When (without -pipe) the child exits, state->pipe is cleared but state->pid is not. Later on, state->pid is used to determine whether to send a message to the child (via state->pipe) it tests only the value of state->pid.
This can be forced by running with -window and resizing the window between child runs (which attempts to ioctl TIOCWINSZ on the pipe).
Version-Release number of selected component (if applicable):
xscreensaver-extras-5.08-1.fc9.x86_64
How reproducible:
The resize case, very. I think there's another semi-random crash case too though.
Steps to Reproduce:
1. Run phosphor with -window
2. Resize window
3.
Actual results:
SEGV
Expected results:
No SEGV
Additional info:
Attached patch does two things: clear state->pid once we know the child has exited, and check state->pipe before attempting to dereference it.
Created attachment 329709
proposed fix
Description of problem:
When (without -pipe) the child exits, state->pipe is cleared but state->pid is not. Later on, state->pid is used to determine whether to send a message to the child (via state->pipe) it tests only the value of state->pid.
This can be forced by running with -window and resizing the window between child runs (which attempts to ioctl TIOCWINSZ on the pipe).
Version-Release number of selected component (if applicable):
xscreensaver- extras- 5.08-1. fc9.x86_ 64
How reproducible:
The resize case, very. I think there's another semi-random crash case too though.
Steps to Reproduce:
1. Run phosphor with -window
2. Resize window
3.
Actual results:
SEGV
Expected results:
No SEGV
Additional info:
Attached patch does two things: clear state->pid once we know the child has exited, and check state->pipe before attempting to dereference it.