Segmentation fault with long master names

Bug #607244 reported by Amos Brocco on 2010-07-19
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libxi (Ubuntu)
Undecided
Unassigned

Bug Description

Running: ubuntu 10.04, amd64, libxi version 2:1.3-3

Some of the running application will segfault and others will fail to execute if a XInput master with a very long name is created.

Steps to reproduce:

1) Create a master device with a very long identifier:

xinput --create-master " Nel mezzo del cammin di nostra vita
mi ritrovai per una selva oscura
ché la diritta via era smarrita.
  Ahi quanto a dir qual era è cosa dura
5esta selva selvaggia e aspra e forte
che nel pensier rinova la paura!
  Tant'è amara che poco è più morte;
ma per trattar del ben ch'i' vi trovai,
dirò de l'altre cose ch'i' v'ho scorte.
10 Io non so ben ridir com'i' v'intrai,
tant'era pien di sonno a quel punto
che la verace via abbandonai.
  Ma poi ch'i' fui al piè d'un colle giunto,
là dove terminava quella valle
15che m'avea di paura il cor compunto,
  guardai in alto, e vidi le sue spalle
vestite già de' raggi del pianeta
che mena dritto altrui per ogne calle. "

2) gnome-settings-daemon will crash, and GTK/QT applications (as well as firefox) will fail to execute with a "Segmentation fault error" for example:

attila@blackbird:~/Scrivania$ dmesg
[23916.368298] gnome-settings-[28686]: segfault at 1291000 ip 00007f80d14ebefe sp 00007fffec5a3398 error 4 in libc-2.11.1.so[7f80d1465000+17a000]
[23932.166400] update-notifier[29016]: segfault at 24e9000 ip 00007fc733515ef6 sp 00007fff29881338 error 4 in libc-2.11.1.so[7fc73348f000+17a000]
[23942.341446] firefox-bin[29032]: segfault at 7fa68f400000 ip 00007fa694646f3f sp 00007ffff56be698 error 4 in libc-2.11.1.so[7fa6945c0000+17a000]
[23946.989249] firefox-bin[29046]: segfault at 7fcd0bb00000 ip 00007fcd10d5ff3f sp 00007fff749c8e28 error 4 in libc-2.11.1.so[7fcd10cd9000+17a000]
[23956.402536] qjackctl.bin[29056]: segfault at 1d8a000 ip 00007f43789c8f47 sp 00007ffffee0b488 error 4 in libc-2.11.1.so[7f4378942000+17a000]
[24021.726033] tun0: Disabled Privacy Extensions
[24079.315045] qtconfig[29313]: segfault at 1d76000 ip 00007f1c22705efe sp 00007fff0965eea8 error 4 in libc-2.11.1.so[7f1c2267f000+17a000]
[24485.351212] apport-gtk[29508]: segfault at 1971000 ip 00007fecce813ee6 sp 00007fff07745fa8 error 4 in libc-2.11.1.so[7fecce78d000+17a000]
[24549.084934] gedit[29550]: segfault at 2224000 ip 00007f628cb2bf57 sp 00007fffa168cec8 error 4 in libc-2.11.1.so[7f628caa5000+17a000]

attila@blackbird:~/Scrivania$ gedit
Segmentation fault

3) The error seems to be related to a call to XListInputDevices:

attila@blackbird:~/Scrivania$ gdb gedit
GNU gdb (GDB) 7.1-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/gedit...(no debugging symbols found)...done.
(gdb) run
Starting program: /usr/bin/gedit
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
memcpy () at ../sysdeps/x86_64/memcpy.S:427
427 ../sysdeps/x86_64/memcpy.S: Nessun file o directory.
 in ../sysdeps/x86_64/memcpy.S
(gdb) backtrace
#0 memcpy () at ../sysdeps/x86_64/memcpy.S:427
#1 0x00007ffff339d65e in XListInputDevices (dpy=0x6d1d00, ndevices=0x7fffffffe08c) at /usr/include/bits/string3.h:52
#2 0x00007ffff6ed86b1 in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#3 0x00007ffff6eb372b in gdk_display_open () from /usr/lib/libgdk-x11-2.0.so.0
#4 0x00007ffff6e820cd in gdk_display_open_default_libgtk_only () from /usr/lib/libgdk-x11-2.0.so.0
#5 0x00007ffff724c0a6 in gtk_init_check () from /usr/lib/libgtk-x11-2.0.so.0
#6 0x00007ffff724c0c9 in gtk_init () from /usr/lib/libgtk-x11-2.0.so.0
#7 0x000000000042b8cd in main ()
(gdb) quit
A debugging session is active.

 Inferior 1 [process 27979] will be killed.

Quit anyway? (y or n) y

4) Removing the master solves the problem, and gtk applications can be restarted:

xinput --remove-master " Nel mezzo del cammin di nostra vita
mi ritrovai per una selva oscura
ché la diritta via era smarrita.
  Ahi quanto a dir qual era è cosa dura
5esta selva selvaggia e aspra e forte
che nel pensier rinova la paura!
  Tant'è amara che poco è più morte;
ma per trattar del ben ch'i' vi trovai,
dirò de l'altre cose ch'i' v'ho scorte.
10 Io non so ben ridir com'i' v'intrai,
tant'era pien di sonno a quel punto
che la verace via abbandonai.
  Ma poi ch'i' fui al piè d'un colle giunto,
là dove terminava quella valle
15che m'avea di paura il cor compunto,
  guardai in alto, e vidi le sue spalle
vestite già de' raggi del pianeta
che mena dritto altrui per ogne calle. pointer"

Bryce Harrington (bryce) wrote :

Hi Amos,

        Please attach the output of `lspci -vvnn` too.

    [This is an automated message. Apologies if it has reached you inappropriately; please just reply to this message indicating so.]

tags: added: needs-xorglog
tags: added: needs-lspci-vvnn
Changed in libxi (Ubuntu):
status: New → Incomplete
Amos Brocco (mriya3) wrote :
Amos Brocco (mriya3) wrote :
Bryce Harrington (bryce) on 2010-07-22
tags: removed: needs-xorglog
tags: removed: needs-lspci-vvnn
Changed in libxi (Ubuntu):
status: Incomplete → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers