sigsev (signal 11) on multiple versions

Help
2007-01-10
2013-05-23
  • Richard Narron
    Richard Narron
    2007-01-10

    I view a 3500 line C program read only and can make THE 3.2 and  THE 3.3B1 crash every time just by using the pageup or pagedown keys.

    THE seems to crash when I hit either the top of the file or the bottom of the file while holding down either the pageup or pagedown keys.

    THE 3.1 seems immune to this problem and so I have reverted to this version for now.

    I notice that THE 3.1 defaults to "pagewrap on" and thought that setting "pagewrap off" might create the bug...but it did not.  THE 3.1 appears to be bulletproof.

    ---------------------------------------------------------------------------------------
    I am running Slackware 11.0 kernel 2.6.17.13

    Here is my regina version: REXX-Regina_3.3 5.00 25 Apr 2004
    (I have statically linked the rexx executable)

    Here is how I build THE for all versions:

    ./configure --prefix=/usr/local --with-rexx=regina
    make
    make install

    Here is my .therc file:

    /***************************************************************/
    /* THE startup profile                                         */
    /***************************************************************/
    /* set the look (the), the feel (the), and the pfkeys (kedit) */
      'set compat the the kedit'

    /* look of screen */
      'set statusline top'
      'set cmdline top'
      'set msgline on 3 5 overlay'
      'set curline on M'
      'set scale   on M+1'

    /* assume commands on command line are macros */
      'set impmacro on'

    /* set up/down arrows to tab, not retrieve history */
      'set cmdarrows tab'

    /* change keys from kedit definitions */
      'define END sos startendchar'
      'define F12 cursor prefix'   /* like THE pfkey */

     
    • Richard Narron
      Richard Narron
      2007-01-10

      I don't think the problem is related to the Linux kernel...

      I can also recreate the bug on Slackware 11.0 using the 2.4.33.3 kernel...

       
    • Richard Narron
      Richard Narron
      2007-01-10

      The program will fail even if I don't reach the top or the bottom of the file.  It seems
      to be dependant on how long I press either the pageup or pagedown keys....

      Maybe this is some kind of race condition problem?

      Here is the output of gdb for 3.3B1 when it fails:

      Program received signal SIGSEV, Segmentation fault.
      [Switching to Thread - 1211523200 (LWP 15412)]
      0xb7cff04f in memset () from /lib/tls/libc.so.6
      (gdb)bt
      #0  0xb7cff04f in memset () from /lib/tls/libc.so.6
      #1  0x08084fe7 in parse_paired_comments()
      #2  0x00000000 in ?? ()
      (gdb)

      The gdb debugger and THE 3.3B1 stopped on this line in the C program:

          /* Check authorization for this directory. */

      Maybe this bug is related to processing comments in C programs?

       
      • Richard Narron
        Richard Narron
        2007-01-10

        I did an nm of my THE 3.3B1 and found that the address of

        parse_paired_comments is x'08084ae0'

        So the offset of the sigsegv is: x'507'   (x'08084fe7' - x'08084ae0')

        After doing a re-compile of parser.c with assembly listings:
        $(CC) -c -g -Wa,-a,-ad  $(CCFLAGS) -o parser.o $(srcdir)/parser.c >parser.lst

        I see that the memset() that fails in parse_paired_commends() is the last one at line
        845:

        841             /*  
        842              * Set the remainder of the line to COMMENT for QUERY SYNELEM
        843              */
        844             j = start_line_comment - vcol; /* This is the location of the start of the comment */
        845             memset( scurr->highlight_type+j, THE_SYNTAX_COMMENT, THE_MAX_SCREEN_WIDTH - j );
        846             comment_start_pos = -1;
        847             type = 0;
        848          }
        849       }
        850    }
        851    TRACE_RETURN();
        852    return RC_OK;
        853 }

         
        • Richard Narron
          Richard Narron
          2007-01-10

          It appears that the problem of the memset() at line 845 is in the first argument:

          scurr->highlight_type+j

          And variable j looks suspect.

          I seem to have "fixed" the problem by bracketing the memset() with an if statement that tests j and makes sure it is a "sane" value:

          845             if (j >=0 && j <= THE_MAX_SCREEN_WIDTH)
          846               memset( scurr->highlight_type+j, THE_SYNTAX_COMMENT,
                                     THE_MAX_SCREEN_WIDTH - j );

          This fixes the problem for the time being, but may not be the best solution...