Seeing you wanted to ship this ... I need to recompile this with more aggressive debugging: (no debugging symbols found)...done. (gdb) set logging file /tmp/trace (gdb) set logging on Copying output to /tmp/trace. (gdb) set follow-fork-mode child (gdb) run Starting program: /usr/bin/slim [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". [New process 27376] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Thread 2.1 "slim" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff7f5e780 (LWP 27376)] 0x000000000040a118 in App::CreateServerAuth() () (gdb) thread apply all bt full Thread 2.1 (Thread 0x7ffff7f5e780 (LWP 27376)): #0 0x000000000040a118 in App::CreateServerAuth() () No symbol table info available. #1 0x000000000040b8f6 in App::Run() () No symbol table info available. #2 0x00000000004063b2 in main () No symbol table info available. USE=pam -branding -consolekit
Thread 2.1 "slim" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff7f5e780 (LWP 29358)] 0x00000000004092f6 in App::CreateServerAuth (this=this@entry=0x625c20) at /var/tmp/portage/x11-misc/slim-9999/work/slim-9999/app.cpp:1266 1266 mcookie[i] = digits[lo & 0x0f]; (gdb) thread apply all bt full Thread 2.1 (Thread 0x7ffff7f5e780 (LWP 29358)): #0 0x00000000004092f6 in App::CreateServerAuth (this=this@entry=0x625c20) at /var/tmp/portage/x11-misc/slim-9999/work/slim-9999/app.cpp:1266 word = 46633 hi = 182 '\266' lo = 41 ')' i = 131864 authfile = {static npos = 18446744073709551615, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x7fffffffd480 ""}, _M_string_length = 0, { _M_local_buf = "\000\323\377\377\377\177\000\000@\222\033\367\377\177\000", _M_allocated_capacity = 140737488343808}} digits = 0x40f20c "0123456789abcdef" #1 0x000000000040d1af in App::Run (this=this@entry=0x625c20) at /var/tmp/portage/x11-misc/slim-9999/work/slim-9999/app.cpp:296 themebase = {static npos = 18446744073709551615, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x625dc0 "515c1cf64cd49abe150be08840564f46b0a0b1948b418f887f0a227835a25d1795862f9efe1e965d8aa231c9d19007903c970b25078aa7fe2d64517104898eb06d68406e197f727331e669c5b1c9e1871b5a4d0b61108a646f7396b2d78bf40ab551c6a9"...}, _M_string_length = 23, {_M_local_buf = "\036\000\000\000\000\000\000\000\037<\336\367\377\177\000", _M_allocated_capacity = 30}} themefile = {static npos = 18446744073709551615, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x62cff0 "536b615ed6eaf87647206a68c22f57dc5d6a172bd92c6a226698fe32ddc191804c221e2296fe4838c8854d9e0936894d58a3fbf75b1758801dabb3d4b3d2701725239abd698d6c43f4262cacb320529033d78d4cbcb299607c8e8a843be0b8b0a8b6c1ef"...}, _M_string_length = 41, {_M_local_buf = ")\000\000\000\000\000\000\000\220\325\377\377\377\177\000", _M_allocated_capacity = 41}} themedir = {static npos = 18446744073709551615, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x625f30 "a2679dee73a5d249aaa0f2123402213824487742a21aa2892c92be50804e77a58232530d780a2dadb123b962cf8c7d21326fa676815cf87b595a1bf86f18fbb1a8e7d2cdcefa4398c5dff20d64c0e9187a4f17da8c9196e1c53b0ddf0e87486d60ec7691"...}, _M_string_length = 30, {_M_local_buf = "\036\000\000\000\000\000\000\000i8@\000\000\000\000", _M_allocated_capacity = 30}} loaded = true firstloop = <optimized out> focuspass = <optimized out> autologin = <optimized out> numlock = {static npos = 18446744073709551615, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x0}, _M_string_length = 15, { _M_local_buf = "\340\000\000\000\000\000\000\000\354\061\272\366\377\177\000", _M_allocated_capacity = 224}} panelclosed = <optimized out> Action = <optimized out> #2 0x00000000004065cd in main (argc=1, argv=0x7fffffffd948) at /var/tmp/portage/x11-misc/slim-9999/work/slim-9999/main.cpp:19 No locals.
Created attachment 463068 [details] gdb trace
Created attachment 463070 [details] emerge --info
looks like "i" is out of bounds: (gdb) print mcookie $1 = {static npos = 18446744073709551615, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x625ce8 "1fe0b300140816fdf219c7a989c432cf459c3dc1c402bea1ca3580a4204eb579f2864ad7fdcc0f71b8783acbba87c2c9f65025d15da1bf30f92a7d73f1fd091b218306f51f09149cdd9fa8dd565c133cd5af1b5ec1eda0e49bf2f12c565e8e793cf3442b"...}, _M_string_length = 0, {_M_local_buf = "1fe0b300140816fd", _M_allocated_capacity = 3472331809514415665}} (gdb) print i $2 = 131864 (gdb) print sizeof mcookie $9 = 32 (gdb) print digits[lo & 0x0f] $6 = 51 '3' so its doing: mcookie[ TOOBIG ] = chr(51) (gdb) print App::mcookiesize $10 = 959525478 uh.... (gdb) print mcookie[i-1] $13 = (const char &) @0x645fff: 52 '4' (gdb) print mcookie[i] $14 = (const char &) <error reading variable> I might be stumbling into a distinct segv from the one I hit spawning X, because I haven't worked out how to attach a debugger to /etc/init.d/xdm yet.
Managed to subvert startX11.sh to make it run GDB in right place, same issue.
(In reply to Kent Fredric (IRC: kent\n) from comment #4) > looks like "i" is out of bounds: It very much does. I'm going to guess this is either a lack of initialization, or likely some sort of non-null-terminated string issue where i just keeps going. I should really spend the time and fully examine the code and rewrite as necessary...
(In reply to Ian Stakenvicius from comment #6) > (In reply to Kent Fredric (IRC: kent\n) from comment #4) > > looks like "i" is out of bounds: > > It very much does. I'm going to guess this is either a lack of > initialization, or likely some sort of non-null-terminated string issue > where i just keeps going. I should really spend the time and fully examine > the code and rewrite as necessary... I don't remember enough C++ idiosyncracies to know exactly what's going wrong here, but given the value of mcookiesize can never apparently be modified by the code, I switched it to a #define to try and circumvent the issue. Can you re-emerge and try again?
Having "inherited" this bug, I've looked as best I can at the relevant code and Ian's "fix". While changing to a #define prevents the specific failure found (and is a perfectly reasonable change which I'll probably adopt upstream) it doesn't address the core issue, which is that the const member variable mcookiesize was being corrupted. Unless we can figure out how, my concern is that Ian's fix would merely leave something else being corrupted instead. That said, the code is referencing mcookiesize (which is an instance member) using the scope resolution operator (::). This would normally only be used with static member variables, particularly if there's a need for disambiguation. There isn't, so the compiler _should_ just ignore the syntactic quirk, but maybe some versions misbehaved? I wonder whether the original author had intended to make it static but struggled with the syntax. Anyway, with this bug being raised against a -9999 version from a repository that is no longer current, and being over 6 years old, it probably just needs to be closed unless anyone objects.
Sure.
