I have a small utility application written using Scala and Scala-Swing
on the Java VM (Java 1.6.0_30). Every time I run this app,
openbox crashes. The app simply opens a new Frame and displays some
Swing components in it. Same occurs with Java 1.7.0.
If I restart openbox, it decorates the window correctly.
I've attached the Scala source ; save it as crash/openbox/CrashOpenbox.scala
to test, download/install the Scala/Typesafe bundle from www.typesafe.com
and add the scala/bin dir to PATH
mkdir bin
scalac -d bin crash/openbox/CrashOpenbox.scala
scala -classpath bin crash.openbox.CrashOpenbox
Created attachment 3077[details]
patch for client.c
I built from source and ran in gdb and reproduced the crash;
openbox was getting a SIGSEGV
Starting program: /r/bb02na1a/vol/sasusr/u/sasdjb/linux/src/openbox-3.5.0/openbox/.libs/lt-openbox --replace
[Thread debugging using libthread_db enabled]
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5ea2721 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) where
#0 0x00007ffff5ea2721 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x0000000000416c6d in client_get_settings_state (self=0x6b13e0) at openbox/client.c:888
#2 0x000000000041c45b in client_fake_manage (window=52428807) at openbox/client.c:520
#3 0x000000000042745b in event_process (ec=<optimized out>, data=<optimized out>)
at openbox/event.c:653
#4 0x00007ffff63e7081 in event_read (source=<optimized out>, callback=<optimized out>,
data=<optimized out>) at obt/xqueue.c:338
#5 0x00007ffff750ba5d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#6 0x00007ffff750c258 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#7 0x00007ffff750c792 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#8 0x000000000040e93f in main (argc=1, argv=0x7fffffffd7c8) at openbox/openbox.c:378
The code at that point in client.c does not check for self->role being null.
Inspection also shows that the same error may occur in previous lines
if self->class or self->role is null; my case did not hit those and I
don't know if they can every be null, but I added checks for those
values being NULL in the patch as well.
Looks like a dup of 5277
However, verify that the other code paths in my patch are correct;
the fix for 5277 may not catch all NULL pointer dereferences.
*** This bug has been marked as a duplicate of bug 5277 ***
Created attachment 3077 [details] patch for client.c I built from source and ran in gdb and reproduced the crash; openbox was getting a SIGSEGV Starting program: /r/bb02na1a/vol/sasusr/u/sasdjb/linux/src/openbox-3.5.0/openbox/.libs/lt-openbox --replace [Thread debugging using libthread_db enabled] Program received signal SIGSEGV, Segmentation fault. 0x00007ffff5ea2721 in ?? () from /lib/x86_64-linux-gnu/libc.so.6 (gdb) where #0 0x00007ffff5ea2721 in ?? () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x0000000000416c6d in client_get_settings_state (self=0x6b13e0) at openbox/client.c:888 #2 0x000000000041c45b in client_fake_manage (window=52428807) at openbox/client.c:520 #3 0x000000000042745b in event_process (ec=<optimized out>, data=<optimized out>) at openbox/event.c:653 #4 0x00007ffff63e7081 in event_read (source=<optimized out>, callback=<optimized out>, data=<optimized out>) at obt/xqueue.c:338 #5 0x00007ffff750ba5d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #6 0x00007ffff750c258 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #7 0x00007ffff750c792 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #8 0x000000000040e93f in main (argc=1, argv=0x7fffffffd7c8) at openbox/openbox.c:378 The code at that point in client.c does not check for self->role being null. Inspection also shows that the same error may occur in previous lines if self->class or self->role is null; my case did not hit those and I don't know if they can every be null, but I added checks for those values being NULL in the patch as well.