Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Jan 2016 15:16:03 +0200
From:      Andriy Gapon <avg@FreeBSD.org>
To:        FreeBSD Current <freebsd-current@FreeBSD.org>
Subject:   Re: environment corrupt; missing value for QT_IM_MO
Message-ID:  <569E3713.1060601@FreeBSD.org>
In-Reply-To: <568B84DC.7080705@FreeBSD.org>
References:  <5514E5B0.1030509@rawbw.com> <568B8291.50700@FreeBSD.org> <568B84DC.7080705@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 05/01/2016 10:54, Andriy Gapon wrote:
> On 05/01/2016 10:45, Andriy Gapon wrote:
>>
>> Very weird, this suddenly started happening to me but with libreoffice.  I can
>> not correlate the problem with any actions /  events.
>>
>> stderr:
>> soffice.bin: environment corrupt; missing value for QT_IM_MO
>>
>> gdb:
>> Core was generated by `soffice.bin'.
>> Program terminated with signal SIGABRT, Aborted.
>> #0  thr_kill () at thr_kill.S:3
>> 3       RSYSCALL(thr_kill)
>> [Current thread is 2 (Thread 816615000 (LWP 102134))]
>> (gdb) bt
>> #0  thr_kill () at thr_kill.S:3
>> #1  0x0000000800dc5ddb in __raise (s=6) at /usr/src/lib/libc/gen/raise.c:52
>> #2  0x0000000800dc5d49 in abort () at /usr/src/lib/libc/stdlib/abort.c:65
>> #3  0x0000000805231318 in tools::extendApplicationEnvironment() () from
>> /usr/local/lib/libreoffice/program/libtllo.so
>>
>> Smells like a possible bug in libc...
> 
> Is there a limit on the environment's size?
> QT_IM_MODULE is reported by ps as the last variable.

I have taken another look at the problem and I've discovered that the affected
variable is corrupted in a peculiar way:
(kgdb) p environ[61]
$23 = 0x7fffffffef45 "QT_IM_MO"
(kgdb) x/s 0x7fffffffef45
0x7fffffffef45: "QT_IM_MO"
(kgdb) x/s 0x7fffffffef4d
0x7fffffffef4d: ""
(kgdb) x/s 0x7fffffffef4e
0x7fffffffef4e: ""
(kgdb) x/s 0x7fffffffef4f
0x7fffffffef4f: ""
(kgdb) x/s 0x7fffffffef50
0x7fffffffef50: ""
(kgdb) x/s 0x7fffffffef51
0x7fffffffef51: "=xim"
(kgdb) p environ[62]
$42 = 0x0

So, it's "QT_IM_MODULE=xim" with 4 bytes (corresponding to "DULE") replaced with
zeroes.  This is 100% reproducible in my current environment, so it could be a
deterministic write to a wrong offset.


-- 
Andriy Gapon

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?569E3713.1060601>