From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Mar 12 03:10:52 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02EFE16A408 for ; Sun, 12 Mar 2006 03:10:52 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 454F543D68 for ; Sun, 12 Mar 2006 03:10:26 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2C3AQwO053811 for ; Sun, 12 Mar 2006 03:10:26 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2C3AQo2053810; Sun, 12 Mar 2006 03:10:26 GMT (envelope-from gnats) Resent-Date: Sun, 12 Mar 2006 03:10:26 GMT Resent-Message-Id: <200603120310.k2C3AQo2053810@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, David Wolfskill Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF57116A87B; Sun, 12 Mar 2006 03:01:42 +0000 (GMT) (envelope-from david@catwhisker.org) Received: from bunrab.catwhisker.org (adsl-63-193-123-122.dsl.snfc21.pacbell.net [63.193.123.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 600D445485; Sun, 12 Mar 2006 00:28:31 +0000 (GMT) (envelope-from david@catwhisker.org) Received: from bunrab.catwhisker.org (localhost [127.0.0.1]) by bunrab.catwhisker.org (8.13.3/8.13.3) with ESMTP id k2C0SUhO012784; Sat, 11 Mar 2006 16:28:30 -0800 (PST) (envelope-from david@bunrab.catwhisker.org) Received: (from david@localhost) by bunrab.catwhisker.org (8.13.3/8.13.1/Submit) id k2C0SU2S012783; Sat, 11 Mar 2006 16:28:30 -0800 (PST) (envelope-from david) Message-Id: <200603120028.k2C0SU2S012783@bunrab.catwhisker.org> Date: Sat, 11 Mar 2006 16:28:30 -0800 (PST) From: David Wolfskill To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: ports@FreeBSD.org Subject: ports/94378: piewm: (malloc) Corrupted redzone 1 byte after 0xa00cbe0 (size 41) (0x0) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: David Wolfskill List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Mar 2006 03:10:52 -0000 >Number: 94378 >Category: ports >Synopsis: piewm: (malloc) Corrupted redzone 1 byte after 0xa00cbe0 (size 41) (0x0) >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 12 03:10:25 GMT 2006 >Closed-Date: >Last-Modified: >Originator: David Wolfskill >Release: FreeBSD 7.0-CURRENT i386 >Organization: Wolfskill & Dowling Residence >Environment: System: FreeBSD g1-18.catwhisker.org. 7.0-CURRENT FreeBSD 7.0-CURRENT #18: Sat Mar 11 11:14:00 PST 2006 root@g1-18.catwhisker.org.:/common/S1/obj/usr/src/sys/LAPTOP_30W i386 Above is where the problem symptoms were noticed, thanks to jemalloc. I believe the problem has actually existed for a very long time. >Description: piewm uses m4 in parsing its configuration file. Before it does so, it creates a temporary file of definitions. It does this in the MkDef() function in parse.c. In creating the definition lines, it tries to only allocate as much memory as necessary. However, there is an off-by-one error; I believe that when the routine was coded the trailing NUL character for the strings in question was overlooked. (There is code to "pad" the allocation for known "extra" characters that will be needed. It's just a little smaller than it needs to be.) By default, FreeBSD 7-CURRENT (as of this time) has code enabled to identify "red zone corruption;" in this case, it's a matter of an attempt to write on storage that was not allocated. One symptom is the message: piewm: (malloc) Corrupted redzone 1 byte after 0xa00cbe0 (size 41) (0x0) Another is that the window manager is not, in fact, functional. It would be extremely cool if we could get this simple fix in before the ports tree is completely frozen for the 6.1 release. And my thanks to Jason for providing the hints for me to be able to finally(!) track this bug down and squash it. And I am presently using the patched version; it does work. >How-To-Repeat: Install ports/x11-wm/piewm, then run it. >Fix: --- parse.c.port Sat Mar 11 16:06:49 2006 +++ parse.c Sat Mar 11 16:08:22 2006 @@ -1389,7 +1389,7 @@ /* Code taken and munged from xrdb.c */ #define MAXHOSTNAME 255 #define Resolution(pixels, mm) ((((pixels) * 100000 / (mm)) + 50) / 100) -#define EXTRA 11 +#define EXTRA 12 static char * MkDef(char *name, const char *def) >Release-Note: >Audit-Trail: >Unformatted: