Re: [Xmonad] xmonad crashing

9 Jul 2007


      On Sun, 8 Jul 2007 21:48:55 -0700
"Stefan O'Rear"  wrote:
...
On Mon, Jul 09, 2007 at 12:06:55AM -0400, Geoffrey Alan Washburn
wrote:
...
After pulling in a few recent patches I've been having problems
with xmonad crashing when I close windows from Thunderbird.  I
haven't extensively tested whether there are other applications
that this happens with.  xmonad dies with the following
information.  I'm compiling with ghc 6.6 on Linux. Let me know if
there is some additional information that I can provide.
Very interesting!  Auditing the uses of XFree in xmonad/X11-extras, I
see some very fishy code...
queryTree :: Display -> Window -> IO (Window, Window, [Window])
queryTree d w =
    alloca $ \root_return ->
    alloca $ \parent_return ->
    alloca $ \children_return ->
    alloca $ \nchildren_return -> do
        xQueryTree d w root_return parent_return children_return
nchildren_return p <- peek children_return
        n <- fmap fromIntegral $ peek nchildren_return
        ws <- peekArray n p
        xFree p
        liftM3 (,,) (peek root_return) (peek parent_return) (return
ws)
This specifically looks like the culprit - there's no check for
xQueryTree succeeding, so if things race wrong (quite plausable if
you're closing windows!) the pointer will be freed without being
initialized.  Due to subtleties of the GHC storage manager,
uninitialized alloca'd memory almost certainly contains pointers into
the Haskell heap - which is where your "invalid pointer" points.
If you change that code in X11-extras (Graphics/X11/Xlib/Extras.hsc)
to:
queryTree :: Display -> Window -> IO (Window, Window, [Window])
queryTree d w =
    alloca $ \root_return ->
    alloca $ \parent_return ->
    alloca $ \children_return ->
    alloca $ \nchildren_return -> do
        status <- xQueryTree d w root_return parent_return
children_return nchildren_return if status == 0
            then return (none, none, []) -- we ought to throw an
                                         -- exception here...
            else do
                p <- peek children_return
                n <- fmap fromIntegral $ peek nchildren_return
                ws <- peekArray n p
                xFree p
                liftM3 (,,) (peek root_return) (peek parent_return)
(return ws)
can you still reproduce it?
Stefan
queryTree is only run once, at start up.  It seems unlikely that this
is causing the described issue.


Cheers,
Spencer Janssen