pacman crashed with SIGSEGV in is_bonus_dot()

Bug #1196251 reported by Cavsfan on 2013-06-30
200
This bug affects 21 people
Affects Status Importance Assigned to Milestone
xscreensaver (Ubuntu)
Medium
Unassigned

Bug Description

I was just selecting which xscreensavers to allow and had not gotten to pacman yet when this occurred.

ProblemType: Crash
DistroRelease: Ubuntu 13.10
Package: xscreensaver-data-extra 5.15-2ubuntu2
ProcVersionSignature: Ubuntu 3.10.0-1.8-generic 3.10.0-rc7
Uname: Linux 3.10.0-1-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.10.2-0ubuntu3
Architecture: amd64
Date: Sun Jun 30 09:56:05 2013
ExecutablePath: /usr/lib/xscreensaver/pacman
InstallationDate: Installed on 2013-06-29 (0 days ago)
InstallationMedia: Ubuntu-GNOME 13.10 "Saucy Salamander" - Alpha amd64 (20130626)
MarkForUpload: True
ProcCmdline: pacman -root -window-id 0x1803DB5
ProcEnviron:
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SegvAnalysis:
 Segfault happened at: 0x4084bf: cmp 0xdb8(%rdi),%esi
 PC (0x004084bf) ok
 source "0xdb8(%rdi)" (0x01ed2004) not located in a known VMA region (needed readable region)!
 destination "%esi" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: xscreensaver
StacktraceTop:
 ?? ()
 ?? ()
 ?? ()
 ?? ()
 __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
Title: pacman crashed with SIGSEGV in __libc_start_main()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

Cavsfan (cavsfan) wrote :
information type: Private → Public

StacktraceTop:
 is_bonus_dot (pp=pp@entry=0x1d24780, x=20, y=19, idx=idx@entry=0x7fff5eb693ec) at pacman_level.c:544
 ate_bonus_dot (mi=0x1d09c00) at pacman.c:1109
 pacman_tick (mi=0x1d09c00) at pacman.c:1181
 xlockmore_draw (dpy=<optimized out>, window=<optimized out>, closure=0x1d09c00) at xlockmore.c:497
 run_screenhack_table (ft=0x6143c0 <pacman_xscreensaver_function_table>, window2=0, window=25181621, dpy=0x1d11200) at screenhack.c:553

Changed in xscreensaver (Ubuntu):
importance: Undecided → Medium
summary: - pacman crashed with SIGSEGV in __libc_start_main()
+ pacman crashed with SIGSEGV in is_bonus_dot()
tags: removed: need-amd64-retrace
Tormod Volden (tormodvolden) wrote :

Possible off-by-one here, there are only NUM_BONUS_DOTS (4) bonus points, so index 4 is bad:
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/saucy/xscreensaver/saucy/view/head:/hacks/pacman_level.c#L542
(and on line 556)

The array of bonus_dot bonus_dots[NUM_BONUS_DOTS] is defined on http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/saucy/xscreensaver/saucy/view/head:/hacks/pacman.h#L221

Suggestion for patch: replace <= with < on lines 542 and 556.

BTW, I wonder if the stack is messed up. The stacktrace says:
#0 is_bonus_dot (pp=pp@entry=0x1d24780, x=20, y=19, idx=idx@entry=0x7fff5eb693ec) at pacman_level.c:544
        ret = 0
        i = 146321

But the loop variable "i" only goes from 0 to 4. (And should probably only go to 3.)

tags: added: bitesize
Changed in xscreensaver (Ubuntu):
status: New → Confirmed
Mamoru TASAKA (mtasaka) wrote :

gcc developer says gcc 4.8 does this type of "aggressive optimization" when loop contains undefined behavior, ref:

http://gcc.gnu.org/gcc-4.8/porting_to.html
https://lists.fedoraproject.org/pipermail/devel/2013-January/175876.html

i.e. loop may be "optimized" into endless loop.

By the way, I have sent the same patch to the upstream, which was accepted on 2013-06-10.

tags: removed: bitesize
Tormod Volden (tormodvolden) wrote :

Great, I also sent a patch upstream :) http://anonscm.debian.org/gitweb/?p=collab-maint/xscreensaver.git;a=commitdiff;h=8df7ba6597ebafe5321c66846f22ee9326902d49 but never heard back from him. So it will be fixed in Debian as soon as I get to release a 5.21 package.

Mamoru TASAKA (mtasaka) wrote :

Your patch is included in 5.22.

tags: added: bugpattern-needed
tags: added: trusty
Launchpad Janitor (janitor) wrote :
Download full text (5.4 KiB)

This bug was fixed in the package xscreensaver - 5.26-1ubuntu1

---------------
xscreensaver (5.26-1ubuntu1) utopic; urgency=low

  * Dropped Ubuntu changes:
    - Ubuntu delta to the screensavers sets.
    - Keep Debian Vcs-* links instead of the ~ubuntu-desktop team bzr
      repository: the Desktop team does not have interest any more.
    - The Ubuntu changes to the descriptions.
  * Merge from Debian unstable. (LP: #1283459) Remaining changes:
    - debian/control:
      + Breaks/Replaces: the old changes are not needed anymore, but the
        new changes the screensavers sets needs it.
    - debian/rules:
      + Use /usr/share/backgrounds as image directory.
      + Add translation domain to .desktop files.
    - debian/source_xscreensaver.py:
      + Add apport hook.
    - debian/xscreensaver.dirs:
      + Install /usr/share/backgrounds. By default, settings search in
        /usr/share/backgrounds and without it, it displays an error.
    - debian/patch/90_ubuntu-branding.patch: Use Ubuntu branding.
    - debian/patches/60_sequential_glslideshow.patch:
      + Allow going through images sequentially rather than just at random in
        the GLSlideshow hack.

xscreensaver (5.26-1) unstable; urgency=low

  * New upstream release 5.26, changes since 5.23:
    - Updated feed-loading for recent Flickr changes.
    - Updated `webcollage' for recent Google changes.
    - Added Instagram and Bing as `webcollage' image sources.
    - Updated to latest autoconf.
    - Bug fixes.
  * Drop patch applied upstream:
    - debian/patches/12_upstream_use_cppflags.patch
  * Bump Standards-Version to 3.9.5 (no changes needed)

xscreensaver (5.23-1) unstable; urgency=low

  * New upstream release 5.23 (Closes: #729311)
    - New hack, geodesic
    - More heuristics for using RSS feeds as image sources
    - Improved Wikipedia parser
    - Updated webcollage for recent Flickr changes
    - Added Android to bsod
    - Made quasicrystal work on weak graphics cards
    - Better compression on icons, plists and XML files
    - Reverted that DEACTIVATE change. Bad idea.
    - Phosphor now supports amber as well as green
  * Dropped patches applied upstream:
    - 12_upstream_quasicrystal_texture_width.patch
    - 14_upstream_hexadrop_keyboard_exit.patch
    - 15_upstream_activate_faster_nontty.patch
  * debian/patches/12_upstream_use_cppflags.patch:
    Make sure CPPFLAGS are used (fixes hardening warnings)
  * debian/control: Update VCS fields (fixes Lintian warning)

xscreensaver (5.22-1) unstable; urgency=low

  * New upstream release 5.22 (Closes: #699833), changes since 5.15:
    - XInput devices now also ignore small mouse motions
    - Loading images via RSS feeds is much improved
    - Enlarged the texture image for lament
    - Made pipes be ridiculously less efficient, but spin
    - Added better mouse control to rubik, cube21, crackberg, and julia
    - Cosmetic improvements to queens and endgame
    - sonar can now ping local subnet on DHCP
    - Most savers now resize/rotate properly
    - New version of `fireworkx'
    - Minor fixes to `distort', `fontglide', `xmatrix'
    - New MacOS crash in `bsod'
    - New mode in `lcdscrub'
    - Gnome/KD...

Read more...

Changed in xscreensaver (Ubuntu):
status: Confirmed → Fix Released
Chris Hurley (the-xtreem) wrote :

can we please get this in the Trusty repos?

Hi, can you please advise me on the how to.
Would appreciate it.
Regards
Eric Tennant

Cavsfan (cavsfan) wrote :

What how to?

On 05/12/2015 01:47 PM, eric tennant wrote:
> Hi, can you please advise me on the how to.
> Would appreciate it.
> Regards
> Eric Tennant
>

To post a comment you must log in.