Skip to content

Use-after-free in XUnregisterIMInstantiateCallback causes wrong behavior or crash

Submitted by Dmitry Antipov

Assigned to Xorg Project Team

Link to original bug (#81338)

Description

Created attachment 102761 proposal fix

I was unable to create small and isolated example, so the only way to reproduce this bug is to run GNU Emacs with multiple X servers (Xnest is OK too). So steps to reproduce are:

  1. Compile Emacs with Lucid toolkit (--with-x-toolkit=lucid) and internal checking enabled (--enable-checking).
  2. Run Xnest on :1
  3. Run Emacs with:

emacs -Q --eval '(let ((f (selected-frame))) (make-frame-on-display ":1.0") (delete-frame f))'

  1. See assertion failure at xterm.c:8006 while checking the value returned from XUnregisterIMInstantiateCallback.

Running under Valgrind (see http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17975#17) shows a use-after-free error.

Proposal fix is attached.

Attachment 102761, "proposal fix":
lcd-core-modifiers.patch

Version: 7.7 (2012.06)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information