Ubuntu

xfce4-terminal crashed with SIGSEGV in magazine_chain_pop_head()

Reported by pqwoerituytrueiwoq on 2013-07-31
80
This bug affects 13 people
Affects Status Importance Assigned to Milestone
xfce4-terminal
Unknown
Unknown
xfce4-terminal (Debian)
Fix Released
Unknown
xfce4-terminal (Fedora)
Unknown
Unknown
xfce4-terminal (Ubuntu)
Medium
Unassigned
Saucy
Undecided
Unassigned

Bug Description

[Impact]

When the user opens the encoding menu, xfce4-terminal crashes. This is caused by inappropriate handling of the radio item group used in the menu.

All open xfce4-terminal windows get killed, as they are all the same process. In addition, anything launched from a terminal window, including backgrounded and/or GUI apps, also gets killed. This can lead to a lot of unsaved work getting lost.

The fix does two things: first, simply don't add the non-radio items to the radio item group. Secondly, build the radio item group the way described in the Gtk+ documentation.

[Test Case]

Run xfce4-terminal and click Terminal -> Set Encoding.

[Regression Potential]

Minimal. Currently the crash happens 100% of the time when calling a particular function, and that function is the only one modified by the patch.

The patched xfce4-terminal is available in ppa:a-j-buxton/xfce

--

Tried to open the set encoding menu sub menu under the terminal menu

expected to see a list including UTF-8 bun instead it crashed instead of showing a menu

ProblemType: Crash
DistroRelease: Ubuntu 13.10
Package: xfce4-terminal 0.6.2-3ubuntu1
ProcVersionSignature: Ubuntu 3.10.0-6.17-generic 3.10.3
Uname: Linux 3.10.0-6-generic x86_64
ApportVersion: 2.11-0ubuntu1
Architecture: amd64
Date: Tue Jul 30 20:42:33 2013
ExecutablePath: /usr/bin/xfce4-terminal
InstallationDate: Installed on 2013-07-27 (3 days ago)
InstallationMedia: Xubuntu 13.10 "Saucy Salamander" - Alpha amd64 (20130727)
MarkForUpload: True
ProcCmdline: xfce4-terminal
ProcEnviron:
 LANGUAGE=en_US
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SegvAnalysis:
 Segfault happened at: 0x7f7086d60767 <g_slice_alloc+167>: mov (%rbx),%rax
 PC (0x7f7086d60767) ok
 source "(%rbx)" (0x00000010) not located in a known VMA region (needed readable region)!
 destination "%rax" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: xfce4-terminal
StacktraceTop:
 g_slice_alloc () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
 g_slice_alloc0 () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
 ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
 ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
 g_type_create_instance () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
Title: xfce4-terminal crashed with SIGSEGV in g_slice_alloc()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

information type: Private → Public

StacktraceTop:
 magazine_chain_pop_head (magazine_chunks=0x7f708add4660) at /build/buildd/glib2.0-2.37.3/./glib/gslice.c:545
 thread_memory_magazine1_alloc (tmem=<optimized out>, ix=0) at /build/buildd/glib2.0-2.37.3/./glib/gslice.c:848
 g_slice_alloc (mem_size=mem_size@entry=16) at /build/buildd/glib2.0-2.37.3/./glib/gslice.c:1007
 g_slice_alloc0 (mem_size=mem_size@entry=16) at /build/buildd/glib2.0-2.37.3/./glib/gslice.c:1042
 g_object_notify_queue_freeze (object=0x7f708afe3db0, conditional=conditional@entry=0) at /build/buildd/glib2.0-2.37.3/./gobject/gobject.c:237

Changed in xfce4-terminal (Ubuntu):
importance: Undecided → Medium
summary: - xfce4-terminal crashed with SIGSEGV in g_slice_alloc()
+ xfce4-terminal crashed with SIGSEGV in magazine_chain_pop_head()
tags: removed: need-amd64-retrace
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in xfce4-terminal (Ubuntu):
status: New → Confirmed
David Pires (slickymaster) wrote :

I was able to reproduced it.

System specs:
slickymaster@VirtualBox:~$ lsb_release -a && uname -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu Saucy Salamander (development branch)
Release: 13.10
Codename: saucy
Linux VirtualBox 3.10.0-5-generic #15-Ubuntu SMP Wed Jul 24 19:44:23 UTC 2013 i686 i686 i686 GNU/Linux

Hardware specs:
http://phillw.net/hardware/Ed3c22qV

I can confirm this reproducible crash. Xubuntu Saucy Beta 2.

Jackson Doak (noskcaj) wrote :

There appears to be a patch in upstream. The next steps would be adding the patch to ubuntu and seeing if it affects debian

That patch is available in one of my ppas - ppa:a-j-buxton/xfce - use at
your own risk of course.
On 28 Oct 2013 07:01, "Jackson Doak" <email address hidden> wrote:

> ** Bug watch added: Red Hat Bugzilla #1015850
> https://bugzilla.redhat.com/show_bug.cgi?id=1015850
>
> ** Also affects: xfce4-terminal (Fedora) via
> https://bugzilla.redhat.com/show_bug.cgi?id=1015850
> Importance: Unknown
> Status: Unknown
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1206739
>
> Title:
> xfce4-terminal crashed with SIGSEGV in magazine_chain_pop_head()
>
> Status in XFCE4 Terminal Emulator:
> Unknown
> Status in “xfce4-terminal” package in Ubuntu:
> Confirmed
> Status in “xfce4-terminal” package in Fedora:
> Unknown
>
> Bug description:
> Tried to open the set encoding menu sub menu under the termianl menu
>
> expected to see a list including UTF-8 bun instead it crashed instead
> of showowing a menu
>
> ProblemType: Crash
> DistroRelease: Ubuntu 13.10
> Package: xfce4-terminal 0.6.2-3ubuntu1
> ProcVersionSignature: Ubuntu 3.10.0-6.17-generic 3.10.3
> Uname: Linux 3.10.0-6-generic x86_64
> ApportVersion: 2.11-0ubuntu1
> Architecture: amd64
> Date: Tue Jul 30 20:42:33 2013
> ExecutablePath: /usr/bin/xfce4-terminal
> InstallationDate: Installed on 2013-07-27 (3 days ago)
> InstallationMedia: Xubuntu 13.10 "Saucy Salamander" - Alpha amd64
> (20130727)
> MarkForUpload: True
> ProcCmdline: xfce4-terminal
> ProcEnviron:
> LANGUAGE=en_US
> PATH=(custom, no user)
> XDG_RUNTIME_DIR=<set>
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SegvAnalysis:
> Segfault happened at: 0x7f7086d60767 <g_slice_alloc+167>: mov
> (%rbx),%rax
> PC (0x7f7086d60767) ok
> source "(%rbx)" (0x00000010) not located in a known VMA region (needed
> readable region)!
> destination "%rax" ok
> SegvReason: reading NULL VMA
> Signal: 11
> SourcePackage: xfce4-terminal
> StacktraceTop:
> g_slice_alloc () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
> g_slice_alloc0 () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
> ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> g_type_create_instance () from
> /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> Title: xfce4-terminal crashed with SIGSEGV in g_slice_alloc()
> UpgradeStatus: No upgrade log present (probably fresh install)
> UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/xfce4-terminal/+bug/1206739/+subscriptions
>

Alistair Buxton (a-j-buxton) wrote :
description: updated
description: updated

The attachment "fix-encoding-menu.diff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Julian Taylor (jtaylor) on 2013-11-11
Changed in xfce4-terminal (Ubuntu):
assignee: nobody → Julian Taylor (jtaylor)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xfce4-terminal - 0.6.2-3ubuntu2

---------------
xfce4-terminal (0.6.2-3ubuntu2) trusty; urgency=low

  * Fix encoding menu crash. (LP: #1206739)
    - Don't add non-radio items to the radio item group.
    - Don't leak list nodes by prepending twice to the same list.
 -- Alistair Buxton <email address hidden> Thu, 24 Oct 2013 01:01:14 +0100

Changed in xfce4-terminal (Ubuntu):
status: Confirmed → Fix Released
Julian Taylor (jtaylor) wrote :

I have uploaded the fix to saucy-proposed, thanks for the patch

please test it when it has been accepted, the release team will post instructions in this bug.

Changed in xfce4-terminal (Ubuntu):
assignee: Julian Taylor (jtaylor) → nobody
Changed in xfce4-terminal (Ubuntu Saucy):
status: New → Triaged

Hello pqwoerituytrueiwoq, or anyone else affected,

Accepted xfce4-terminal into saucy-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/xfce4-terminal/0.6.2-3ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in xfce4-terminal (Ubuntu Saucy):
status: Triaged → Fix Committed
tags: added: verification-needed
Changed in xfce4-terminal (Debian):
status: Unknown → New
Changed in xfce4-terminal (Debian):
status: New → Fix Released

Package from saucy-proposed (0.6.2-3ubuntu1.1) fixed this bug for me.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xfce4-terminal - 0.6.2-3ubuntu1.1

---------------
xfce4-terminal (0.6.2-3ubuntu1.1) saucy-proposed; urgency=low

  * Fix encoding menu crash. (LP: #1206739)
    - Don't add non-radio items to the radio item group.
    - Don't leak list nodes by prepending twice to the same list.
 -- Alistair Buxton <email address hidden> Thu, 24 Oct 2013 01:01:14 +0100

Changed in xfce4-terminal (Ubuntu Saucy):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for xfce4-terminal has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.