Re: address@hidden: Bug#79091: info: "info --vi-keys libc:exit" causes segfault when you hit 'h']

[Adam Olsen]

On Sun, 10 Dec 2000, Eli Zaretskii wrote:
> Date: Sun, 10 Dec 2000 09:25:47 +0200 (IST)
> To: Josip Rodin <address@hidden>
> From: Eli Zaretskii <address@hidden>
> CC: address@hidden, address@hidden,
> address@hidden
> Subject: Re: address@hidden: Bug#79091: info: "info
> --vi-keys libc:exit" causes segfault when you hit 'h']
> 
> 
> On Sat, 9 Dec 2000, Josip Rodin wrote:
> 
> > I was able to reproduce it. Here is the backtrace with info compiled
> with
> > debugging info:
> > 
> > (gdb) where
> > #0  0x400a6fa1 in realloc () from /lib/libc.so.6
> > #1  0x805fe7a in xrealloc (pointer=0x8082d28, bytes=15770) at
> xmalloc.c:65
> > #2  0x805f94d in message_buffer_resize (length=28) at window.c:1293
> > #3  0x805fb32 in build_message_buffer (format=0x8063856 "M-x %s\n    
> %s\n",
> >     arg1=0x8064b2d, arg2=0x80829c0) at window.c:1376
> 
> I have difficulty debugging this.  This backtrace suggest corruption of 
> the malloc memory chain, and that means the bug is somewhere else, not in
> 
> the chain of calls shown by the backtrace.  Since I still cannot 
> reproduce the crash, it's hard to find that other pace.
> 
> I tried to do this on 2 different systems, one of them Debian GNU/Linux, 
> and Info didn't crash.
> 
> Is this a stock version of Info from Texinfo 4.0, or does it have some 
> changes beyond v4.0?  If the latter, can you see the crash in the stock 
> version?  (The stock version is what I've been using to reproduce this.)

It's the stock version for debian woody (--version said 4.0)

> 
> If the stock version also crashes, then I'd ask to play with the crash a 
> bit.  For example, does it crash when invoked as "info --vi-keys", or do 
> you need an additional command-line argument?  Does it crash when the 
> command-line argument is an existing DIR menu entry, or only when such an
> 
> entry doesn't exist?  Does it crash with every invalid entry, or just 
> with ones that include a colon, like "libc:exit" in the example?

it crashes when I have "info --vi-keys" plus some random (non-argument)
text.  I havn't tried with any valid arguments.  It doesn't need a colon to
crash, but requires I hit 'h' twice if I don't have one.  I'm not sure if
it's only with invalid entries, since I don't know any valid ones to try it
with. :)

> 
> I need that info to reduce the amount of code I need to search for 
> possible memory-related problems.
> 
> TIA

I got it recompiled now with debugging:

(gdb) bt
#0  0x400cd3d8 in free () from /lib/libc.so.6
#1  0x400cd2c3 in free () from /lib/libc.so.6
#2  0x8050eb3 in replace_in_documentation (string=0x8065520 "Move the
cursor to a specific line of the window") at infodoc.c:686
#3  0x80506c6 in create_internal_info_help_node (help_is_only_window_p=0)
at infodoc.c:290
#4  0x8050816 in info_find_or_create_help_window () at infodoc.c:377
#5  0x80508c3 in info_get_help_window (window=0x806f478, count=1, key=104)
at infodoc.c:415
#6  0x805c490 in info_dispatch_on_key (key=104, map=0x806e3e8) at
session.c:4598
#7  0x80564bf in info_read_and_dispatch () at session.c:233
#8  0x80563d7 in info_session () at session.c:181
#9  0x8056326 in begin_info_session_with_error (initial_node=0x806c7b8,
format=0x80641a0 "No menu item `%s' in node `%s'.", arg1=0xbffffb28,
arg2=0x806c7d8)
    at session.c:151
#10 0x804fa78 in main (argc=3, argv=0xbffff9c4) at info.c:403
#11 0x40079cfc in __libc_start_main () from /lib/libc.so.6

then a bit later in ddd I got this, although the first couple times I tried
it didn't crash.

(gdb) bt
#0  0x400cd3d8 in free () from /lib/libc.so.6
#1  0x400cd2c3 in free () from /lib/libc.so.6
#2  0x804d90e in gc_pointers () at gc.c:91
#3  0x804d75f in add_gcable_pointer (pointer=0x80883c8 "Basic Commands in
Info Windows\n", '*' <repeats 30 times>, "\n\n  l", ' ' <repeats 11 times>,
"Quit this help.\n  q", ' ' <repeats 11 times>, "Quit Info altogether.\n 
ESC h       Invoke the Info tutorial.\n\nMoving within a
node:\n--------"...) at gc.c:40
#4  0x805077f in create_internal_info_help_node (help_is_only_window_p=1)
at infodoc.c:322
#5  0x8050816 in info_find_or_create_help_window () at infodoc.c:377
#6  0x80508c3 in info_get_help_window (window=0x806f478, count=1, key=104)
at infodoc.c:415
#7  0x805c490 in info_dispatch_on_key (key=104, map=0x806e3e8) at
session.c:4598
#8  0x80564bf in info_read_and_dispatch () at session.c:233
#9  0x80563d7 in info_session () at session.c:181
#10 0x8056326 in begin_info_session_with_error (initial_node=0x806c7b8,
format=0x80641a0 "No menu item `%s' in node `%s'.", arg1=0xbffffacb,
arg2=0x806c7d8) at session.c:151
#11 0x804fa78 in main (argc=3, argv=0xbffff954) at info.c:403
#12 0x40079cfc in __libc_start_main () from /lib/libc.so.6
(gdb) 

then again in gdb, this time with optimizations turned off:

(gdb) 
#0  0x400cd3fd in free () from /lib/libc.so.6
#1  0x400cd2c3 in free () from /lib/libc.so.6
#2  0x8050eb3 in replace_in_documentation (string=0x80654f3 "Redraw the
display") at infodoc.c:686
#3  0x8050a7a in function_documentation (function=0x805bf54
<info_redraw_display>) at infodoc.c:506
#4  0x805028e in dump_map_to_message_buffer (prefix=0x806372f "",
map=0x806e3e8) at infodoc.c:164
#5  0x8050558 in create_internal_info_help_node (help_is_only_window_p=0)
at infodoc.c:262
#6  0x8050816 in info_find_or_create_help_window () at infodoc.c:377
#7  0x80508c3 in info_get_help_window (window=0x8081158, count=1, key=104)
at infodoc.c:415
#8  0x805c490 in info_dispatch_on_key (key=104, map=0x806e3e8) at
session.c:4598
#9  0x80564bf in info_read_and_dispatch () at session.c:233
#10 0x80563d7 in info_session () at session.c:181
#11 0x8056326 in begin_info_session_with_error (initial_node=0x806c7b8,
format=0x80641a0 "No menu item `%s' in node `%s'.", arg1=0xbffffb2c,
arg2=0x806c7d8)
    at session.c:151
#12 0x804fa78 in main (argc=3, argv=0xbffff9c4) at info.c:403
#13 0x40079cfc in __libc_start_main () from /lib/libc.so.6

then another time, with a different command line parameter (I havn't been
doing any particular pattern to them)
(gdb) where
#0  0x400cd3d8 in free () from /lib/libc.so.6
#1  0x400cd2c3 in free () from /lib/libc.so.6
#2  0x8050eb3 in replace_in_documentation (string=0x8065520 "Move the
cursor to a specific line of the window") at infodoc.c:686
#3  0x80506c6 in create_internal_info_help_node (help_is_only_window_p=0)
at infodoc.c:290
#4  0x8050816 in info_find_or_create_help_window () at infodoc.c:377
#5  0x80508c3 in info_get_help_window (window=0x806f478, count=1, key=104)
at infodoc.c:415
#6  0x805c490 in info_dispatch_on_key (key=104, map=0x806e3e8) at
session.c:4598
#7  0x80564bf in info_read_and_dispatch () at session.c:233
#8  0x80563d7 in info_session () at session.c:181
#9  0x8056326 in begin_info_session_with_error (initial_node=0x806c7b8,
format=0x80641a0 "No menu item `%s' in node `%s'.", arg1=0xbffffb2a,
arg2=0x806c7d8)
    at session.c:151
#10 0x804fa78 in main (argc=3, argv=0xbffff9c4) at info.c:403
#11 0x40079cfc in __libc_start_main () from /lib/libc.so.6

Looking for patterns in this now.  If I do the same one over a couple times
it appears to have the same backtrace.  Also, if I use "we" as my random
string I get a page for "Web2c", and it won't crash.

Hrm.  I'm thinking now that all these backtraces might not help you much. 
I've done a bunch more too, and they vary a fair bit in where they are
(except that they all seem to have the create_internal_info_help_node, but
I suspect that's akin to noticing a trend with them all having a main...) 
Well, rather than flood you with more possibly useless information, I'll
wait for you reply to see what I should do next.

(btw, my bet's on how it handles invalid entries at this point, but I'm not
sure how that ties in with --vi-keys...)