Bug 439246

Summary:	media-gfx/gthumb-3.0.0 - segmentation fault in strlen(""), called from g_str_has_prefix at gstrfuncs.c:2774
Product:	Gentoo Linux	Reporter:	Juergen Rose <rose>
Component:	Current packages	Assignee:	Gentoo Linux Gnome Desktop Team <gnome>
Status:	RESOLVED TEST-REQUEST
Severity:	normal	CC:	toolchain
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Juergen Rose 2012-10-22 09:57:35 UTC

Starting gthumb it crashes since totay with Segmentation fault:

rose@impala:/home_impala/rose/Txt/Pictures/IBMT_Oder_Fahrradtour/Juergen(6)$ gdb gthumb
GNU gdb (Gentoo 7.5 p1) 7.5
...
Reading symbols from /usr/bin/gthumb...Reading symbols from /usr/lib64/debug/usr/bin/gthumb.debug...done.
done.
(gdb) run
Starting program: /usr/bin/gthumb 
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffe84ef700 (LWP 29475)]
[New Thread 0x7fffe7cee700 (LWP 29476)]
[New Thread 0x7fffcd744700 (LWP 29477)]
[New Thread 0x7fffdc90b700 (LWP 29478)]
Error: Directory NikonPreview with 8224 entries considered invalid; not read.
Error: Directory NikonPreview with 8224 entries considered invalid; not read.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffcd744700 (LWP 29477)]
0x00007ffff4501b71 in ?? () from /lib64/libc.so.6
(gdb) bt f
#0  0x00007ffff4501b71 in ?? () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007ffff4da3679 in g_str_has_prefix (str=0x7fffc809c000 "", prefix=0x7ffff58ff7bd "user.") at gstrfuncs.c:2774
        str_len = <optimized out>
        prefix_len = <optimized out>
        __PRETTY_FUNCTION__ = "g_str_has_prefix"
#2  0x00007ffff58c9135 in get_xattrs (path=0x1289290 "/net/caiman/home_caiman/rose/Txt/Pictures/Potsdam/DSC_0862.JPG", user=0, info=0x7fffc800a010, matcher=<optimized out>, 
    follow_symlinks=1) at glocalfileinfo.c:489
        all = <optimized out>
        list_size = <optimized out>
        list_res_size = 276040064345
        len = <optimized out>
        list = 0x7fffc8008e60 "system.nfs4_acl"
        attr = 0x7fffc809c000 ""
        attr2 = <optimized out>
#3  0x00007ffff58ca1be in _g_local_file_info_get (basename=<optimized out>, path=0x1289290 "/net/caiman/home_caiman/rose/Txt/Pictures/Potsdam/DSC_0862.JPG", 
    attribute_matcher=<optimized out>, flags=G_FILE_QUERY_INFO_NONE, parent_info=0x7fffcd743be0, error=<optimized out>) at glocalfileinfo.c:1731
        info = 0x7fffc800a010
        statbuf = {st_dev = 33, st_ino = 14947839, st_nlink = 1, st_mode = 33188, st_uid = 1203, st_gid = 1000, __pad0 = 0, st_rdev = 0, st_size = 6677832, st_blksize = 1048576, 
          st_blocks = 13048, st_atim = {tv_sec = 1348956000, tv_nsec = 0}, st_mtim = {tv_sec = 1349003172, tv_nsec = 0}, st_ctim = {tv_sec = 1349041189, tv_nsec = 470047995}, 
          __unused = {0, 0, 0}}
        statbuf2 = {st_dev = 140736548845072, st_ino = 140736548844144, st_nlink = 19518688, st_mode = 4119633093, st_uid = 32767, st_gid = 33, __pad0 = 0, st_rdev = 14942324, 
          st_size = 4, st_blksize = 5166845673965, st_blocks = 1000, st_atim = {tv_sec = 0, tv_nsec = 4096}, st_mtim = {tv_sec = 1048576, tv_nsec = 8}, st_ctim = {
            tv_sec = 1295835646, tv_nsec = 146131950}, __unused = {0, 123928349, 1349126836}}
        stat_ok = <optimized out>
        is_symlink = <optimized out>
        symlink_broken = <optimized out>
        symlink_target = 0x0
        vfs = <optimized out>
        class = <optimized out>
        device = <optimized out>
#4  0x00007ffff58c54ac in g_local_file_query_info (file=0x129d4e0, attributes=<optimized out>, flags=G_FILE_QUERY_INFO_NONE, cancellable=<optimized out>, error=0x7fffcd743c58)
    at glocalfile.c:1197
        local = 0x129d4e0
        info = <optimized out>
        matcher = 0x7fffc8003270
        basename = 0x7fffc8008ee0 "DSC_0862.JPG"
        dirname = 0x7fffc8003610 ""
        parent_info = {writable = 1, is_sticky = 0, has_trash_dir = 0, owner = 1203, device = 33, extra_data = 0x0, free_extra_data = 0x0}
#5  0x00007ffff5831b9a in query_info_async_thread (res=0x12ffd60, object=0x129d4e0, cancellable=0x1302e30) at gfile.c:4851
        error = 0x0
        data = 0x11b6130
        info = <optimized out>
#6  0x00007ffff5859f0d in run_in_thread (job=<optimized out>, c=0x1302e30, _data=0x12ff5a0) at gsimpleasyncresult.c:861
        data = 0x12ff5a0
        simple = 0x12ffd60
        source = <optimized out>
#7  0x00007ffff5849dae in io_job_thread (data=0x12887d0, user_data=<optimized out>) at gioscheduler.c:177
        job = 0x12887d0
        result = <optimized out>
#8  0x00007ffff4da9410 in g_thread_pool_thread_proxy (data=<optimized out>) at gthreadpool.c:309
        task = 0x12887d0
        pool = 0x1115480
#9  0x00007ffff4da8b75 in g_thread_proxy (data=0x111df20) at gthread.c:801
        thread = 0x111df20
#10 0x00007ffff4831006 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#11 0x00007ffff4565bad in clone () from /lib64/libc.so.6
No symbol table info available.
(gdb) cont



root@impala:/root(13)# emerge --info
Portage 2.1.11.30 (default/linux/amd64/10.0, gcc-4.6.3, glibc-2.15-r3, 3.6.2-gentoo x86_64)
=================================================================
System uname: Linux-3.6.2-gentoo-x86_64-AMD_Phenom-tm-_II_X4_965_Processor-with-gentoo-2.2
Timestamp of tree: Mon, 22 Oct 2012 06:00:01 +0000
app-shells/bash:          4.2_p37
dev-java/java-config:     2.1.12
dev-lang/python:          2.7.3-r2, 3.2.3-r1
dev-util/cmake:           2.8.9-r1
dev-util/pkgconfig:       0.27.1
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.11.1
sys-apps/sandbox:         2.6
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.9.6-r3, 1.10.3, 1.11.6, 1.12.4
sys-devel/binutils:       2.22.90
sys-devel/gcc:            4.6.3
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4.2
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.6 (virtual/os-headers)
sys-libs/glibc:           2.15-r3
Repositories: gentoo x11 bicatali science sage-on-gentoo dilfridge sunrise lisp java-overlay lordvan x-portage x-cpan g-octave
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA PUEL Intel-SDP dlj-1.1 skype-eula skype-4.0.0.7-copyright googleearth AdobeFlash-10.3 cadsoft Oracle-BCLA-JavaSE MakeMKV-EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=amdfam10 -O2 -g"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa /var/lib/hsqldb"
CONFIG_PROTECT_MASK="${EPREFIX}/etc/gconf /etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.4/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=amdfam10 -O2 -g"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles news noclean parallel-fetch protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="de fr ru"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/var/lib/layman/x11 /var/lib/layman/bicatali /var/lib/layman/science /var/lib/layman/sage-on-gentoo /var/lib/layman/dilfridge /var/lib/layman/sunrise /var/lib/layman/lisp /var/lib/layman/java-overlay /var/lib/layman/lordvan /usr/local/portage /var/lib/cpan /var/lib/g-octave"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext 64bit R X Xaw3d a52 aac accessibility acl acpi admin afs alsa amd64 ao apache2 apng applet archive arpack asf aspell assistant atlas audacious audiofile automap automount bash-completion berkdb blas blast bluetooth bluray boo boost bzip2 cairo cdda cddb cdf cdio cdparanoia cdr cg cgi chm cli consolekit corba cracklib crypt css cuda cups curl cxx daap db dbi dbm dbus declarative designer devhelp device-mapper dga dia dirac djvu doc dot dri ds2490 ds9097 ds9097u dts dv dvb dvd dvdr dvi dynamicplugin eds egl elf emacs emboss emf encode epiphany evo examples exif expat extensions extra extras faac faad ffmpeg fftw firefox fits flac fltk fontconfig foomaticdb fortran fortran95 fpx fts3 fuse g3dvl galago gcj gd gdal gdbm gdu gedit geoip geolocation geos gfortran gif gimp git glade glib glpk gml gmp gnome gnome-keyring gnome-print gnuplot gnutls gold gphoto2 gpm grammar graphics graphtft graphviz grass gsl gsm gstreamer gtk gtk3 gudev guile harness hddtemp hdf hdf5 hdri html http httpd hvm hwdb iconv icq icu id3 id3tag imagemagick imap inotify ipod ipv6 ithreads jabber jadetex java java6 jbig john jpeg jpeg2k kate kdepim kdrive kerberos keymap kpathsea kqemu kvm ladspa lame lapack latex lcms ldap lensfun libffi libkms libnotify libsamplerate live lm_sensors lua lzo mad mail maildir mapnik math matroska media-library mercurial mikmod mkl mmx mmxext mng modules mono motif mozilla mp3 mp4 mpeg mpi mplayer mtp mudflap multilib musepack musicbrainz mysql mysqli nautilus ncurses netcdf netpbm network networking networkmanager nfs nls nntp nptl nsplugin ntfs ntp numpy nvidia obex objc ocaml ocr octave odbc ofa ogdi ogg openexr opengl openmp overview pam pcre pda pdf perl plotutils plugins png podcast policykit portaudio posix postgres postscript pppd preview-latex proj projectm projectx pstricks pulseaudio python python-bindings q16 q32 qemu qhull qt3support qt4 quicktime raw readline reiserfs reports rle romio rpc rrdcgi rrdtool sage samba sasl schroedinger science sdk sdl secure-delete semantic-desktop server session shout sip slang slp smart smbclient smp sms sndfile snmp soap sockets soup sox speex spell sql sqlite sse sse2 sse4a ssl subtitles subversion sudo suexec svg svm swig szip t1lib tcl tcpd tex tex4ht texmacs tgif theora thesaurus threads thunderbird tidy tiff tk tools truetype udev unicode usb userlocales utempter vaapi vdpau video virtualbox visio vorbis wav webdav webdav-serf webkit wmf wxwidgets x264 xa xattr xcb xemacs xetex xext xft xine xml xmlreader xmlrpc xpm xv xvid xvmc yaml youtube zlib zvbi" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_core authn_dbm authn_default authn_file authz_core authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgid dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info lbmethod_byrequests log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif slotmem_shm so socache_shmcb speling status unique_id unixd userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="canon fuji ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CURL_SSL="nss" DRACUT_MODULES="caps lvm mdraid syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="de fr ru" NETBEANS_MODULES="apisupport cnd dlight enterprise ergonomics groovy gsf harness ide identity j2ee java mobility nb php profiler ruby websvccommon xml" PHP_TARGETS="php5-3" PYTHON_TARGETS="python3_2 python2_7" QEMU_SOFTMMU_TARGETS="arm i386 x86_64" QEMU_USER_TARGETS="arm i386 x86_64" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="nouveau vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON


root@impala:/root(14)# emerge -pvD gthumb

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R    ] media-gfx/gthumb-3.0.0  USE="exif gnome-keyring gstreamer http jpeg raw slideshow svg tiff -cdr -debug {-test}" 0 kB



Could this bug anyway connected with Bug 438900?



Reproducible: Always

Comment 1 Juergen Rose 2012-10-22 10:41:50 UTC

If I emerge gthumb without the raw USE flag and start gthumb directly (not through gdb), linux crashes with general protection fault

Comment 2 Juergen Rose 2012-10-22 11:22:26 UTC

Also if I run gthumb through gdb linux sometimes crashes with general protection fault.

Comment 3 Gilles Dartiguelongue (RETIRED) gentoo-dev

2012-10-22 12:10:55 UTC

I just commited 3.0.2 yesterday, could you give it a try ?

Comment 4 Gilles Dartiguelongue (RETIRED) gentoo-dev

2012-10-22 12:13:44 UTC

Hum actually I didn't commit it because I had a general protection fault as well.
I guess there is something fishy with gthumb.

Comment 5 Juergen Rose 2012-10-22 12:44:35 UTC

Hi Gilles,

inpite of two 'emerge --sync' since yesterday, there is not yet any gthumb-3.0.2 here. But beside of Segfaults and General protection faults I see now also kernel paging request Oops. 
I have the feeling that the error is not in gthumb but in the nouveau driver. At least I see the errors only at two systems with a NVIDIA card and with xf86-video-nouveau-1.0.2 driver. At a third system with a ATI card and the xf86-video-ati-6.14.6-r1 driver gthumb works without any problems.

Comment 6 Alexandre Rostovtsev (RETIRED) gentoo-dev

2012-10-22 17:12:58 UTC

(In reply to comment #0)
Good backtrace!

In glib-2.32.4, g_str_has_prefix() has the following implementations:

gboolean
g_str_has_prefix (const gchar *str,
                  const gchar *prefix)
{
  int str_len;
  int prefix_len;

  g_return_val_if_fail (str != NULL, FALSE);
  g_return_val_if_fail (prefix != NULL, FALSE);

  str_len = strlen (str);
  prefix_len = strlen (prefix);

  if (str_len < prefix_len)
    return FALSE;

  return strncmp (str, prefix, prefix_len) == 0;
}

And gstrfuncs.c:2774 is this line: "str_len = strlen (str);"

In your case, str was 0x7fffc809c000, which was pointer to "", a perfectly valid string. So strlen(str) should have returned 0; instead, it crashed.

Therefore, I see two possibilities:

(1) a bug is in strlen() itself meaning in sys-libs/glibc. @toolchain, is that possible? I believe that glibc uses some tricky assembly code to speed up strlen()...

(2) threading bug in gthumb that caused str to be freed just before strlen() was done with it.

Comment 7 SpanKY gentoo-dev

2012-11-19 23:40:51 UTC

(In reply to comment #6)

it's possible that strlen has a bug in the optimized version.  that assembly code does a lot of tricky stuff to be fast and compare as many bytes as possible.

you could try this test code:
#include <assert.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/mman.h>

int main() {
    int page_size = getpagesize();
    printf("page_size = %#x\n", page_size);
    char *buf = mmap(NULL, 2 * page_size, PROT_READ | PROT_WRITE, \
        MAP_PRIVATE | MAP_ANON, -1, 0);
    assert(buf != MAP_FAILED);
    assert(mprotect(buf + page_size, page_size, PROT_NONE) == 0);
    return strlen(buf + page_size - 1);
}

just: gcc test.c && ./a.out

Comment 8 Pacho Ramos gentoo-dev

2013-07-27 11:14:47 UTC

Still the case with 3.2.3?

Comment 9 Gilles Dartiguelongue (RETIRED) gentoo-dev

2013-08-10 10:35:17 UTC

Please try out latest gthumb, 3.2.3