Abiword invalid free() upon "Select Revision"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AbiWord |
Fix Released
|
Critical
|
|||
abiword (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: abiword
Ubuntu 8.10 with abiword 2.6.4-4ubuntu4 on x86. Follow these steps to always create a core dump:
1. Start Abiword, and create an initial revision (Tools-
2. Make some changes, and then start a new revision (Tools-
3. Uncheck "Mark Revisions as you type" (Tools-
4. Press "Select Revision" ((Tools-
5. Watch as Abiword dumps core.
Attached is the glibc printout from the invalid free()
'thread apply all bt' from the core dump:
Thread 2 (process 3800):
#0 0xb7ffa430 in __kernel_vsyscall ()
#1 0xb71fe3a2 in pthread_
#2 0xb73170bd in ?? () from /usr/lib/
#3 0xb7704269 in ?? () from /usr/lib/
#4 0xb7704367 in g_async_
#5 0xb7756633 in ?? () from /usr/lib/
#6 0xb775502f in ?? () from /usr/lib/
#7 0xb71fa50f in start_thread () from /lib/tls/
#8 0xb71777ee in clone () from /lib/tls/
Thread 1 (process 3798):
#0 0xb7ffa430 in __kernel_vsyscall ()
#1 0xb70c1880 in raise () from /lib/tls/
#2 0xb70c3248 in abort () from /lib/tls/
#3 0xb70ff10d in ?? () from /lib/tls/
#4 0xb71053f4 in ?? () from /lib/tls/
#5 0xb7107456 in free () from /lib/tls/
#6 0xb7732c06 in g_free () from /usr/lib/
#7 0x083a8ae9 in AP_UnixDialog_
#8 0x083a8cf0 in AP_UnixDialog_
#9 0x083a8d6d in AP_UnixDialog_
#10 0x0816b054 in ap_EditMethods:
#11 0x08293664 in EV_Menu:
#12 0x0829690a in EV_UnixMenu:
#13 0xb77c63d4 in g_cclosure_
#14 0xb77b8c4b in g_closure_invoke () from /usr/lib/
#15 0xb77cf095 in ?? () from /usr/lib/
#16 0xb77d07ac in g_signal_
#17 0xb77d0c26 in g_signal_emit () from /usr/lib/
#18 0xb7e3e477 in gtk_widget_activate () from /usr/lib/
#19 0xb7d30f70 in gtk_menu_
#20 0xb7d32b4d in ?? () from /usr/lib/
#21 0xb7d294fb in ?? () from /usr/lib/
#22 0xb7d23036 in ?? () from /usr/lib/
#23 0xb77b73c9 in ?? () from /usr/lib/
#24 0xb77b8c4b in g_closure_invoke () from /usr/lib/
#25 0xb77ced3d in ?? () from /usr/lib/
#26 0xb77d062b in g_signal_
#27 0xb77d0c26 in g_signal_emit () from /usr/lib/
#28 0xb7e3833e in ?? () from /usr/lib/
#29 0xb7d1bb4c in gtk_propagate_event () from /usr/lib/
#30 0xb7d1cef7 in gtk_main_do_event () from /usr/lib/
#31 0xb7a7750a in ?? () from /usr/lib/
#32 0xb772a6f8 in g_main_
#33 0xb772dda3 in ?? () from /usr/lib/
#34 0xb772e2c2 in g_main_loop_run () from /usr/lib/
#35 0xb7d1d3a9 in gtk_main () from /usr/lib/
#36 0x0814f715 in AP_UnixApp::main ()
#37 0x0814d10a in main ()
Changed in abiword: | |
status: | Unknown → Confirmed |
Changed in abiword: | |
status: | Confirmed → Fix Released |
Changed in abiword: | |
importance: | Unknown → Critical |
I can confirm this bug. I was able to reproduce it using Xubuntu 8.10 and AbiWord 2.6.4-4ubuntu4 on 64-bit system. The same behavior happens in Jaunty 9.04 development with AbiWord 2.6.4-5ubuntu1.
This has been reported upstream as http:// bugzilla. abisource. com/show_ bug.cgi? id=11959
Please make comments there.
Thanks for helping improve Ubuntu.