Home | Software Map | Motif Forums | Bug Home sponsored by ICS 
Bugzilla Bug
  1257
     Query page      Enter new bug
Bug#:1257 Platform: Version:
Product: OS: Reporter:brad@sd.aonix.com
Status: CLOSED Priority: Cc:
Resolution: FIXED Severity: Component:
Assigned To: openmotif-devel@motifzone.net Target Milestone:
URL:
Summary:
Attachments: 05/27/04 11:33Tar file containing test case for bug.
Create a new attachment (proposed patch, testcase, etc.)
Bug 1257 depends on: Show dependency tree
Show dependency graph
Bug 1257 blocks:
Votes for bug 1257:    Vote for this bug

Additional Comments:


Leave as CLOSED FIXED
Reopen bug

View Bug Activity Format For Printing
Description: Opened: 2004-05-27 11:31

RedHat Enterprise Linux 3.0 with Motif 2.2.3 gets the following errors all over
the place:
    Warning:                                                
       Name: textField                                     
       Class: XmTextField                                  
       Character '\163' not supported in font.  Discarded. 

Below I have included a C file and a Makefile for a test case.
Also I provided a suggested fix for the problem.


--------------------------------------------------------------------------------
README
--------------------------------------------------------------------------------

Test case to illustrate bug in PrintableString in TextF.c in Motif 2.2.3.

How to test:
  make
  setenv LANG en_US.UTF-8 (or another multibyte lang)
  textf_bug

  The following error messages will appear:

    Warning:                                                
       Name: textField                                     
       Class: XmTextField                                  
       Character '\163' not supported in font.  Discarded. 
                                                     
    Warning:                                                
       Name: textField                                     
       Class: XmTextField                                  
       Character '\157' not supported in font.  Discarded. 
    ...

  If you do not see the errors, try setting LANG to another multibyte encoding,
  such as ja_JP.ujis.

The test case makes a simple GUI with a XmTextField widget and
puts a regular single-byte string into it.
The bug causes the text field to reject the string character by character
and print the error messages.


The bug is new for Motif 2.2 and was not present in Motif 2.1.
The error lies in a new block of code added to the end of PrintableString in
TextF.c:

    tmp_str = (wchar_t *)str;
    ret_val = wctomb(tmp, *tmp_str);
    count = 0;
    while ( (ret_val > 0)&& (buf_size >= MB_CUR_MAX) && (count < n) )
      {
        count += 1;
        tmp += ret_val;
        buf_size -= ret_val;
        tmp_str
        ret_val = wctomb(tmp, *tmp_str);
      }
    if (ret_val == -1)    /* bad character */
      return (False);
    is_printable = XTextWidth(TextF_Font(tf), cache_ptr, tmp - cache_ptr);

The problem is that ValidateString passes the address of a single wchar_t tmp.
The str parameter in PrintableString is consequently set to &tmp.
n is passed in as 1.
str is copied to tmp_str.
The code runs wctomb on *tmp_str, increments tmp_str and then calls wctomb
on *tmp_str again.
At this point tmp_str points to other stuff on the stack - whatever happens to
occupy &tmp+1.

I (think I) fixed the problem by changing the code to:

   tmp_str = (wchar_t *)str;
   count = 0;
   do {
     ret_val = wctomb(tmp, *tmp_str);
     count += 1;
     tmp += ret_val;
     buf_size -= ret_val;
     tmp_str++;
   } while ( (ret_val > 0)&& (buf_size >= MB_CUR_MAX) && (count < n) ) ;
   if (ret_val == -1)    /* bad character */
     return (False);
   is_printable =
     ( XTextWidth(TextF_Font(tf), cache_ptr, tmp - cache_ptr) != 0 ) ;

Apparently RedHat does not define SUPPORT_ZERO_WIDTH in their version of Motif.

The bug does not always show itself.
Depending on the libXm build, sometimes the address at &tmp+1 is another
variable, and other times it is just uninitialized junk.
This test case attempts to write gibberish to the stack area, so that the
bug will show up in the case that &tmp+1 is not used by another variable.
If another variable lands on &tmp+1, then the problem is revealed only if
this other variable is set to something that wctomb doesn''t like.
I built Motif 2.2.2 on RHLinux8 and the &tmp+1 address was given to the
start_tmp variable.
The pointer value given to start_tmp did not cause wctomb to complain,
so this test case didn''t reveal the problem on RH8.
The test case shows the problem with RedHat Enterprise Linux 3.0.

This test case is intended to run on a 32 bit Intel platform.
It may not work on other platforms.

Brad Despres
Aonix

--------------------------------------------------------------------------------
Makefile
--------------------------------------------------------------------------------
all: textf_bug

textf_bug: textf_bug.c
	cc -g -Wall \
		-I/usr/X11R6/include \
		textf_bug.c \
		-o textf_bug \
		-L/usr/X11R6/lib \
		-lXm \
		-lXp \
		-lXt \
		-lXext \
		-lXpm \
		-lSM \
		-lICE \
		-lX11 \
		-lpthread


clean:
	-rm -f textf_bug textf_bug.o

--------------------------------------------------------------------------------
textf_bug.c
--------------------------------------------------------------------------------
#include <locale.h>
#include <Xm/TextF.h>
  
int main (
  int argc ,
  char * argv []
)
{
  Widget toplevel , textf ;
  XtAppContext app ;
  int i , fill_size = 1024 ;
  unsigned char fill_byte = 0xA5 ;
  unsigned fill_pattern ;
  unsigned * pu ;

  /* Read the locale env variables. */
  setlocale ( LC_ALL , "" ) ;

  toplevel = XtVaAppInitialize ( & app , "TestCase" , NULL , 0 ,
    & argc , argv , NULL , NULL ) ;

  textf = XtVaCreateWidget ( "textField" ,
    xmTextFieldWidgetClass , toplevel ,
    NULL ) ;
  
  XtManageChild ( textf ) ;

  { /*
     * Write jibberish into the unused area below the stack.
     * Hopefully this will cause the bug to show up.
     */

    /* Push a variable so we know where the sp is. */
    unsigned u ;

    /* Set up the fill pattern, e.g. 0xA5A5A5A5 */
    memset ( ( void * ) & fill_pattern , fill_byte , sizeof ( u ) ) ;

    /* Fill the unused stack area with this pattern. */
    for ( i = 0 , pu = & u ; i < fill_size ; i ++ , pu -- ) {
      * pu = fill_pattern ;
      /* The problem is masked if you fill it with zeros instead. */
    }
  }
  XmTextFieldSetString ( textf , "some text" ) ;
  XtRealizeWidget ( toplevel ) ;
  XtAppMainLoop ( app ) ;

  /* Not reached. */
  return ( 0 ) ;
}


------- Additional Comments From brad@sd.aonix.com 2004-05-27 11:33 -------
Created an attachment (id=45)
Tar file containing test case for bug.


------- Additional Comments From Yura Syrota 2004-06-30 05:28 -------
Fixed as proposed. Thanks for the report and patch.

     Query page      Enter new bug
This is Mr. Samsa: the Open Motif bug system using Bugzilla. For more information about what Bugzilla is and what it can do, see mozilla.org's bug pages.
New | Query | bug # | Reports | New account | Log in