to
use the "reportbug" package and command of the same name. A very nice
feature of reportbug is that, if the machine where you run it has network
access to the World Wide Web, it can query the Debian Bug Tracking System
and show you existing reports. This reduces the chance that you'll file a
duplicate report, and offers you the option of adding follow-up information
to an existing bug report. This is especially valuable if you have unique
information to add to an existing report, because this way information
relevant to the problem is gathered together in one place as opposed to
being scattered among multiple, duplicate bug reports where some facts may
be overlooked by the package maintainers. The reportbug program also does
a lot of automatic information-gathering that helps package maintainers to
understand your system configuration, and also ensures that your message to
the Debian Bug Tracking System is well-formed so that it is processed
correctly by the automated tools that manage the reports. (If you've ever
gotten a "bounce" message from the Debian Bug Tracking System that tells
you your message couldn't be processed, you might appreciate this latter
feature.)

Therefore, I strongly urge you to give "reportbug" a try as your primary
bug reporting tool for the Debian System. (If you already do use
"reportbug", please see below.)

One way to install reportbug is with "apt-get"; for
example:

  # apt-get install reportbug

The "reportbug" command has a few different modes that cater to different
levels of user expertise. If this message has contained a lot of jargon
that is unfamiliar to you, you likely want to use reportbug's "novice"
mode; here's one way to do that.

  $ reportbug --mode=novice
  Please enter the name of the package in which you have found a problem,
  or type 'other' to report a more general problem.
  >

If you're more sophisticated, or if you are not using the released version
of Debian ("stable"), but instead Debian "testing" or "unstable", you
should use reportbug's standard mode.

  $ reportbug
  Please enter the name of the package in which you have found a p...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.5 KiB)

Message-ID: <email address hidden>
Date: Sat, 21 Aug 2004 21:02:55 -0500
From: Branden Robinson <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: Bug#266684: xterm: Segmentation fault on start

--F4Dl6XKrV7PH8SJF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

reassign 266684 libx11-6
severity 266684 serious
merge 250655 266684
thanks

On Wed, Aug 18, 2004 at 08:42:01PM +0300, Anton wrote:
> Package: xterm
>=20
> xterm crashes on start in XtToolkitThreadInitialize () from=20
> /usr/X11R6/lib/libXt.so.6
>=20
> I am using debian sarge installed from debian-installer-rc1

This was already filed as #250655. If it had not already been filed,
however, your report would not have included enough information for us to
handle it well.

[The following is a form letter.]

Hello,

You recently filed a duplicate bug report against a Debian package; that
is, the problem had already been reported.

While there is often nothing inherently wrong with doing so, the filing of
duplicate reports can cause Debian package maintainers to spend time
performing triage and maintenance operations on bug reports (e.g.,
instructing the Debian Bug Tracking System to merge the duplicates) that
could otherwise be spent resolving problems and doing other work on the
package.

One very good way to file bugs with the Debian Bug Tracking System is to
use the "reportbug" package and command of the same name. A very nice
feature of reportbug is that, if the machine where you run it has network
access to the World Wide Web, it can query the Debian Bug Tracking System
and show you existing reports. This reduces the chance that you'll file a
duplicate report, and offers you the option of adding follow-up information
to an existing bug report. This is especially valuable if you have unique
information to add to an existing report, because this way information
relevant to the problem is gathered together in one place as opposed to
being scattered among multiple, duplicate bug reports where some facts may
be overlooked by the package maintainers. The reportbug program also does
a lot of automatic information-gathering that helps package maintainers to
understand your system configuration, and also ensures that your message to
the Debian Bug Tracking System is well-formed so that it is processed
correctly by the automated tools that manage the reports. (If you've ever
gotten a "bounce" message from the Debian Bug Tracking System that tells
you your message couldn't be processed, you might appreciate this latter
feature.)

Therefore, I strongly urge you to give "reportbug" a try as your primary
bug reporting tool for the Debian System. (If you already do use
"reportbug", please see below.)

One way to install reportbug is with "apt-get"; for
example:

  # apt-get install reportbug

The "reportbug" command has a few different modes that cater to different
levels of user expertise. If this message has contained a lot of jargon
that is unfamiliar to you, you likely want to use reportbug's "novice"
mode; here's one way to do that.

  $ reportbug --mo...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :

*** Bug 7552 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Fabio Massimo Di Nitto (fabbione) wrote : Bug#250655: fixed in xfree86 4.3.0.dfsg.1-7
Download full text (53.1 KiB)

Source: xfree86
Source-Version: 4.3.0.dfsg.1-7

We believe that the bug you reported is fixed in the latest version of
xfree86, which is due to be installed in the Debian FTP archive:

lbxproxy_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-7_i386.deb
libdps-dev_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-7_i386.deb
libdps1-dbg_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-7_i386.deb
libdps1_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libdps1_4.3.0.dfsg.1-7_i386.deb
libice-dev_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libice-dev_4.3.0.dfsg.1-7_i386.deb
libice6-dbg_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-7_i386.deb
libice6_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libice6_4.3.0.dfsg.1-7_i386.deb
libsm-dev_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-7_i386.deb
libsm6-dbg_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-7_i386.deb
libsm6_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libsm6_4.3.0.dfsg.1-7_i386.deb
libx11-6-dbg_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-7_i386.deb
libx11-6_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libx11-6_4.3.0.dfsg.1-7_i386.deb
libx11-dev_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-7_i386.deb
libxaw6-dbg_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-7_i386.deb
libxaw6-dev_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-7_i386.deb
libxaw6_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxaw6_4.3.0.dfsg.1-7_i386.deb
libxaw7-dbg_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-7_i386.deb
libxaw7-dev_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-7_i386.deb
libxaw7_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxaw7_4.3.0.dfsg.1-7_i386.deb
libxext-dev_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-7_i386.deb
libxext6-dbg_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-7_i386.deb
libxext6_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxext6_4.3.0.dfsg.1-7_i386.deb
libxft1-dbg_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-7_i386.deb
libxft1_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxft1_4.3.0.dfsg.1-7_i386.deb
libxi-dev_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-7_i386.deb
libxi6-dbg_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-7_i386.deb
libxi6_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxi6_4.3.0.dfsg.1-7_i386.deb
libxmu-dev_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-7_i386.deb
libxmu6-dbg_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-7_i386.deb
libxmu6_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxmu6_4.3.0.dfsg.1-7_i386.deb
libxmuu-dev_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-7_i386.deb
libxmuu1-dbg_4.3.0.dfsg.1-7_i386.deb
  to pool/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-7_i386.deb
libxmuu1_4....

Changed in libx11:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.