transmission crashed with SIGSEGV in g_markup_escape_text()

Bug #414129 reported by Sokolov Sergey on 2009-08-15
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Fix Released
transmission (Ubuntu)

Bug Description

Binary package hint: transmission

It happened just after start.

System is Alpha4 of Ubuntu Karmic amd64. This bug was in previous versions, but in that report it'a closed and fix released. ( )

ProblemType: Crash
Architecture: amd64
Date: Sat Aug 15 18:42:50 2009
DistroRelease: Ubuntu 9.10
ExecutablePath: /usr/bin/transmission
NonfreeKernelModules: nvidia
Package: transmission-gtk 1.73-1ubuntu1
ProcCmdline: transmission
ProcVersionSignature: Ubuntu 2.6.28-11.42-generic
 Segfault happened at: 0x7fb1b5f5e1e0 <g_markup_escape_text+80>: movzbl (%rbx),%eax
 PC (0x7fb1b5f5e1e0) ok
 source "(%rbx)" (0x02674000) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: transmission
 g_markup_escape_text ()
 ?? () from /usr/lib/
 g_object_set_valist ()
 g_object_set () from /usr/lib/
 ?? ()
Title: transmission crashed with SIGSEGV in g_markup_escape_text()
Uname: Linux 2.6.28-11-generic x86_64
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

StacktraceTop:IA__g_markup_escape_text (
gtk_widget_set_property (object=0xc25480,
IA__g_object_set_valist (object=0xc25480,
IA__g_object_set (_object=0xc25480,
prefsChanged (core=<value optimized out>,

Changed in transmission (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
visibility: private → public
Charles Kerr (charlesk) wrote :

This is fixed in 1.75.

What's happening is we're snprintf()ing the tooltip text into a fixed character array, then passing that array to gtk_widget_set_tooltip_text(). The static buffer is too small for some translations, causing the tooltip text to be truncated in the middle of a multibyte utf-8 character.

Fix confirmed by Michael Stoykov in this sibling ticket at Fedora:

Charles Kerr (charlesk) wrote :

This is fixed in 1.75, which is a bugfix release put out on 13 Sept 2009

Changed in transmission:
status: Unknown → Fix Released
Charles Kerr (charlesk) on 2009-09-15
Changed in transmission (Ubuntu):
status: New → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package transmission - 1.75-0ubuntu1

transmission (1.75-0ubuntu1) karmic; urgency=low

  * New upstream version (LP: #429483)
    - Don't wait so long on unresponsive trackers if there are other trackers
      to try
    - Adding corrupt/invalid torrents could crash Transmission
    - Fix 1.74 bug that caused a high CPU load on startup
    - Fix 1.74 bug that stopped multitracker if a single tracker sent an error
    - Fix bug in converting other charsets to UTF-8 (LP: #414129)
    - Handle HTTP redirects more gracefully
    - Faster verification of local data for torrents with small piece size
    - Fix 1.74 build error when compiling without DHT
    - Fix "sort by time remaining"
    - Fix the turtle toggle button on old versions of GTK+
    - Fix startup error if another copy of the Transmission GTK client is
      running (LP: #418853)
    - Fix clang build issue
  * Refreshed patches:
    - 99_autoreconf.patch

 -- Krzysztof Klimonda <email address hidden> Wed, 23 Sep 2009 10:01:22 +0200

Changed in transmission (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.