Ubuntu
scim package

reproducible crash (core dump) in skype, apparently when using scim input method

Bug #159740 reported by Dominique Pellé
4
Affects Status Importance Assigned to Milestone
scim (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Skype was working fine on my ubuntu-7.10 (Gutsy) until I switch input method to using SCIM.

Skype now crashes at startup (100% reproducible) with core dump.

I have this in my environment (to be able to type accentuated characters using US keyboard):

pel@pel-laptop:~$ env | grep scim
QT_IM_MODULE=scim
GTK_IM_MODULE=scim

and this is how skype crashes at startup:

pel@pel-laptop:~$ skype
*** glibc detected *** skype: free(): invalid pointer: 0x08a3b3e0 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7386d65]
/lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb738a800]
/usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0xb712dd81]
/usr/lib/libstdc++.so.6(_ZNSs4_Rep10_M_destroyERKSaIcE+0x1d)[0xb710990d]
/usr/lib/libstdc++.so.6(_ZNSsD1Ev+0x51)[0xb710b7b1]
/usr/lib/libscim-1.0.so.8[0xb6b51e15]
/usr/lib/libscim-1.0.so.8(_ZN4scim20scim_get_module_listERSt6vectorISsSaISsEERKSs+0x37)[0xb6b52c21]
/usr/lib/libscim-1.0.so.8(_ZN4scim29scim_get_imengine_module_listERSt6vectorISsSaISsEE+0x45)[0xb6b4df4d]
/usr/lib/qt3/plugins/inputmethods/libqscim.so(_ZN4scim23QScimInputContextGlobal10initializeEv+0x257)[0xb6bf5687]
/usr/lib/qt3/plugins/inputmethods/libqscim.so(_ZN4scim17QScimInputContextC1Ev+0x31e)[0xb6bf745e]
/usr/lib/qt3/plugins/inputmethods/libqscim.so(_ZN22ScimInputContextPlugin6createERK7QString+0x7e)[0xb6bf063e]
/usr/lib/libqt-mt.so.3(_ZN26QInputContextPluginPrivate6createERK7QString+0x25)[0xb7bacf5b]
/usr/lib/libqt-mt.so.3(_ZN20QInputContextFactory6createERK7QStringP7QWidget+0x94)[0xb7bacb28]
/usr/lib/qt3/plugins/inputmethods/libqimsw-multi.so(_ZN18QMultiInputContext17changeInputMethodE7QString+0xc3)[0xb6d6fc7b]
/usr/lib/qt3/plugins/inputmethods/libqimsw-multi.so(_ZN18QMultiInputContext5slaveEv+0x43)[0xb6d6fe2f]
/usr/lib/qt3/plugins/inputmethods/libqimsw-multi.so(_ZN18QMultiInputContext15setHolderWidgetEP7QWidget+0x26)[0xb6d7009e]
/usr/lib/libqt-mt.so.3(_ZN20QInputContextFactory6createERK7QStringP7QWidget+0xb8)[0xb7bacb4c]
/usr/lib/libqt-mt.so.3(_ZN7QWidget18createInputContextEv+0x8f)[0xb78ff9b5]
/usr/lib/libqt-mt.so.3(_ZN7QWidget17resetInputContextEv+0x1d)[0xb78ffcbb]
/usr/lib/libqt-mt.so.3(_ZN9QLineEdit7setTextERK7QString+0x1d)[0xb7a80181]
/usr/lib/libqt-mt.so.3(_ZN9QComboBox11setLineEditEP9QLineEdit+0x82)[0xb7a4743e]
/usr/lib/libqt-mt.so.3(_ZN9QComboBox13setUpLineEditEv+0x60)[0xb7a41d0c]
/usr/lib/libqt-mt.so.3(_ZN9QComboBox11setEditableEb+0x67)[0xb7a44fc1]
skype[0x81944a7]
skype[0x8078989]
skype[0x8075972]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7333050]
skype(_ZN6QFrame10paintEventEP11QPaintEvent+0x6d)[0x806f7b1]
======= Memory map: ========
08048000-08988000 rwxp 00000000 08:03 2036820 /usr/bin/skype
08988000-08a44000 rw-p 08988000 00:00 0 [heap]
b6900000-b6921000 rw-p b6900000 00:00 0
b6921000-b6a00000 ---p b6921000 00:00 0
b6ac5000-b6aea000 r-xp 00000000 08:03 2500082 /usr/lib/qt3/plugins/inputmethods/libqsimple.so
b6aea000-b6aeb000 rw-p 00024000 08:03 2500082 /usr/lib/qt3/plugins/inputmethods/libqsimple.so
b6aeb000-b6bc1000 r-xp 00000000 08:03 2037768 /usr/lib/libscim-1.0.so.8.2.3
b6bc1000-b6bcf000 rw-p 000d6000 08:03 2037768 /usr/lib/libscim-1.0.so.8.2.3
b6bd5000-b6be0000 r-xp 00000000 08:03 2500083 /usr/lib/qt3/plugins/inputmethods/libqxim.so
b6be0000-b6be1000 rw-p 0000a000 08:03 2500083 /usr/lib/qt3/plugins/inputmethods/libqxim.so
b6be1000-b6c00000 r-xp 00000000 08:03 2500142 /usr/lib/qt3/plugins/inputmethods/libqscim.so
b6c00000-b6c01000 rw-p 0001f000 08:03 2500142 /usr/lib/qt3/plugins/inputmethods/libqscim.so
b6c01000-b6c8c000 r--p 00000000 08:03 2541247 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
b6c8c000-b6cb9000 r-xp 00000000 08:03 2031703 /usr/lib/liblcms.so.1.0.16
b6cb9000-b6cbb000 rw-p 0002c000 08:03 2031703 /usr/lib/liblcms.so.1.0.16
b6cbb000-b6cbd000 rw-p b6cbb000 00:00 0
b6cbd000-b6d28000 r-xp 00000000 08:03 2033664 /usr/lib/libmng.so.1.1.0.9
b6d28000-b6d2b000 rw-p 0006a000 08:03 2033664 /usr/lib/libmng.so.1.1.0.9
b6d35000-b6d37000 r-xp 00000000 08:03 2037769 /usr/lib/libscim-x11utils-1.0.so.8.2.3
b6d37000-b6d38000 rw-p 00001000 08:03 2037769 /usr/lib/libscim-x11utils-1.0.so.8.2.3
b6d38000-b6d3c000 r-xp 00000000 08:03 2500078 /usr/lib/qt3/plugins/inputmethods/libqimsw-none.so
b6d3c000-b6d3d000 rw-p 00003000 08:03 2500078 /usr/lib/qt3/plugins/inputmethods/libqimsw-none.so
b6d3d000-b6d67000 r-xp 00000000 08:03 2036901 /usr/lib/libkdefx.so.4.2.0
b6d67000-b6d68000 rw-p 0002a000 08:03 2036901 /usr/lib/libkdefx.so.4.2.0
b6d6a000-b6d73000 r-xp 00000000 08:03 2495118 /usr/lib/qt3/plugins/inputmethods/libqimsw-multi.so
b6d73000-b6d74000 rw-p 00009000 08:03 2495118 /usr/lib/qt3/plugins/inputmethods/libqimsw-multi.so
b6d74000-b6d79000 r-xp 00000000 08:03 2495064 /usr/lib/qt3/plugins/imageformats/libqmng.so
b6d79000-b6d7a000 rw-p 00004000 08:03 2495064 /usr/lib/qt3/plugins/imageformats/libqmng.so
b6d7a000-b6d99000 r-xp 00000000 08:03 4636684 /usr/lib/kde3/plugins/styles/plastik.so
b6d99000-b6d9a000 rw-p 0001e000 08:03 4636684 /usr/lib/kde3/plugins/styles/plastik.so
b6d9a000-b6d9b000 ---p b6d9a000 00:00 0
b6d9b000-b6e1b000 rw-p b6d9b000 00:00 0
b6e1b000-b6e21000 r--s 00000000 08:03 2608149 /var/cache/fontconfig/945677eb7aeaf62f1d50efc3fb3ec7d8-x86.cache-2
b6e21000-b6e24000 r--s 00000000 08:03 2608548 /var/cache/fontconfig/e383d7ea5fbe662a33d9b44caf393297-x86.cache-2
b6e24000-b6e25000 r--s 00000000 08:03 2608547 /var/cache/fontconfig/fd9505950c048a77dc4b710eb6a628ed-x86.cache-2
b6e25000-b6e27000 r--s 00000000 08:03 2608546 /var/cache/fontconfig/ddc79d3ea06a7c6ffa86ede85f3bb5df-x86.cache-2
b6e27000-b6e28000 r--s 00000000 08:03 2608544 /varAborted (core dumped)

If I try to run with valgrind, I see that skype accesses illegal address 0:

pel@pel-laptop:~$ valgrind skype
==24749== Memcheck, a memory error detector.
==24749== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==24749== Using LibVEX rev 1732, a library for dynamic binary translation.
==24749== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==24749== Using valgrind-3.2.3-Debian, a dynamic binary instrumentation framework.
==24749== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==24749== For more details, rerun with: -v
==24749==
==24749== Invalid read of size 1
==24749== at 0x850E06B: (within /usr/bin/skype)
==24749== by 0x681: ???
==24749== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==24749==
==24749== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==24749== Access not within mapped region at address 0x0
==24749== at 0x850E06B: (within /usr/bin/skype)
==24749== by 0x681: ???
==24749==
==24749== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 71 from 1)
==24749== malloc/free: in use at exit: 9,865 bytes in 413 blocks.
==24749== malloc/free: 413 allocs, 0 frees, 9,865 bytes allocated.
==24749== For counts of detected errors, rerun with: -v
==24749== searching for pointers to 413 not-freed blocks.
==24749== checked 10,481,288 bytes.
==24749==
==24749== LEAK SUMMARY:
==24749== definitely lost: 0 bytes in 0 blocks.
==24749== possibly lost: 0 bytes in 0 blocks.
==24749== still reachable: 9,865 bytes in 413 blocks.
==24749== suppressed: 0 bytes in 0 blocks.
==24749== Rerun with --leak-check=full to see details of leaked memory.
Segmentation fault (core dumped)
pel@pel-laptop:~$

If I unset the QT_IM_MODULE variable, then skype works fine:

$ unset QT_IM_MODULE
$ skype
(ok, works)

So bug is somehow triggered by input method QT_IM_MODULE=scim.

I am not sure whether it's a bug in skype itself, or in the Qt librarỵ (or even somewhere else)

If I look at the core file with gdb, I see this:

$ gdb /usr/bin/skype core
(gdb) bt
#0 0xffffe410 in __kernel_vsyscall ()
#1 0xb7361875 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0xb7363201 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0xb7398e5c in ?? () from /lib/tls/i686/cmov/libc.so.6
#4 0x00000008 in ?? ()
#5 0xbff48d54 in ?? ()
#6 0x00000400 in ?? ()
#7 0xb74630c8 in ?? () from /lib/tls/i686/cmov/libc.so.6
#8 0x00000017 in ?? ()
#9 0xbff4b8f7 in ?? ()
#10 0x00000005 in ?? ()
#11 0xb74630e1 in ?? () from /lib/tls/i686/cmov/libc.so.6
#12 0x00000002 in ?? ()
#13 0xb74600c4 in ?? () from /lib/tls/i686/cmov/libc.so.6
#14 0x00000017 in ?? ()
#15 0xb74630e5 in ?? () from /lib/tls/i686/cmov/libc.so.6
#16 0x00000004 in ?? ()
#17 0xbff492cb in ?? ()
#18 0x00000008 in ?? ()
#19 0xb74630eb in ?? () from /lib/tls/i686/cmov/libc.so.6
#20 0x00000005 in ?? ()
#21 0x08a3aea8 in ?? ()
#22 0xbff48efc in ?? ()
#23 0xb6bf3881 in ?? () from /usr/lib/qt3/plugins/inputmethods/libqxim.so
#24 0xb6bf3875 in ?? () from /usr/lib/qt3/plugins/inputmethods/libqxim.so
#25 0xb7f92020 in ?? () from /lib/ld-linux.so.2
#26 0xb7f91ff4 in ?? () from /lib/ld-linux.so.2
#27 0xb74630eb in ?? () from /lib/tls/i686/cmov/libc.so.6
#28 0x00000005 in ?? ()
#29 0xbff48ca0 in ?? ()
#30 0x00000025 in ?? ()
#31 0xb6bf386a in ?? () from /usr/lib/qt3/plugins/inputmethods/libqxim.so
#32 0xb7f92020 in ?? () from /lib/ld-linux.so.2
#33 0xb7f91ff4 in ?? () from /lib/ld-linux.so.2
#34 0xb7f775b8 in ?? () from /lib/ld-linux.so.2
#35 0xbff492cb in ?? ()
#36 0x00000008 in ?? ()
#37 0xbff48cb0 in ?? ()
#38 0xb6bf385e in ?? () from /usr/lib/qt3/plugins/inputmethods/libqxim.so
#39 0xb74630e5 in ?? () from /lib/tls/i686/cmov/libc.so.6
#40 0x00000004 in ?? ()
#41 0xbff48cd0 in ?? ()
#42 0xb7398cf9 in ?? () from /lib/tls/i686/cmov/libc.so.6
#43 0xb74630e6 in ?? () from /lib/tls/i686/cmov/libc.so.6
#44 0x00000025 in ?? ()
#45 0xb6bf3851 in ?? () from /usr/lib/qt3/plugins/inputmethods/libqxim.so
#46 0xb7f92020 in ?? () from /lib/ld-linux.so.2
#47 0xb74600c4 in ?? () from /lib/tls/i686/cmov/libc.so.6
#48 0x00000017 in ?? ()
#49 0xbff48cf0 in ?? ()
---Type <return> to continue, or q <return> to quit---
#50 0xb74600c4 in ?? () from /lib/tls/i686/cmov/libc.so.6
#51 0xb6bf3851 in ?? () from /usr/lib/qt3/plugins/inputmethods/libqxim.so
#52 0xb6bf383e in ?? () from /usr/lib/qt3/plugins/inputmethods/libqxim.so
#53 0xb7f92020 in ?? () from /lib/ld-linux.so.2
#54 0xb7f91ff4 in ?? () from /lib/ld-linux.so.2
#55 0xb74630e1 in ?? () from /lib/tls/i686/cmov/libc.so.6
#56 0x00000002 in ?? ()
#57 0xbff48d10 in ?? ()
#58 0x00000025 in ?? ()
#59 0xb7363ce5 in getenv () from /lib/tls/i686/cmov/libc.so.6
#60 0xb73a0d65 in ?? () from /lib/tls/i686/cmov/libc.so.6
#61 0x00000002 in ?? ()
#62 0xb74630c8 in ?? () from /lib/tls/i686/cmov/libc.so.6
#63 0xbff4b8f7 in ?? ()
#64 0xb74600c4 in ?? () from /lib/tls/i686/cmov/libc.so.6
#65 0xbff492cb in ?? ()
#66 0x08a3b664 in ?? ()
#67 0xbff492cb in ?? ()
#68 0x08a3b3d8 in ?? ()
#69 0xb74ded7d in ?? () from /usr/lib/libstdc++.so.5
#70 0x000006f5 in ?? ()
#71 0xb74600c4 in ?? () from /lib/tls/i686/cmov/libc.so.6
#72 0xbff49340 in ?? ()
#73 0x08a39990 in ?? ()
#74 0xb6b1234d in ?? () from /usr/lib/libscim-1.0.so.8
#75 0xc37e5c95 in ?? ()
#76 0x00000000 in ?? ()

which also confirms that crash happens in
the input method /usr/lib/qt3/plugins/inputmethods/libqxim.so

Revision history for this message
Louis-Dominique Dubeau (ldd) wrote :

I experience the same bug, same symptoms. Launching skype with scim disabled works.

Revision history for this message
Daniel T Chen (crimsun) wrote :

Is this symptom still reproducible in 8.10?

Changed in scim:
status: New → Incomplete
Revision history for this message
Michael Nagel (nailor) wrote :

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Changed in scim:
status: Incomplete → Invalid
Revision history for this message
Louis-Dominique Dubeau (ldd) wrote :

I actually cannot reproduce it in 8.10.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.