Bug 163518

Summary:	Gimp crash (realloc corruption caught by glibc)
Product:	[Fedora] Fedora	Reporter:	Alan Cox <alan>
Component:	gnome-vfs2	Assignee:	Alexander Larsson <alexl>
Status:	CLOSED RAWHIDE	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	4	CC:	alex, caolanm, mclasen, nphilipp
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2006-09-01 15:22:37 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Alan Cox 2005-07-18 15:07:02 UTC

opened thumbnail at 160 x 120
opened thumbnail at 160 x 120
opened thumbnail at 160 x 120
opened thumbnail at 160 x 120
*** glibc detected *** gimp: corrupted double-linked list: 0x0000000001bb19a0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3723c6c91c]
/lib64/libc.so.6(__libc_realloc+0x129)[0x3723c6d399]
/usr/lib64/libgnomevfs-2.so.0(_gnome_vfs_xdg_alias_read_from_file+0x103)[0x37aea4f887]
/usr/lib64/libgnomevfs-2.so.0[0x37aea4ee21]
/usr/lib64/libgnomevfs-2.so.0[0x37aea4e60a]
/usr/lib64/libgnomevfs-2.so.0[0x37aea4e79e]
/usr/lib64/libgnomevfs-2.so.0(_gnome_vfs_xdg_get_mime_type_from_file_name+0x9)[0x37aea4e98e]
/usr/lib64/libgnomevfs-2.so.0(gnome_vfs_mime_type_from_name_or_default+0xb9)[0x37aea3a37c]
/usr/lib64/libgnomevfs-2.so.0(_gnome_vfs_get_mime_type_internal+0x1be)[0x37aea3a5db]
/usr/lib64/libgnomevfs-2.so.0[0x37aea3adad]
/usr/lib64/gnome-vfs-2.0/modules/libfile.so[0x2aaaaf0893c7]
/usr/lib64/gnome-vfs-2.0/modules/libfile.so[0x2aaaaf08af94]
/usr/lib64/libgnomevfs-2.so.0(_gnome_vfs_job_execute+0x56d)[0x37aea34db9]
/usr/lib64/libgnomevfs-2.so.0[0x37aea33f0e]
/usr/lib64/libgnomevfs-2.so.0[0x37aea426ca]
/usr/lib64/libglib-2.0.so.0[0x37a8f3e4da]
/lib64/libpthread.so.0[0x372510697c]
/lib64/libc.so.6(__clone+0x6e)[0x3723cc9c2e]
======= Memory map: ========
00400000-006d5000 r-xp 00000000 08:02 15482082                          
/usr/bin/gimp-2.2
007d4000-00825000 rw-p 002d4000 08:02 15482082                          
/usr/bin/gimp-2.2
00825000-00849000 rw-p 00825000 00:00 0
00924000-0092d000 rw-p 00324000 08:02 15482082                          
/usr/bin/gimp-2.2
0092d000-0409b000 rw-p 0092d000 00:00 0                                  [heap]
40000000-40001000 ---p 40000000 00:00 0
40001000-40041000 rw-p 40001000 00:00 0
40041000-40042000 ---p 40041000 00:00 0
40042000-40082000 rw-p 40042000 00:00 0
40082000-40083000 ---p 40082000 00:00 0
40083000-400c3000 rw-p 40083000 00:00 0
400c3000-400c4000 ---p 400c3000 00:00 0
400c4000-40104000 rw-p 400c4000 00:00 0
3723a00000-3723a1a000 r-xp 00000000 08:02 14860705                      
/lib64/ld-2.3.5.so
3723b19000-3723b1a000 r--p 00019000 08:02 14860705                      
/lib64/ld-2.3.5.so
3723b1a000-3723b1b000 rw-p 0001a000 08:02 14860705                      
/lib64/ld-2.3.5.so
3723c00000-3723d2e000 r-xp 00000000 08:02 14860706                      
/lib64/libc-2.3.5.so
3723d2e000-3723e2d000 ---p 0012e000 08:02 14860706                      
/lib64/libc-2.3.5.so
3723e2d000-3723e31000 r--p 0012d000 08:02 14860706                      
/lib64/libc-2.3.5.so
3723e31000-3723e33000 rw-p 00131000 08:02 14860706                      
/lib64/libc-2.3.5.so
3723e33000-3723e37000 rw-p 3723e33000 00:00 0
3723f00000-3723f83000 r-xp 00000000 08:02 14860713                      
/lib64/libm-2.3.5.so
3723f83000-3724083000 ---p 00083000 08:02 14860713                      
/lib64/libm-2.3.5.so
3724083000-3724084000 r--p 00083000 08:02 14860713                      
/lib64/libm-2.3.5.so
3724084000-3724085000 rw-p 00084000 08:02 14860713                      
/lib64/libm-2.3.5.so
3724100000-3724102000 r-xp 00000000 08:02 14860711                      
/lib64/libdl-2.3.5.so
3724102000-3724202000 ---p 00002000 08:02 14860711                      
/lib64/libdl-2.3.5.so
3724202000-3724203000 r--p 00002000 08:02 14860711                      
/lib64/libdl-2.3.5.so
3724203000-3724204000 rw-p 00003000 08:02 14860711                      
/lib64/libdl-2.3.5.so
3725100000-372510f000 r-xp 00000000 08:02 14860708                      
/lib64/libpthread-2.3.5.so
372510f000-372520f000 ---p 0000f000 08:02 14860708                      
/lib64/libpthread-2.3.5.so
372520f000-3725210000 r--p 0000f000 08:02 14860708                      
/lib64/libpthread-2.3.5.so
3725210000-3725211000 rw-p 00010000 08:02 14860708                      
/lib64/libpthread-2.3.5.so
3725211000-3725215000 rw-p 3725211000 00:00 0
3728000000-3728011000 r-xp 00000000 08:02 14860732                      
/lib64/libresolv-2.3.5.so
3728011000-3728111000 ---p 00011000 08:02 14860732                      
/lib64/libresolv-2.3.5.so
3728111000-3728112000 r--p 00011000 08:02 14860732                      
/lib64/libresolv-2.3.5.so
3728112000-3728113000 rw-p 00012000 08:02 14860732                      
/lib64/libresolv-2.3.5.so
3728113000-3728115000 rw-p 3728113000 00:00 0
3729c00000-3729c09000 r-xp 00000000 08:02 14860735                      
/lib64/librt-2.3.5.so
3729c09000-3729d08000 ---p 00009000 08:02 14860735                      
/lib64/librt-2.3.5.so
3729d08000-3729d09000 r--p 00008000 08:02 14860735                      
/lib64/librt-2.3.5.so
3729d09000-3729d0a000 rw-p 00009000 08:02 14860735                      
/lib64/librt-2.3.5.so
3729d0a000-3729d1a000 rw-p 3729d0a000 00:00 0
372a000000-372a00d000 r-xp 00000000 08:02 14860707                      
/lib64/libgcc_s-4.0.0-20050520.so.1
372a00d000-372a10c000 ---p 0000d000 08:02 14860707                      
/lib64/libgcc_s-4.0.0-20050520.so.1
372a10c000-372a10d000 rw-p 0000c000 08:02 14860707                      
/lib64/libgcc_s-4.0.0-20050520.so.1
37a8900000-37a8914000 r-xp 00000000 08:02 15476102                      
/usr/lib64/libz.so.1.2.2.2
37a8914000-37a8a13000 ---p 00014000 08:02 15476102                      
/usr/lib64/libz.so.1.2.2.2
37a8a13000-37a8a14000 rw-p 00013000 08:02 15476102                      
/usr/lib64/libz.so.1.2.2.2
37a8b00000-37a8bda000 r-xp 00000000 08:02 15476258                      
/usr/X11R6/lib64/libX11.so.6.2
37a8bda000-37a8cd9000 ---p 000da000 08:02 15476258                      
/usr/X11R6/lib64/libX11.so.6.2
37a8cd9000-37a8cdf000 rw-p 000d9000 08:02 15476258                      
/usr/X11R6/lib64/libX11.so.6.2
37a8d00000-37a8d10000 r-xp 00000000 08:02 15476285                      
/usr/X11R6/lib64/libXext.so.6.4
37a8d10000-37a8e10000 ---p 00010000 08:02 15476285                      
/usr/X11R6/lib64/libXext.so.6.4
37a8e10000-37a8e11000 rw-p 00010000 08:02 15476285                      
/usr/X11R6/lib64/libXext.so.6.4
37a8f00000-37a8f84000 r-xp 00000000 08:02 15476098                      
/usr/lib64/libglib-2.0.so.0.600.4
37a8f84000-37a9083000 ---p 00084000 08:02 15476098                      
/usr/lib64/libglib-2.0.so.0.600.4
37a9083000-37a9089000 rw-p 00083000 08:02 15476098                      
/usr/lib64/libglib-2.0.so.0.600.4
37a9089000-37a908a000 rw-p 37a9089000 00:00 0
37a9100000-37a9137000 r-xp 00000000 08:02 15471244                      
/usr/lib64/libgobject-2.0.so.0.600.4
37a9137000-37a9237000 ---p 00037000 08:02 15471244                      
/usr/lib64/libgobject-2.0.so.0.600.4
37a9237000-37a923c000 rw-p 00037000 08:02 15471244                      
/usr/lib64/libgobject-2.0.so.0.600.4
37a9300000-37a9303000 r-xp 00000000 08:02 15471238                      
/usr/lib64/libgmodule-2.0.so.0.600.4
37a9303000-37a9402000 ---p 00003000 08:02 15471238                      
/usr/lib64/libgmodule-2.0.so.0.600.4
37a9402000-37a9403000 rw-p 00002000 08:02 15471238                      
/usr/lib64/libgmodule-2.0.so.0.600.4
37a9500000-37a957f000 r-xp 00000000 08:02 15476450                      
/usr/lib64/libfreetype.so.6.3.7
37a957f000-37a967f000 ---p 0007f000 08:02 15476450                      
/usr/lib64/libfreetype.so.6.3.7
37a967f000-37a968c000 rw-p 0007f000 08:02 15476450                      
/usr/lib64/libfreetype.so.6.3.7
37a9700000gimp: terminated: Aborted

Comment 1 Nils Philippsen 2005-07-29 16:07:41 UTC

What were you doing when that happened and can you reproduce this one? A small
test-case would be even better ;-).

Comment 2 Caolan McNamara 2005-09-09 10:05:50 UTC

A few of these have cropped up with OOo as well, think there was a fix recently.

Comment 3 Nils Philippsen 2005-10-07 15:10:38 UTC

Caolan, do you think this is a library problem (gtk)?

Comment 4 Matthias Clasen 2005-10-07 15:17:59 UTC

looks like a gnome-vfs segfault to me

Comment 5 Nils Philippsen 2005-10-10 07:56:48 UTC

Alan, can you reproduce this problem with current package versions?

Comment 6 Alan Cox 2005-10-11 12:59:49 UTC

Not seen it for a while but I never had a clear reproducer

Comment 7 Nils Philippsen 2005-10-11 14:49:42 UTC

I put this in hold for the time being, we can always reopen if it gets reproduced.

Comment 8 Alan Cox 2005-10-24 13:19:00 UTC

Happened again on a fully updated box

I started gimp, loaded a large jpeg (which appeared on screen 33% scale) then
hit 'rescale' 800 tab tab ok (ie taking its defaults for the rest), save and
then went to load another image to process and it went pop

*** glibc detected *** gimp: realloc(): invalid next size: 0x0000000001e1ec00 ***
======= Backtrace: =========
/lib64/libc.so.6[0x35eff6c680]
/lib64/libc.so.6(__libc_realloc+0x129)[0x35eff6d169]
/usr/lib64/libgnomevfs-2.so.0(_gnome_vfs_xdg_alias_read_from_file+0x103)[0x3d1884f887]
/usr/lib64/libgnomevfs-2.so.0[0x3d1884ee21]
/usr/lib64/libgnomevfs-2.so.0[0x3d1884e60a]
/usr/lib64/libgnomevfs-2.so.0[0x3d1884e79e]
/usr/lib64/libgnomevfs-2.so.0(_gnome_vfs_xdg_get_mime_type_from_file_name+0x9)[0x3d1884e98e]
/usr/lib64/libgnomevfs-2.so.0(gnome_vfs_mime_type_from_name_or_default+0xb9)[0x3d1883a37c]
/usr/lib64/libgnomevfs-2.so.0(_gnome_vfs_get_mime_type_internal+0x1be)[0x3d1883a5db]
/usr/lib64/libgnomevfs-2.so.0[0x3d1883adad]
/usr/lib64/gnome-vfs-2.0/modules/libfile.so[0x2aaab092a3c7]
/usr/lib64/gnome-vfs-2.0/modules/libfile.so[0x2aaab092bf94]
/usr/lib64/libgnomevfs-2.so.0(_gnome_vfs_job_execute+0x56d)[0x3d18834db9]
/usr/lib64/libgnomevfs-2.so.0[0x3d18833f0e]
/usr/lib64/libgnomevfs-2.so.0[0x3d188426ca]
/usr/lib64/libglib-2.0.so.0[0x35f163e61a]
/lib64/libpthread.so.0[0x35f0c0697c]
/lib64/libc.so.6(__clone+0x6e)[0x35effc992e]
======= Memory map: ========
00400000-006d5000 r-xp 00000000 08:02 15475850                          
/usr/bin/gimp-2.2
007d4000-00825000 rw-p 002d4000 08:02 15475850                          
/usr/bin/gimp-2.2
00825000-00849000 rw-p 00825000 00:00 0
00924000-0092d000 rw-p 00324000 08:02 15475850                          
/usr/bin/gimp-2.2
0092d000-01e3f000 rw-p 0092d000 00:00 0                                  [heap]
40000000-40001000 ---p 40000000 00:00 0
40001000-40041000 rw-p 40001000 00:00 0
40041000-40042000 ---p 40041000 00:00 0
40042000-40082000 rw-p 40042000 00:00 0
35efd00000-35efd1a000 r-xp 00000000 08:02 14860295                      
/lib64/ld-2.3.5.so
35efe19000-35efe1a000 r--p 00019000 08:02 14860295                      
/lib64/ld-2.3.5.so
35efe1a000-35efe1b000 rw-p 0001a000 08:02 14860295                      
/lib64/ld-2.3.5.so
35eff00000-35f002d000 r-xp 00000000 08:02 14860296                      
/lib64/libc-2.3.5.so
35f002d000-35f012c000 ---p 0012d000 08:02 14860296                      
/lib64/libc-2.3.5.so
35f012c000-35f0130000 r--p 0012c000 08:02 14860296                      
/lib64/libc-2.3.5.so
35f0130000-35f0132000 rw-p 00130000 08:02 14860296                      
/lib64/libc-2.3.5.so
35f0132000-35f0136000 rw-p 35f0132000 00:00 0
35f0200000-35f0284000 r-xp 00000000 08:02 14860297                      
/lib64/libm-2.3.5.so
35f0284000-35f0384000 ---p 00084000 08:02 14860297                      
/lib64/libm-2.3.5.so
35f0384000-35f0385000 r--p 00084000 08:02 14860297                      
/lib64/libm-2.3.5.so
35f0385000-35f0386000 rw-p 00085000 08:02 14860297                      
/lib64/libm-2.3.5.so
35f0400000-35f0402000 r-xp 00000000 08:02 14860300                      
/lib64/libdl-2.3.5.so
35f0402000-35f0502000 ---p 00002000 08:02 14860300                      
/lib64/libdl-2.3.5.so
35f0502000-35f0503000 r--p 00002000 08:02 14860300                      
/lib64/libdl-2.3.5.so
35f0503000-35f0504000 rw-p 00003000 08:02 14860300                      
/lib64/libdl-2.3.5.so
35f0a00000-35f0a14000 r-xp 00000000 08:02 15476222                      
/usr/lib64/libz.so.1.2.2.2
35f0a14000-35f0b13000 ---p 00014000 08:02 15476222                      
/usr/lib64/libz.so.1.2.2.2
35f0b13000-35f0b14000 rw-p 00013000 08:02 15476222                      
/usr/lib64/libz.so.1.2.2.2
35f0c00000-35f0c0f000 r-xp 00000000 08:02 14860311                      
/lib64/libpthread-2.3.5.so
35f0c0f000-35f0d0f000 ---p 0000f000 08:02 14860311                      
/lib64/libpthread-2.3.5.so
35f0d0f000-35f0d10000 r--p 0000f000 08:02 14860311                      
/lib64/libpthread-2.3.5.so
35f0d10000-35f0d11000 rw-p 00010000 08:02 14860311                      
/lib64/libpthread-2.3.5.so
35f0d11000-35f0d15000 rw-p 35f0d11000 00:00 0
35f0e00000-35f0e04000 r-xp 00000000 08:02 525229                        
/usr/lib64/libgimpmath-2.0.so.0.200.8
35f0e04000-35f0f04000 ---p 00004000 08:02 525229                        
/usr/lib64/libgimpmath-2.0.so.0.200.8
35f0f04000-35f0f05000 rw-p 00004000 08:02 525229                        
/usr/lib64/libgimpmath-2.0.so.0.200.8
35f1000000-35f1007000 r-xp 00000000 08:02 15472008                      
/usr/lib64/libgimpthumb-2.0.so.0.200.8
35f1007000-35f1107000 ---p 00007000 08:02 15472008                      
/usr/lib64/libgimpthumb-2.0.so.0.200.8
35f1107000-35f1108000 rw-p 00007000 08:02 15472008                      
/usr/lib64/libgimpthumb-2.0.so.0.200.8
35f1200000-35f127f000 r-xp 00000000 08:02 15476467                      
/usr/lib64/libfreetype.so.6.3.7
35f127f000-35f137f000 ---p 0007f000 08:02 15476467                      
/usr/lib64/libfreetype.so.6.3.7
35f137f000-35f138c000 rw-p 0007f000 08:02 15476467                      
/usr/lib64/libfreetype.so.6.3.7
35f1400000-35f1421000 r-xp 00000000 08:02 15476833                      
/usr/lib64/libexpat.so.0.5.0
35f1421000-35f1520000 ---p 00021000 08:02 15476833                      
/usr/lib64/libexpat.so.0.5.0
35f1520000-35f1523000 rw-p 00020000 08:02 15476833                      
/usr/lib64/libexpat.so.0.5.0
35f1600000-35f1684000 r-xp 00000000 08:02 15471230                      
/usr/lib64/libglib-2.0.so.0.600.6
35f1684000-35f1783000 ---p 00084000 08:02 15471230                      
/usr/lib64/libglib-2.0.so.0.600.6
35f1783000-35f1789000 rw-p 00083000 08:02 15471230                      
/usr/lib64/libglib-2.0.so.0.600.6
35f1789000-35f178a000 rw-p 35f1789000 00:00 0
35f1800000-35f182c000 r-xp 00000000 08:02 15477411                      
/usr/lib64/libfontconfig.so.1.0.4
35f182c000-35f192c000 ---p 0002c000 08:02 15477411                      
/usr/lib64/libfontconfig.so.1.0.4
35f192c000-35f1931000 rw-p 0002c000 08:02 15477411                      
/usr/lib64/libfontconfig.so.1.0.4
35f1931000-35f1933000 rw-p 35f1931000 00:00 0
35f1e00000-35f1e37000 r-xp 00000000 08:02 15479481                      
/usr/lib64/libgobject-2.0.so.0.600.6
35f1e37000-35f1f37000 ---p 00037000 08:02 15479481                      
/usr/lib64/libgobject-2.0.so.0.600.6
35f1f37000-35f1f3c000 rw-p 00037000 08:02 15479481                      gimp:
terminated: Aborted

Comment 9 Alexander Larsson 2005-10-24 13:51:47 UTC

Its likely this bug:
http://bugzilla.gnome.org/show_bug.cgi?id=170947

If so, Gnome 2.12 should fix it.

Comment 10 Alexander Larsson 2006-09-01 15:22:37 UTC

No reports since then. Closing.
If you see this with gnome-vfs >= 2.12, please reopen.