[Xmonad] xmonad crashing

Stefan O'Rear stefanor at cox.net
Mon Jul 9 00:48:55 EDT 2007 

On Mon, Jul 09, 2007 at 12:06:55AM -0400, Geoffrey Alan Washburn wrote:
>
> After pulling in a few recent patches I've been having problems with xmonad 
> crashing when I close windows from Thunderbird.  I haven't extensively 
> tested whether there are other applications that this happens with.  xmonad 
> dies with the following information.  I'm compiling with ghc 6.6 on Linux.  
> Let me know if there is some additional information that I can provide.

Very interesting!  Auditing the uses of XFree in xmonad/X11-extras, I
see some very fishy code...

queryTree :: Display -> Window -> IO (Window, Window, [Window])
queryTree d w =
    alloca $ \root_return ->
    alloca $ \parent_return ->
    alloca $ \children_return ->
    alloca $ \nchildren_return -> do
        xQueryTree d w root_return parent_return children_return nchildren_return
        p <- peek children_return
        n <- fmap fromIntegral $ peek nchildren_return
        ws <- peekArray n p
        xFree p
        liftM3 (,,) (peek root_return) (peek parent_return) (return ws)

This specifically looks like the culprit - there's no check for
xQueryTree succeeding, so if things race wrong (quite plausable if
you're closing windows!) the pointer will be freed without being
initialized.  Due to subtleties of the GHC storage manager,
uninitialized alloca'd memory almost certainly contains pointers into
the Haskell heap - which is where your "invalid pointer" points.

If you change that code in X11-extras (Graphics/X11/Xlib/Extras.hsc) to:

queryTree :: Display -> Window -> IO (Window, Window, [Window])
queryTree d w =
    alloca $ \root_return ->
    alloca $ \parent_return ->
    alloca $ \children_return ->
    alloca $ \nchildren_return -> do
        status <- xQueryTree d w root_return parent_return children_return nchildren_return
        if status == 0
            then return (none, none, []) -- we ought to throw an
                                         -- exception here...
            else do
                p <- peek children_return
                n <- fmap fromIntegral $ peek nchildren_return
                ws <- peekArray n p
                xFree p
                liftM3 (,,) (peek root_return) (peek parent_return) (return ws)

can you still reproduce it?

Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://www.haskell.org/pipermail/xmonad/attachments/20070708/d1c9814f/attachment.bin

More information about the Xmonad mailing list