Bug 567643

Summary: SIGSEGV inside Pango in gtk_label_size_request with large multiline string running downloaded copy of OpenXenCenter
Product: [Fedora] Fedora Reporter: Bruce W. Tucker <btucker>
Component: pangoAssignee: Behdad Esfahbod <behdad>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: alberto, behdad, dmalcolm, fonts-bugs, ivazqueznet, james.antill, j.golderer, jonathansteffan
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: abrt_hash:3b51b5870b445e41d588f9943347be39514f845b
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-03 22:27:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace none

Description Bruce W. Tucker 2010-02-23 14:35:45 UTC 
abrt 1.0.6 detected a crash.

architecture: x86_64
Attached file: backtrace
cmdline: python window.py
component: python
executable: /usr/bin/python
kernel: 2.6.31.12-174.2.19.fc12.x86_64
package: python-2.6.2-2.fc12
rating: 4
reason: Process was terminated by signal 11 (Segmentation fault)
release: Fedora release 12 (Constantine)

comment
-----
just running OpenXenCenter 
no actions were taken
perhaps click on a one server
Comment 1 Bruce W. Tucker 2010-02-23 14:35:47 UTC 
Created attachment 395726 [details]
File: backtrace
Comment 2 Dave Malcolm 2010-02-23 18:51:36 UTC 
Thank you for reporting this bug.

How reproducible is this problem?  If you run the program from a terminal, is an error message printed?

What is the output of running the following command?
  rpm -q pygtk2 pango gtk2

Looking at the backtrace, it looks like the problem occurred in thread #1 in "can_break_at" within Pango.  It looks like Pango is trying to calculate the size of a GtkLabel, but that label has an extremely large multiline string (assuming that I'm reading this correctly; I'm referring to frame #3 of thread #1 where I see this string fragment:
0x39eed2f "\nIntel(R) Xeon(R) CPU", ' ' <repeats 11 times>, "E5530  @ 2.40GHz\nIntel(R) Xeon(R) CPU", ' ' <repeats 11 times>, "E5530  @ 2.40GHz\nIntel(R) Xeon(R) CPU", ' ' <repeats 11 times>, "E5530  @ 2.40GHz\nIntel(R) Xeon(R) CPU", ' ' <repeats 11 times>, "E5530  @ 2.40GHz\nIntel(R"...

Does pango needs to be bullet-proofed against this kind of input?  Alternatively, the process is using: 
  /home/bruce/Downloads/openxencenter/oxcgtkvnc.so
  ./liboxcgtk-vnc-1.0.so.0
and perhaps these embed their own copy of Pango.

Reassigning component from "python" to "pango";  hopefully the pango maintainer will be able to figure this out further or reassign as necessary.
Comment 3 Bruce W. Tucker 2010-02-25 19:01:41 UTC 
I can reproduce the problem with opening OpenXenCenter (running "python window.py") and just leaving it open (no input).  I believe it is just updating the console information from 2 Citrix server pools when it crashes

$ sudo rpm -q pygtk2 pango gtk2
pygtk2-2.16.0-1.fc12.x86_64
pango-1.26.2-1.fc12.x86_64
gtk2-2.18.6-3.fc12.x86_64

The OpenXenCenter README says that it needs glade 3.6 and libgtk 2.16
$ sudo rpm -qa | grep glade
libglademm24-2.6.7-3.fc12.x86_64
pygtk2-libglade-2.16.0-1.fc12.x86_64
libglade2-2.6.4-3.fc12.x86_64
glade3-3.6.7-2.fc12.x86_64
glade3-libgladeui-3.6.7-2.fc12.x86_64
libglade2-devel-2.6.4-3.fc12.x86_64


dmesg
python[7500]: segfault at 184 ip 0000003e11021d40 sp 00007fff6d7518b0 error 4 in libpango-1.0.so.0.2600.2[3e11000000+48000]

/var/log/messages
Feb 22 15:06:17 ungoliant kernel: python[7500]: segfault at 184 ip 0000003e11021d40 sp 00007fff6d7518b0 error 4 in libpango-1.0.so.0.2600.2[3e11000000+48000]


from console 
.........(deprecated).........
SR.scan pending 0.0: {'timestamp': '1266939438.', 'class': 'task', 'snapshot': {'status': 'pending', 'subtask_of': 'OpaqueRef:NULL', 'current_operations': {}, 'subtasks': [], 'uuid': 'efbf3cca-a7c7-e51c-8e82-7b4f53e39903', 'created': <DateTime '20100223T15:37:18Z' at 7f52d3aab7a0>, 'other_config': {}, 'name_label': 'SR.scan', 'allowed_operations': [], 'finished': <DateTime '19700101T00:00:00Z' at 7f52d0237638>, 'resident_on': 'OpaqueRef:45dad8ef-bc18-52b6-d38d-ea8f322ba7fa', 'result': '', 'progress': 0.0, 'name_description': '', 'error_info': [], 'type': '<none/>'}, 'operation': 'add', 'ref': 'OpaqueRef:6a415814-2724-71ef-e2bb-740a0e4a66aa', 'id': '563545'}
SR.scan pending 0.0: {'timestamp': '1266939438.', 'class': 'task', 'snapshot': {'status': 'pending', 'subtask_of': 'OpaqueRef:NULL', 'current_operations': {}, 'subtasks': [], 'uuid': 'efbf3cca-a7c7-e51c-8e82-7b4f53e39903', 'created': <DateTime '20100223T15:37:18Z' at 7f52d073b0e0>, 'other_config': {}, 'name_label': 'SR.scan', 'allowed_operations': ['cancel'], 'finished': <DateTime '19700101T00:00:00Z' at 7f52d200a680>, 'resident_on': 'OpaqueRef:45dad8ef-bc18-52b6-d38d-ea8f322ba7fa', 'result': '', 'progress': 0.0, 'name_description': '', 'error_info': [], 'type': '<none/>'}, 'operation': 'mod', 'ref': 'OpaqueRef:6a415814-2724-71ef-e2bb-740a0e4a66aa', 'id': '563546'}
SR.scan pending 0.0: {'timestamp': '1266939438.', 'class': 'task', 'snapshot': {'status': 'pending', 'subtask_of': 'OpaqueRef:NULL', 'current_operations': {}, 'subtasks': [], 'uuid': '639eedec-c84b-e924-c780-0c984f673bc4', 'created': <DateTime '20100223T15:37:18Z' at 7f52d200a488>, 'other_config': {}, 'name_label': 'SR.scan', 'allowed_operations': [], 'finished': <DateTime '19700101T00:00:00Z' at 7f52d200a518>, 'resident_on': 'OpaqueRef:45dad8ef-bc18-52b6-d38d-ea8f322ba7fa', 'result': '', 'progress': 0.0, 'name_description': '', 'error_info': [], 'type': '<none/>'}, 'operation': 'add', 'ref': 'OpaqueRef:fff4f762-29c7-b58c-4bc4-74f4a673d98b', 'id': '563549'}
SR.scan pending 0.0: {'timestamp': '1266939438.', 'class': 'task', 'snapshot': {'status': 'pending', 'subtask_of': 'OpaqueRef:NULL', 'current_operations': {}, 'subtasks': [], 'uuid': '639eedec-c84b-e924-c780-0c984f673bc4', 'created': <DateTime '20100223T15:37:18Z' at 7f52d200a7a0>, 'other_config': {}, 'name_label': 'SR.scan', 'allowed_operations': ['cancel'], 'finished': <DateTime '19700101T00:00:00Z' at 7f52d200a3f8>, 'resident_on': 'OpaqueRef:45dad8ef-bc18-52b6-d38d-ea8f322ba7fa', 'result': '', 'progress': 0.0, 'name_description': '', 'error_info': [], 'type': '<none/>'}, 'operation': 'mod', 'ref': 'OpaqueRef:fff4f762-29c7-b58c-4bc4-74f4a673d98b', 'id': '563550'}
**
Pango:ERROR:pango-layout.c:3736:pango_layout_check_lines: assertion failed: (!layout->log_attrs)
Aborted (core dumped)

=============================================
Comment 4 Alberto Gonzalez 2010-03-01 09:36:44 UTC 
hello, i'm the main developer of openxencenter
what rev are you using?
Comment 5 Bruce W. Tucker 2010-03-01 16:31:14 UTC 
I could not find anything that had the version listed but I'm pretty sure I downloaded the openxencenter_rev69_100112.tar file from sourceforge.

I see there is a newer one, I'll try it.

Also my kernel is 2.6.31.12-174.2.22.fc12.x86_64 #1 SMP x86_64 x86_64 x86_64
Comment 6 Bug Zapper 2010-11-03 21:31:29 UTC 
This message is a reminder that Fedora 12 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 12.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '12'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 12's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 12 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 7 Bug Zapper 2010-12-03 22:27:58 UTC 
Fedora 12 changed to end-of-life (EOL) status on 2010-12-02. Fedora 12 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.