Rhythmbox crashed with SIGSEGV importing PLS file exported by Rhythmbox

Asking novice/naive users to edit a file in /etc is a horrible barrier to entry for reporting bugs.

If you're going to unilaterally/automatically invalidate perfectly good bug reports because they don't have this extra data, you need to enable a GUI way for people to turn apport on.

Seriously, bad call, guys.

StacktraceTop:?? ()

Thanks for your bug report. Please try to obtain a backtrace http://wiki.ubuntu.com/DebuggingProgramCrash and attach the file to the bug report. This will greatly help us in tracking down your problem.

We are closing this bug report as it lacks the information, described in the previous comments, we need to investigate the problem further. However, please reopen it if you can give us the missing information and don't hesitate to submit bug reports in the future.

Here's the stacktrace. I went through the steps to create it manually, as the link specified. Does this mean the built-in crash reporting tools aren't even giving you what you need?

Please let me know if there's more info I can provide. Importing playlists seems like a pretty fundamental feature for a music player. :)

This is due to a mismatch between the signal definition and the signal arguments passed by rhythmbox:

rhythmbox-0.11.5/shell/rb-playlist-manager.c:

playlist_load_ended_cb (TotemPlParser *parser, const char *uri, GHashTable *metadata, RBPlaylistManager *mgr)

...
                g_signal_connect_object (parser, "playlist-ended",

                                         G_CALLBACK (playlist_load_ended_cb),

                                         mgr, 0);

totem-pl-parser-2.22.3/plparse/totem-pl-parser.c:

        totem_pl_parser_table_signals[PLAYLIST_ENDED] =

                g_signal_new ("playlist-ended",

                              G_TYPE_FROM_CLASS (klass),

                              G_SIGNAL_RUN_LAST,

                              G_STRUCT_OFFSET (TotemPlParserClass, playlist_ended),

                              NULL, NULL,

                              g_cclosure_marshal_VOID__STRING,

                              G_TYPE_NONE, 1, G_TYPE_STRING);

"metadata" is not valid, and will crash when opening _any_ playlist.

Attaching my retraced backtrace...

trace matches http://bugzilla.gnome.org/show_bug.cgi?id=525901 ; which is fixed upstream now, thanks.

the new 0.11.5.90 version uploaded to intrepid fixes the issue, closing the bug

On Fri, Jun 27, 2008 at 23:08, Kees Cook wrote:
>
> Thanks for the bug report. This is actually not a security problem, but
> rather an unusual looking crash in the heap, and has already been
> reported. I am marking this as a duplicate. Please feel free to report
> any other issues you might find.

Kees, thanks for your comment.

Do you mean it is not exploitable so that arbitrary code execution is
impossible?

If a user opens a malicious playlist file, the worst that can happen
is that her Rhythmbox would just crash. Is that correct?

References:
https://bugs.launchpad.net/ubuntu/+source/rhythmbox/+bug/243488 (duplicate)
https://bugs.launchpad.net/ubuntu/+source/rhythmbox/+bug/235829

That's correct. I see no evidence of the dereference being 3rd party controllable.