file-roller crashed with SIGSEGV in g_strdup()

Bug #1058475 reported by Mitsuya Shibata on 2012-09-29
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
File Roller
Fix Released
Medium
file-roller (Ubuntu)
Medium
Unassigned

Bug Description

How to reproduce:
1. use i386, not reproducable on amd64.
2. open archive file with file-roller
3. Add files
4. occurs SEGV

ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: file-roller 3.6.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.5.0-15.23-generic 3.5.4
Uname: Linux 3.5.0-15-generic i686
ApportVersion: 2.5.2-0ubuntu4
Architecture: i386
Date: Sat Sep 29 13:37:18 2012
ExecutablePath: /usr/bin/file-roller
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Beta i386 (20120926)
ProcCmdline: file-roller test.tgz
ProcEnviron:
 TERM=xterm
 SHELL=/bin/bash
 PATH=(custom, no user)
 LANG=ja_JP.UTF-8
SegvAnalysis:
 Segfault happened at: 0xb6b703f6 <__strlen_sse2_bsf+22>: movdqu (%edi),%xmm1
 PC (0xb6b703f6) ok
 source "(%edi)" (0x00000009) not located in a known VMA region (needed readable region)!
 destination "%xmm1" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: file-roller
StacktraceTop:
 g_strdup () from /lib/i386-linux-gnu/libglib-2.0.so.0
 ?? () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
 ?? () from /usr/lib/i386-linux-gnu/libgtk-3.so.0
 gtk_list_store_set_valist () from /usr/lib/i386-linux-gnu/libgtk-3.so.0
 gtk_list_store_set () from /usr/lib/i386-linux-gnu/libgtk-3.so.0
Title: file-roller crashed with SIGSEGV in g_strdup()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
XsessionErrors:
 (gnome-settings-daemon:1303): color-plugin-WARNING **: failed to get edid: unable to get EDID for output
 (gnome-settings-daemon:1303): color-plugin-WARNING **: unable to get EDID for xrandr-default: unable to get EDID for output
 (gnome-settings-daemon:1303): color-plugin-WARNING **: failed to reset xrandr-default gamma tables: gamma size is zero
 (gnome-settings-daemon:1303): color-plugin-WARNING **: unable to get EDID for xrandr-default: unable to get EDID for output
 (gnome-settings-daemon:1303): color-plugin-WARNING **: failed to reset xrandr-default gamma tables: gamma size is zero

Mitsuya Shibata (cosmos-door) wrote :

StacktraceTop:
 g_strdup (str=0x9 <Address 0x9 out of bounds>) at /build/buildd/glib2.0-2.34.0/./glib/gstrfuncs.c:363
 value_collect_string (value=0xbf88f61c, n_collect_values=1, collect_values=0xbf88f630, collect_flags=0) at /build/buildd/glib2.0-2.34.0/./gobject/gvaluetypes.c:293
 set_dest_row (context=0x0, drop_append_mode=<optimized out>, empty_view_drop=<optimized out>, dest_row=<optimized out>, model=<optimized out>) at /build/buildd/gtk+3.0-3.6.0/./gtk/gtkiconview.c:6055
 ?? ()

Changed in file-roller (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Mitsuya Shibata (cosmos-door) wrote :

Reason:
Modified Order store GTimeVal.tv_sec[1]. GTimeVal.tv_sec is glong,
but ui file[2] specify size as gint64. Therefore no problem on 64bit,
on the other hand raise SEGV on 32bit by memory address boundary problem.

Finally invalid address which is index of GtkListStore is passed
to g_strdup() as memory address.

[1] see calling gtk_list_store_set() at get_folder_content_done_cb()
    in src/fr-file-selector-dialog.c
[2] src/ui/file-selector.ui:296

I sent patch to upstream.

Changed in file-roller:
importance: Unknown → Medium
status: Unknown → Fix Released
Sebastien Bacher (seb128) wrote :
visibility: private → public
Changed in file-roller (Ubuntu):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package file-roller - 3.6.0-0ubuntu3

---------------
file-roller (3.6.0-0ubuntu3) quantal; urgency=low

  * debian/patches/git_add_files_i386.patch:
    - resolve 'add files' segfault on 32 bits (lp: #1058475)
  * debian/patches/git_fix_encrypted_archive.patch:
    - "Compress dialog: fixed creation of encrypted archives"
  * debian/patches/git_multi_file_segfault.patch:
    - don't segfault when opening archive made for multiple files
 -- Sebastien Bacher <email address hidden> Fri, 05 Oct 2012 17:05:06 +0200

Changed in file-roller (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.