Bug 1003579

Summary: Crash when opening SVG file
Product: [Fedora] Fedora Reporter: Jaroslav Škarvada <jskarvad>
Component: geeqieAssignee: Michael Schwendt <bugs.michael>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: bugs.michael
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-02 14:44:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Reproducer
none
non-detailed backtrace none

Description Jaroslav Škarvada 2013-09-02 12:15:41 UTC 
Created attachment 792814 [details]
Reproducer

Description of problem:
Geeqie crashes when opening image with multiple dots in name (e.g. test.dot.svg).

Version-Release number of selected component (if applicable):
geeqie-1.1-10.fc19.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Open the attached image by: geeqie ./test.dot.svg

Actual results:
Crash

Expected results:
No crash

Additional info:
The eog and firefox haven't problem with the image. Also the image can be opened in geeqie if renamed to test.svg.
Comment 1 Michael Schwendt 2013-09-02 14:03:52 UTC 
Amazing.

It's hard to reproduce, however. Gave the reproducer a try with Fedora 20, it crashed immediately. ABRT didn't catch anything. So, I ran "debuginfo-install geeqie". Tried to reproduce once more. Couldn't. After deinstalling all debuginfo pkgs and trying a few more times, suddenly it crashed again. So, I don't have a detailed backtrace yet, just confirmation that it's outside Geeqie (which uses gdk-pixbuf2 for SVG loading).

$ geeqie test.dot.svg 
Could not init LIRC support
*** longjmp causes uninitialized stack frame ***: geeqie terminated
======= Backtrace: =========
/lib64/libc.so.6(+0x3332675d9f)[0x7f2ab8d5ad9f]
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f2ab8debb07]
/lib64/libc.so.6(+0x3332706a2d)[0x7f2ab8deba2d]
/lib64/libc.so.6(__longjmp_chk+0x29)[0x7f2ab8deb989]
/lib64/libfreetype.so.6(+0x3338e5f75e)[0x7f2ab572675e]
/lib64/libfreetype.so.6(+0x3338e60502)[0x7f2ab5727502]
/lib64/libfreetype.so.6(FT_Outline_Decompose+0x16a)[0x7f2ab56da25a]
/lib64/libfreetype.so.6(+0x3338e60663)[0x7f2ab5727663]
/lib64/libfreetype.so.6(+0x3338e609ad)[0x7f2ab57279ad]
/lib64/libfreetype.so.6(+0x3338e5f463)[0x7f2ab5726463]
/lib64/libfreetype.so.6(FT_Render_Glyph_Internal+0xb3)[0x7f2ab56dea83]
/lib64/libcairo.so.2(+0x3070cc8c33)[0x7f2ab7f11c33]
[...]
Comment 2 Michael Schwendt 2013-09-02 14:04:27 UTC 
Created attachment 792855 [details]
non-detailed backtrace
Comment 3 Michael Schwendt 2013-09-02 14:07:49 UTC 
The multiple dots are the false track, btw.

$ geeqie test.svg 
Segmentation fault (core dumped)


There are other side-effects seldomly, too:

$ geeqie test.svg 

(geeqie:12540): Pango-WARNING **: shaping failure, expect ugly output. shape-engine='BasicEngineFc', font='Nimbus Roman No9 L 13.9990234375', text='b'
Comment 4 Michael Schwendt 2013-09-02 14:09:55 UTC 
https://bugzilla.redhat.com/678397
(gray_find_cell() - longjmp causes uninitialized stack frame)

The reproducer there was a PNG file.

Do you know the assignee?
Comment 5 Jaroslav Škarvada 2013-09-02 14:33:47 UTC 
(In reply to Michael Schwendt from comment #4)
I pinged him.
Comment 6 Jaroslav Škarvada 2013-09-02 14:37:54 UTC 
(In reply to Jaroslav Škarvada from comment #5)
> (In reply to Michael Schwendt from comment #4)
> I pinged him.
He wrote me, that he will try to respond in one or two days.

If you think it's dupe, feel free to close this bug.
Comment 7 Michael Schwendt 2013-09-02 14:44:50 UTC 
Yes, I think it's the same issue that also affects gnome-shell, cinnamon, evince and other programs.

*** This bug has been marked as a duplicate of bug 678397 ***