Ubuntu
mirage package

[SRU] Mirage segfaults immediately when run

Bug #1994145 reported by Erik Meitner
32
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Mirage
Fix Released
Unknown
mirage (Ubuntu)
Fix Released
Undecided
Graham Inggs
Jammy
Fix Released
Undecided
Unassigned
Lunar
Opinion
Undecided
Unassigned
Mantic
Fix Released
Undecided
Unassigned

Bug Description

[ Impact ]

mirage is completely unusable as it will always segfault if any user tries to run the application.

Debugger showed that it is causing segfault when it is tryig to import the module xmouse. And then the coredump showed that the segfault is when Python is trying to check the flags for the methods while importing the module.
The upstream Python developers helped and the issue was found to be a missing sentinel value which caused "PyModule_Create" to access memory beyond the end of the array.

[ Test Plan ]

 * Execute the command "mirage", which will segfault if it's not fixed.
 * With the fixed package, the "mirage" window will be displayed.

[ Where problems could occur ]

 * This is not changing any part of the code and is only adding a sentinel value to terminate the array.
 * It is already completely unusable for users, and this will not cause any more regression than what user experiences now.

[ Other Info ]

* All versions from Jammy are affected by this.
* More info at https://github.com/python/cpython/issues/113460

[ Original Bug Description ]

Newly installed mirage segfaults immediately when run.

Last few lines of strace:
mmap(NULL, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04e7f0a000
newfstatat(AT_FDCWD, "/usr/lib/python3/dist-packages/mirage", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
newfstatat(AT_FDCWD, "/usr/lib/python3/dist-packages/mirage/imgfuncs.cpython-310-x86_64-linux-gnu.so", {st_mode=S_IFREG|0644, st_size=14800, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/python3/dist-packages/mirage/imgfuncs.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 13
read(13, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(13, "", {st_mode=S_IFREG|0644, st_size=14800, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 16720, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 13, 0) = 0x7f04e7f05000
mmap(0x7f04e7f06000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 13, 0x1000) = 0x7f04e7f06000
mmap(0x7f04e7f07000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 13, 0x2000) = 0x7f04e7f07000
mmap(0x7f04e7f08000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 13, 0x2000) = 0x7f04e7f08000
close(13) = 0
mprotect(0x7f04e7f08000, 4096, PROT_READ) = 0
newfstatat(AT_FDCWD, "/usr/lib/python3/dist-packages/mirage", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
newfstatat(AT_FDCWD, "/usr/lib/python3/dist-packages/mirage/xmouse.cpython-310-x86_64-linux-gnu.so", {st_mode=S_IFREG|0644, st_size=14640, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/python3/dist-packages/mirage/xmouse.cpython-310-x86_64-linux-gnu.so", O_RDONLY|O_CLOEXEC) = 13
read(13, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(13, "", {st_mode=S_IFREG|0644, st_size=14640, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 16560, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 13, 0) = 0x7f04e4009000
mmap(0x7f04e400a000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 13, 0x1000) = 0x7f04e400a000
mmap(0x7f04e400b000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 13, 0x2000) = 0x7f04e400b000
mmap(0x7f04e400c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 13, 0x2000) = 0x7f04e400c000
close(13) = 0
mprotect(0x7f04e400c000, 4096, PROT_READ) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x1} ---
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault (core dumped)

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: mirage 0.11.1-1build4
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Tue Oct 25 08:30:56 2022
InstallationDate: Installed on 2022-03-03 (235 days ago)
InstallationMedia: Ubuntu 20.04.4 LTS "Focal Fossa" - Release amd64 (20220223)
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: mirage
UpgradeStatus: Upgraded to jammy on 2022-06-30 (116 days ago)

See original description
Revision history for this message
Erik Meitner (eamuwmath) wrote :
Revision history for this message
Erik Meitner (eamuwmath) wrote :

Version: 0.11.1-1build4 amd64

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in mirage (Ubuntu):
status: New → Confirmed
Revision history for this message
Erik Meitner (eamuwmath) wrote :

If I run it using faulthandler I get:

$ python3 -q -X faulthandler /usr/bin/mirage
Fatal Python error: Segmentation fault

Current thread 0x00007f52fbe571c0 (most recent call first):
  File "<frozen importlib._bootstrap>", line 241 in _call_with_frames_removed
  File "<frozen importlib._bootstrap_external>", line 1176 in create_module
  File "<frozen importlib._bootstrap>", line 571 in module_from_spec
  File "<frozen importlib._bootstrap>", line 674 in _load_unlocked
  File "<frozen importlib._bootstrap>", line 1006 in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 1027 in _find_and_load
  File "/usr/lib/python3/dist-packages/mirage/__init__.py", line 56 in <module>
  File "<frozen importlib._bootstrap>", line 241 in _call_with_frames_removed
  File "<frozen importlib._bootstrap_external>", line 883 in exec_module
  File "<frozen importlib._bootstrap>", line 688 in _load_unlocked
  File "<frozen importlib._bootstrap>", line 1006 in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 1027 in _find_and_load
  File "/usr/bin/mirage", line 110 in main
  File "/usr/bin/mirage", line 142 in <module>

Extension modules: gi._gi, cairo._cairo, gi._gi_cairo, mirage.imgfuncs (total: 4)
Segmentation fault (core dumped)

Sudip Mukherjee (sudipmuk)
Changed in mirage (Ubuntu):
status: Confirmed → In Progress
assignee: nobody → Sudip Mukherjee (sudipmuk)
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I can reproduce the bug and can confirm that it affects Jammy, Lunar, Mantic and Noble.

Bug Watch Updater (bug-watch-updater)
Changed in mirage:
status: Unknown → New
Sudip Mukherjee (sudipmuk)
Changed in mirage (Ubuntu Jammy):
status: New → In Progress
Changed in mirage (Ubuntu Lunar):
status: New → In Progress
Changed in mirage (Ubuntu Mantic):
status: New → In Progress
Changed in mirage (Ubuntu Jammy):
assignee: nobody → Sudip Mukherjee (sudipmuk)
Changed in mirage (Ubuntu Lunar):
assignee: nobody → Sudip Mukherjee (sudipmuk)
Changed in mirage (Ubuntu Mantic):
assignee: nobody → Sudip Mukherjee (sudipmuk)
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

debdiff for Noble attached.

summary: - Mirage segfaults immediately when run
+ [SRU] Mirage segfaults immediately when run
description: updated
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

debdiff for Mantic attached.

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

debdiff for Lunar.

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

debdiff for Jammy.

Changed in mirage (Ubuntu):
status: In Progress → Confirmed
Changed in mirage (Ubuntu Jammy):
status: In Progress → Confirmed
Changed in mirage (Ubuntu Lunar):
status: In Progress → Confirmed
Changed in mirage (Ubuntu Mantic):
status: In Progress → Confirmed
assignee: Sudip Mukherjee (sudipmuk) → nobody
Changed in mirage (Ubuntu Lunar):
assignee: Sudip Mukherjee (sudipmuk) → nobody
Changed in mirage (Ubuntu Jammy):
assignee: Sudip Mukherjee (sudipmuk) → nobody
Changed in mirage (Ubuntu):
assignee: Sudip Mukherjee (sudipmuk) → nobody
Graham Inggs (ginggs)
Changed in mirage (Ubuntu):
assignee: nobody → Graham Inggs (ginggs)
status: Confirmed → In Progress
Revision history for this message
Graham Inggs (ginggs) wrote :

Sudip, thanks for pursuing a fix for LTO, instead of just disabling it!

I've sponsored uploads for noble (as 0.11.1-1ubuntu1), mantic and jammy. We don't need the ubuntu0.xx.yy.1 version for the development release. I don't think it's worth uploading for lunar now, with only a month before it becomes EOL.

I did run 'update-maintainer' for each upload, please remember to do this in future, it does the change in debian/control:

-Maintainer: Thomas Ross <email address hidden>
+Maintainer: Ubuntu Developers <email address hidden>
+XSBC-Original-Maintainer: Thomas Ross <email address hidden>

Changed in mirage (Ubuntu):
status: In Progress → Fix Committed
Changed in mirage (Ubuntu Jammy):
status: Confirmed → In Progress
Changed in mirage (Ubuntu Mantic):
status: Confirmed → In Progress
Changed in mirage (Ubuntu Lunar):
status: Confirmed → Opinion
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mirage - 0.11.1-1ubuntu1

---------------
mirage (0.11.1-1ubuntu1) noble; urgency=medium

  * Add sentinel value to fix segfault. (LP: #1994145)

 -- Sudip Mukherjee <email address hidden> Mon, 25 Dec 2023 00:27:06 +0000

Changed in mirage (Ubuntu):
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in mirage:
status: New → Fix Released
Revision history for this message
Timo Aaltonen (tjaalton) wrote : Please test proposed package

Hello Erik, or anyone else affected,

Accepted mirage into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/mirage/0.11.1-1ubuntu0.23.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-mantic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in mirage (Ubuntu Mantic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-mantic
Changed in mirage (Ubuntu Jammy):
status: In Progress → Fix Committed
tags: added: verification-needed-jammy
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Erik, or anyone else affected,

Accepted mirage into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/mirage/0.11.1-1ubuntu0.22.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Erik Meitner (eamuwmath) wrote :

New package works as expected on Ubuntu 22.04 x86_64. Thank you.

Sudip Mukherjee (sudipmuk)
description: updated
description: updated
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I can confirm that the mirage package in mantic-proposed has fixed the bug for me.

Test done:
1. Install mirage on a mantic installation.

2. execute "mirage" from a terminal and that fails with a segfault.

3. Add mantic-proposed to apt sources

4. Update mirage from mantic-proposed.

5. execute the command again and mirage window is displayed.

Test result: the errors with mirage has been fixed.

Package tested:

$ dpkg -l mirage
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-=======================-============-=================================
ii mirage 0.11.1-1ubuntu0.23.10.1 amd64 fast and simple GTK+ image viewer

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I can confirm that the mirage package in jammy-proposed has fixed the bug for me.

Test done:
1. Install mirage on a jammy installation.

2. execute "mirage" from a terminal and that fails with a segfault.

3. Add jammy-proposed to apt sources

4. Update mirage from jammy-proposed.

5. execute the command again and mirage window is displayed.

Test result: the errors with mirage has been fixed.

Package tested:

$ dpkg -l mirage
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-=======================-============-=================================
ii mirage 0.11.1-1ubuntu0.22.04.1 amd64 fast and simple GTK+ image viewer

tags: added: verification-done verification-done-jammy verification-done-mantic
removed: verification-needed verification-needed-jammy verification-needed-mantic
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mirage - 0.11.1-1ubuntu0.23.10.1

---------------
mirage (0.11.1-1ubuntu0.23.10.1) mantic; urgency=medium

  * Add sentinel value to fix segfault. (LP: #1994145)

 -- Sudip Mukherjee <email address hidden> Mon, 25 Dec 2023 00:49:39 +0000

Changed in mirage (Ubuntu Mantic):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for mirage has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks for the detailed and unambiguous verification

description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mirage - 0.11.1-1ubuntu0.22.04.1

---------------
mirage (0.11.1-1ubuntu0.22.04.1) jammy; urgency=medium

  * Add sentinel value to fix segfault. (LP: #1994145)

 -- Sudip Mukherjee <email address hidden> Mon, 25 Dec 2023 00:59:00 +0000

Changed in mirage (Ubuntu Jammy):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.