piewm uses m4 in parsing its configuration file. Before it does so, it creates a temporary file of definitions. It does this in the MkDef() function in parse.c. In creating the definition lines, it tries to only allocate as much memory as necessary. However, there is an off-by-one error; I believe that when the routine was coded the trailing NUL character for the strings in question was overlooked. (There is code to "pad" the allocation for known "extra" characters that will be needed. It's just a little smaller than it needs to be.) By default, FreeBSD 7-CURRENT (as of this time) has code enabled to identify "red zone corruption;" in this case, it's a matter of an attempt to write on storage that was not allocated. One symptom is the message: piewm: (malloc) Corrupted redzone 1 byte after 0xa00cbe0 (size 41) (0x0) Another is that the window manager is not, in fact, functional. It would be extremely cool if we could get this simple fix in before the ports tree is completely frozen for the 6.1 release. And my thanks to Jason for providing the hints for me to be able to finally(!) track this bug down and squash it. And I am presently using the patched version; it does work. How-To-Repeat: Install ports/x11-wm/piewm, then run it.
Looks as if there should be an updated source tarball soon, if not already. ----- Forwarded message from Russell Nelson <nelson@crynwr.com> ----- From: Russell Nelson <nelson@crynwr.com> Date: Tue, 14 Mar 2006 10:58:53 -0500 To: David Wolfskill <david@catwhisker.org> Subject: Re: Off-by-one bug in piewm -- interested? Thanks! Fixed. -russ David Wolfskill writes: > > I filed a PR with the FreeBSD ports folks Saturday (11 March), but the > bug appears to be in tghe sources for piewm itself (rather than the > "port" gunk thatt FreeBSD uses to build 3rd-party applications), and a > colleague at work -- who also uses piewm -- mentioned that you might > have an interest in the fix. > > Since the PR includes the (nearly trivial) fix, I'll direct you to > <http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/94378> for the > explanation & unidiff-formatted patch. > > Succinctly, the #define for EXTRA in parse.c needs to be (at least) 12, > rather than 11 -- it's an off-by-one error in calculating how much > memory will be needed for creating a line of m4 input. > > Turns out that tvtwm doesn't have the problem: although tvtwm also > spits out the "dnl" token (which was intentionally omitted for piewm), > tvtwm's EXTRA is 15. Looks as if someone got a touch over-zealous with > respect to trying to ensure that piewm didn't allocate more memory than > necessary. > > Peace, > david > -- > David H. Wolfskill david@catwhisker.org > Mail filters, like sewers, need to be most restrictive at the point of entry. > > See http://www.catwhisker.org/~david/publickey.gpg for my public key. ----- End forwarded message ----- Peace, david -- David H. Wolfskill david@catwhisker.org Mail filters, like sewers, need to be most restrictive at the point of entry. See http://www.catwhisker.org/~david/publickey.gpg for my public key.
Responsible Changed From-To: freebsd-ports-bugs->lawrance Handling it.
State Changed From-To: open->closed piewm bumped to fixed version 1.04. Thanks!