find /replace caused xnedit crash
Modernized fork of NEdit, with unicode support and AA text rendering
Brought to you by:
pyrphoros
Menu
▾
▴
#45 find /replace caused xnedit crash
To repeat the issue:
1) Duplicate the following line 106,767 times to create a large text file:
" 0 88 -84.986877 -39.104391 86.111804 230.788086"
2) Open the file using xnedit and press Ctrl+R to open the find-and-replace dialog. Set the Find field to three spaces: " ". Set the Replace field to two spaces: " ". Check the "Keep dialog" option.
3) Click "Replace All" repeatedly until xnedit crashes.
I am using the latest code downloaded from github. Please let me know if you need more information.
I found the example line lost its format after I submitted the ticket. So please add some more blanks between those numbers.
So far I had no luck reproducing this issue. Maybe you can attach a (partial) txt file with the correct formating.
Never mind, I can actually edit your post and see the correct format.
However I still can't reproduce the crash.
Last edit: Pyrphoros 2025-05-02
I am very sorry that today I couldn't reproduce the crash either, even with original text file I used yesterday. I could reproduce it yesterday.
What I did after submitting the report was just a reboot of my system (Fedora 42 on VMWare workstation).
So please discard this bug report and sorry again for wasting your time.
No problem at all, thank you for reporting it in the first place. Please don’t hesitate to reach out again if you encounter any bugs or unexpected behavior.
Please try this. I could repeat it even after a system reboot. if you still cannot reproduce it, just stop.
Last edit: SweetTyler 2025-05-02
this file is not what I used yesterday - the size and lines are doubled. BTW when I compiled the source code I use the flag "-DREPLACE_SCOPE".
I recompiled the source with "-g" and ran xnedit under "gdb" and I got
Program received signal SIGSEGV, Segmentation fault.
0x00000000004929a8 in searchBackward (buf=0x9fbfe0, startPos=11822547, searchChar=10 '\n',
foundPos=0x7fffffff889c) at textBuf.c:2830
2830 if (buf->buf[pos + gapLen] == searchChar) {
Just wondering if you’ve had a chance to try reproducing it with the text file I provided, or if there’s anything else I can share to help.
Totally understand if you're busy—just wanted to make sure it didn’t get lost in the shuffle.
No it didn't get lost, but I'm not sure when I have time for it. Maybe in a few weeks.
I looked a bit into this, but I wasn't able to reproduce it yet. The error is probably not in searchBackward (textBuf.c:2830), it looks like the internal text buffer is in a corrupt state at this point.
Thanks for the reply. Please let me know if you need any more info.
Can you add
-fsanitize=addressto the CFLAGS/LDFLAGS and test again?Hi, I added "-fsanitize=address" to CLAGS in makefiles/Makefile.linux:
CFLAGS=$(C_OPT_FLAGS) -std=gnu99 -fsanitize=address -I/usr/X11R6/include -I/usr/include/X11 -DUSE_LPR_PRINT_CMD $(shell pkg-config --cflags xft fontconfig)
However, I cannot compile the source code successfully- there are many errors like:
Indirect leak of 448 byte(s) in 14 object(s) allocated from:
........
OK. with many errors I have the executable, run it and load that large text file I have:
=================================================================
==4985==ERROR: AddressSanitizer: heap-use-after-free on address 0x7be29849d0da at pc 0x000000503959 bp 0x7ffdc816a490 sp 0x7ffdc816a488
READ of size 1 at 0x7be29849d0da thread T0
#0 0x000000503958 in BufStartOfLine (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x503958) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#1 0x0000004f637f in bufModifiedCB (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x4f637f) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#2 0x0000004fc7a1 in callModifyCBs (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x4fc7a1) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#3 0x0000004ff229 in BufReplace (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x4ff229) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#4 0x000000465a37 in ReplaceAll (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x465a37) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#5 0x000000415939 in replaceAllAP (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x415939) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#6 0x7fe2aba88657 in XtCallActionProc (/lib64/libXt.so.6+0x31657) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#7 0x00000044c7b8 in replaceAllCB (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x44c7b8) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#8 0x7fe2aae7a426 in ActivateCommon.isra.0 (/lib64/libXm.so.4+0x7a426) (BuildId: 239d436c41b424e7f02a8037952ecaa86dc3d486)
#9 0x7fe2aba9744e in HandleActions (/lib64/libXt.so.6+0x4044e) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#10 0x7fe2aba97d9e in _XtTranslateEvent (/lib64/libXt.so.6+0x40d9e) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#11 0x7fe2aba6c9f2 in XtDispatchEventToWidget (/lib64/libXt.so.6+0x159f2) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#12 0x7fe2aba764b4 in _XtDefaultDispatcher (/lib64/libXt.so.6+0x1f4b4) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#13 0x7fe2aba6df58 in XtDispatchEvent (/lib64/libXt.so.6+0x16f58) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#14 0x7fe2aba7a7d4 in XtAppProcessEvent (/lib64/libXt.so.6+0x237d4) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#15 0x7fe2aba6e7fc in XtAppMainLoop (/lib64/libXt.so.6+0x177fc) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#16 0x0000004059bc in main (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x4059bc) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#17 0x7fe2aaaf55f4 in __libc_start_call_main (/lib64/libc.so.6+0x35f4) (BuildId: 2b3c02fe7e4d3811767175b6f323692a10a4e116)
#18 0x7fe2aaaf56a7 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x36a7) (BuildId: 2b3c02fe7e4d3811767175b6f323692a10a4e116)
#19 0x0000004025e4 in _start (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x4025e4) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
0x7be29849d0da is located 55514 bytes inside of 14088477-byte region [0x7be29848f800,0x7be2991ff11d)
freed by thread T0 here:
#0 0x7fe2ab2e5bcb in free.part.0 (/lib64/libasan.so.8+0xe5bcb) (BuildId: 7f1aa7e2e600e8c9d54ce6e3d36f3d31bfe7949a)
#1 0x000000578b6c in NEditFree (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x578b6c) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
previously allocated by thread T0 here:
#0 0x7fe2ab2e6f0b in malloc (/lib64/libasan.so.8+0xe6f0b) (BuildId: 7f1aa7e2e600e8c9d54ce6e3d36f3d31bfe7949a)
#1 0x000000408dff in GetFileContent (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x408dff) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
SUMMARY: AddressSanitizer: heap-use-after-free (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x503958) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254) in BufStartOfLine
Shadow bytes around the buggy address:
0x7be29849ce00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be29849ce80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be29849cf00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be29849cf80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be29849d000: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x7be29849d080: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd
0x7be29849d100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be29849d180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be29849d200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be29849d280: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be29849d300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==4985==ABORTING
Thanks, can you set the this environment variable and try again?
export ASAN_OPTIONS=verbosity=1:malloc_context_size=30xxxxxxx@fedora:~/workspace/temp$ export ASAN_OPTIONS=verbosity=1:malloc_context_size=30
xxxxxxx@fedora:~/workspace/temp$ ~/Downloads/xnedit-master/source/xnedit aa
==5342==AddressSanitizer: failed to intercept 'strcmp'
==5342==AddressSanitizer: failed to intercept 'strcasecmp'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept '__isoc99_printf'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept '__isoc99_sprintf'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept '__isoc99_snprintf'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept '__isoc99_fprintf'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept '__isoc99_vprintf'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept '__isoc99_vsprintf'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept '__isoc99_vsnprintf'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept '__isoc99_vfprintf'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept '__b64_ntop'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept '__b64_pton'
==5342==Registered root region at 0x7fe227001310 of size 80
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227001310 of size 80
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'pthread_mutexattr_getrobust_np'
==5342==AddressSanitizer: failed to intercept 'iconv'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdrmem_create'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdrstdio_create'
==5342==Registered root region at 0x7fe226e00b70 of size 48
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe226e00b70 of size 48
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_short'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_u_short'
==5342==Registered root region at 0x7fe226e00b70 of size 48
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe226e00b70 of size 48
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_int'
==5342==Registered root region at 0x7fe226e00b70 of size 48
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe226e00b70 of size 48
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_u_int'
==5342==Registered root region at 0x7fe226e00b70 of size 48
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe226e00b70 of size 48
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_long'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_u_long'
==5342==Registered root region at 0x7fe226e00b70 of size 48
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe226e00b70 of size 48
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_hyper'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_u_hyper'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_longlong_t'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_u_longlong_t'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_int8_t'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_uint8_t'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_int16_t'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_uint16_t'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_int32_t'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_uint32_t'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_int64_t'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_uint64_t'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_quad_t'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_u_quad_t'
==5342==Registered root region at 0x7fe226e00b70 of size 48
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe226e00b70 of size 48
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_bool'
==5342==Registered root region at 0x7fe226e00b70 of size 48
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe226e00b70 of size 48
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_enum'
==5342==Registered root region at 0x7fe226e00b70 of size 48
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe226e00b70 of size 48
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_char'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_u_char'
==5342==Registered root region at 0x7fe226e00b70 of size 48
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe226e00b70 of size 48
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_float'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_double'
==5342==Registered root region at 0x7fe226e00b70 of size 48
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe226e00b70 of size 48
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_bytes'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_string'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdrrec_create'
==5342==Registered root region at 0x7fe227600f40 of size 64
==5342==Registered root region at 0x7fe2272007a0 of size 32
==5342==Unregistered root region at 0x7fe227600f40 of size 64
==5342==Unregistered root region at 0x7fe2272007a0 of size 32
==5342==AddressSanitizer: failed to intercept 'xdr_destroy'
==5342==AddressSanitizer: libc interceptors initialized
||
[0x10007fff8000, 0x7fffffffffff]|| HighMem ||||
[0x02008fff7000, 0x10007fff7fff]|| HighShadow ||||
[0x00008fff7000, 0x02008fff6fff]|| ShadowGap ||||
[0x00007fff8000, 0x00008fff6fff]|| LowShadow ||||
[0x000000000000, 0x00007fff7fff]|| LowMem ||MemToShadow(shadow): 0x00008fff7000 0x000091ff6dff 0x004091ff6e00 0x02008fff6fff
redzone=16
max_redzone=2048
quarantine_size_mb=256M
thread_local_quarantine_size_kb=1024K
malloc_context_size=30
SHADOW_SCALE: 3
SHADOW_GRANULARITY: 8
SHADOW_OFFSET: 0x00007fff8000
==5342==Installed the sigaction for signal 11
==5342==Installed the sigaction for signal 7
==5342==Installed the sigaction for signal 8
==5342==T0: FakeStack created: 0x7be2258f7000 -- 0x7be226400000 stack_size_log: 20; mmapped 11300K, noreserve=0
==5342==T0: stack [0x7ffcbaa6f000,0x7ffcbb26f000) size 0x800000; local=0x7ffcbb26cbcc
==5342==AddressSanitizer Init done
==5342==unpoisoning: 0x7be226105180 1000
==5342==poisoning: 0x7be226105180 1000
==5342==unpoisoning: 0x7be226105180 1000
==5342==poisoning: 0x7be226105180 1000
==5342==unpoisoning: 0x7be226105180 1000
==5342==poisoning: 0x7be226105180 1000
==5342==unpoisoning: 0x7be226105180 1000
==5342==poisoning: 0x7be226105180 1000
==5342==unpoisoning: 0x7be226105180 1000
==5342==poisoning: 0x7be226105180 1000
==5342==unpoisoning: 0x7be226105180 1000
==5342==poisoning: 0x7be226105180 1000
==5342==unpoisoning: 0x7be226105180 1000
==5342==poisoning: 0x7be226105180 1000
==5342==unpoisoning: 0x7be226105180 1000
==5342==poisoning: 0x7be226105180 1000
==5342==unpoisoning: 0x7be226105180 1000
==5342==poisoning: 0x7be226105180 1000
==5342==unpoisoning: 0x7be226105180 1000
==5342==poisoning: 0x7be226105180 1000
=================================================================
==5342==ERROR: AddressSanitizer: heap-use-after-free on address 0x7be215e9d0da at pc 0x000000503959 bp 0x7ffcbb266e30 sp 0x7ffcbb266e28
READ of size 1 at 0x7be215e9d0da thread T0
#0 0x000000503958 in BufStartOfLine (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x503958) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#1 0x0000004f637f in bufModifiedCB (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x4f637f) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#2 0x0000004fc7a1 in callModifyCBs (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x4fc7a1) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#3 0x0000004ff229 in BufReplace (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x4ff229) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#4 0x000000465a37 in ReplaceAll (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x465a37) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#5 0x000000415939 in replaceAllAP (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x415939) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#6 0x7fe229555657 in XtCallActionProc (/lib64/libXt.so.6+0x31657) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#7 0x00000044c7b8 in replaceAllCB (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x44c7b8) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#8 0x7fe228a7a426 in ActivateCommon.isra.0 (/lib64/libXm.so.4+0x7a426) (BuildId: 239d436c41b424e7f02a8037952ecaa86dc3d486)
#9 0x7fe22956444e in HandleActions (/lib64/libXt.so.6+0x4044e) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#10 0x7fe229564d9e in _XtTranslateEvent (/lib64/libXt.so.6+0x40d9e) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#11 0x7fe2295399f2 in XtDispatchEventToWidget (/lib64/libXt.so.6+0x159f2) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#12 0x7fe2295434b4 in _XtDefaultDispatcher (/lib64/libXt.so.6+0x1f4b4) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#13 0x7fe22953af58 in XtDispatchEvent (/lib64/libXt.so.6+0x16f58) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#14 0x7fe2295477d4 in XtAppProcessEvent (/lib64/libXt.so.6+0x237d4) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#15 0x7fe22953b7fc in XtAppMainLoop (/lib64/libXt.so.6+0x177fc) (BuildId: 7280a9b4b3ebc5c8e1adbc5dcddb36b0f4077b76)
#16 0x0000004059bc in main (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x4059bc) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
#17 0x7fe2285af5f4 in __libc_start_call_main (/lib64/libc.so.6+0x35f4) (BuildId: 2b3c02fe7e4d3811767175b6f323692a10a4e116)
#18 0x7fe2285af6a7 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x36a7) (BuildId: 2b3c02fe7e4d3811767175b6f323692a10a4e116)
#19 0x0000004025e4 in _start (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x4025e4) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
0x7be215e9d0da is located 55514 bytes inside of 14088477-byte region [0x7be215e8f800,0x7be216bff11d)
freed by thread T0 here:
#0 0x7fe228ee5bcb in free.part.0 (/lib64/libasan.so.8+0xe5bcb) (BuildId: 7f1aa7e2e600e8c9d54ce6e3d36f3d31bfe7949a)
#1 0x000000578b6c in NEditFree (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x578b6c) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
previously allocated by thread T0 here:
#0 0x7fe228ee6f0b in malloc (/lib64/libasan.so.8+0xe6f0b) (BuildId: 7f1aa7e2e600e8c9d54ce6e3d36f3d31bfe7949a)
#1 0x000000408dff in GetFileContent (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x408dff) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254)
SUMMARY: AddressSanitizer: heap-use-after-free (/home/xxxxxxx/Downloads/xnedit-master/source/xnedit+0x503958) (BuildId: 657c97aa2c67d48f45d92f272fe9fb8e5125a254) in BufStartOfLine
Shadow bytes around the buggy address:
0x7be215e9ce00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be215e9ce80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be215e9cf00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be215e9cf80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be215e9d000: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x7be215e9d080: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd
0x7be215e9d100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be215e9d180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be215e9d200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be215e9d280: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x7be215e9d300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==5342==ABORTING
Please don't hesitate to let me know if you need any further information or tests.
Can you replace source/textBuf.c with the attached file? It prints some debug infos on stdout. Also you can remove the
-fsanitize=addressoption.Here is the output:
BufReplace(0x7fdc35bf5010, 0, 14088466, 0x3aa0fd30)
BufReplace(0x7fdc35bf5010, 0, 12955507, 0x3aa0fd30)
BufReplace(0x7fdc35bf5010, 3, 11810191, 0x3aa0fd30)
Segmentation fault (core dumped)
where I downloaded the latest source code, and replaced textBuf.c with the attached one. I didn't modified any setting in the makefile.
Let me know if you need me try anything else.
Does this happen after the third "Replace All" or did you try a fourth replace?
Yes, "Segmentation fault" happened after the third "Replace All in:" "Window".
I used the default "Find/Replace" dialog layout.
It appears that enabling the nedit.highlightCursorLine: True setting may be responsible for the crash. Below are the steps I followed to reproduce the issue:
xnedit aa
where aa is a large text file (mentioned previously).
Set the Find field to three spaces: " "
Set the Replace field to two spaces: " "
Checked the Keep Dialog option.
nedit.highlightCursorLine: False → nedit.highlightCursorLine: True
Last edit: SweetTyler 2025-07-03
I just found I don't have to modify "nedit.rc" - "highlightCursorLine" setting can be enabled/disabled in "Preferences" menu.