#70 Segfault in screen.c:scr_add_lines()

open
nobody
None
5
2004-11-08
2004-11-08
Anonymous
No

aterm: screen.c:872: scr_add_lines: Assertion
`screen.cur.row >= -TermWin.nscrolled' failed.

Program received signal SIGABRT, Aborted.
0x401461b1 in kill () from /lib/libc.so.6

Hi, I seem to have found a bug. Unfortunately I'm not
enough of a C programmer to fix it. You should be able
to reproduce the bug with any script that produces a
LOT of output in one go:

$ while [ i ]; do echo "something"; done;

The problem seems to be aterm-specific as I couldn't
reproduce the problem with rxvt.

I am on a vanilla Slackware 10 install (not that it
makes much difference).

Apologies if this has been reported before, I couldn't
see any patches anywhere.

cheers,
mark ( AT ) darklogik [ dot ] org

Discussion

  • Logged In: NO

    I think it's a simple integer overflow, TermWin.nscrolled is
    of type R_int16_t and the largest value that can be held in
    a signed 16 bit integer is 32767. A simple fix would be to
    either make TermWin.nscrolled into a signed 32bit integer
    (where the limit would become 2147483647) or just put a
    limit on the maximum value that can be entered via -sl or
    saveLines resources. Both combined would probably be the
    best choice, but I don't know as I have no idea what other
    code relies on the fact that nscrolled is 16bit. This is one
    for someone who knows the code inside out. :)

     
  • Logged In: NO

    $ diff -u src/rxvt.h.v0 src/rxvt.h
    <cut here>
    --- src/rxvt.h.v0 2001-09-06 17:38:07.000000000 +0100
    +++ src/rxvt.h 2004-11-08 14:45:32.000000000 +0000
    @@ -266,11 +266,11 @@
    ncol, nrow, /* window size [characters]
    */
    bcol, /* current number of columns
    in the buffer */
    min_bcol, /* minimum horizontal
    columns in the buffer */
    - focus, /* window has focus
    */
    - saveLines, /* number of lines that fit
    in scrollback */
    - borderWidth,/* number of pixels in
    window border */
    - nscrolled, /* number of line actually
    scrolled */
    - view_start; /* scrollback view starts
    here */
    + focus; /* window has focus
    */
    + R_int32_t saveLines; /* number of lines that fit
    in scrollback */
    + R_int16_t borderWidth; /* number of pixels in window
    border */
    + R_int32_t nscrolled; /* number of line actually
    scrolled */
    + R_int32_t view_start; /* scrollback view starts
    here */
    Window parent, vt; /* parent (main) and
    vt100 window */
    GC gc; /* GC for drawing
    text */
    XFontStruct *font; /* main font structure

    <cut here>

    This seems to fix it at the expense of a higher memory usage
    (huge scrollback buffer). This is mostly untested BTW, just
    gave it a quick go to see if it would crash or not (it didn't).

     
  • Logged In: NO

    Making it a 32 bit int just defers the problem, it does not
    fix it.