Bug 636543
| Summary: | segfault in 'fast_validate()' opening folder (e.g.: 'nautilus --no-desktop /home/tbl/Desktop') | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Tom London <selinux> | ||||
| Component: | ibus | Assignee: | fujiwara <tfujiwar> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | rawhide | CC: | i18n-bugs, otaylor, raxtum, shawn.p.huang, tbzatek, tfujiwar | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2010-10-01 02:39:32 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Still segfaults with nautilus-2.90.1-5.gitf3bbee7.fc15.x86_64:
Loaded symbols for /usr/lib64/libibus.so.2.0.0
Core was generated by `nautilus --no-desktop /media/FlashCard'.
Program terminated with signal 11, Segmentation fault.
#0 fast_validate (str=0x0, max_len=-1, end=0x0) at gutf8.c:1616
1616 for (p = str; *p; p++)
(gdb) set pagination off
(gdb) bt full
#0 fast_validate (str=0x0, max_len=-1, end=0x0) at gutf8.c:1616
val = <value optimized out>
min = <value optimized out>
p = 0x0
#1 g_utf8_validate (str=0x0, max_len=-1, end=0x0) at gutf8.c:1784
p = <value optimized out>
#2 0x00007f691d3e04d9 in gtk_im_context_get_preedit_string (context=0x1f64270, str=0x7fffd9bcc768, attrs=0x7fffd9bcc760, cursor_pos=0x0) at gtkimcontext.c:447
klass = 0x1f83b00
__PRETTY_FUNCTION__ = "gtk_im_context_get_preedit_string"
#3 0x00007f691d3e04c2 in gtk_im_context_get_preedit_string (context=0x1e57800, str=0x7fffd9bcc768, attrs=0x7fffd9bcc760, cursor_pos=0x0) at gtkimcontext.c:446
klass = 0x1e4f7e0
__PRETTY_FUNCTION__ = "gtk_im_context_get_preedit_string"
#4 0x00007f691d386d25 in gtk_entry_create_layout (entry=0x1e001c0, include_preedit=1) at gtkentry.c:5401
widget = 0x1e001c0
layout = 0x7f690c004da0
preedit_length = 0
tmp_attrs = 0x1f7daa0
preedit_string = 0x0
preedit_attrs = 0x0
display = 0x1f1de80 ""
n_bytes = 32617
#5 gtk_entry_ensure_layout (entry=0x1e001c0, include_preedit=1) at gtkentry.c:5480
No locals.
#6 0x00007f691d387c0c in gtk_entry_get_cursor_locations (entry=0x1e001c0, type=CURSOR_STANDARD, strong_x=0x7fffd9bcc83c, weak_x=0x0) at gtkentry.c:5933
layout = <value optimized out>
strong_pos = {x = 30994320, y = 0, width = 458321424, height = 32617}
text = <value optimized out>
weak_pos = {x = 0, y = 0, width = 1, height = 0}
index = <value optimized out>
mode = DISPLAY_NORMAL
#7 0x00007f691d388141 in update_im_cursor_location (data=0x1e001c0) at gtkentry.c:5326
strong_x = 32617
area_width = 504132832
area_height = 0
area = {x = 32570512, y = 0, width = 30745688, height = 0}
strong_xoffset = <value optimized out>
#8 recompute_idle_func (data=0x1e001c0) at gtkentry.c:5360
entry = 0x1e001c0
#9 0x00007f691d06932f in gdk_threads_dispatch (data=0x1e56960) at gdk.c:487
dispatch = 0x1e56960
ret = 0
#10 0x00007f691b2527d3 in g_main_dispatch (context=0x1d52450) at gmain.c:2149
dispatch = 0x7f691b24e810 <g_idle_dispatch>
was_in_call = 0
user_data = 0x1e56960
callback = 0x7f691d069300 <gdk_threads_dispatch>
cb_funcs = 0x7f691b516e10
cb_data = 0x1e583b0
current_source_link = {data = 0x1f0fc90, next = 0x0}
need_destroy = <value optimized out>
source = 0x1f0fc90
current = 0x1d8ef90
i = <value optimized out>
#11 g_main_context_dispatch (context=0x1d52450) at gmain.c:2702
No locals.
#12 0x00007f691b252fb0 in g_main_context_iterate (context=0x1d52450, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2780
max_priority = 115
timeout = 0
some_ready = 1
nfds = 13
allocated_nfds = <value optimized out>
fds = <value optimized out>
#13 0x00007f691b253622 in g_main_loop_run (loop=0x1dc0af0) at gmain.c:2988
__PRETTY_FUNCTION__ = "g_main_loop_run"
#14 0x00007f691d3f824d in gtk_main () at gtkmain.c:1320
tmp_list = <value optimized out>
functions = 0x0
init = <value optimized out>
loop = 0x1dc0af0
#15 0x000000000043d3e9 in main (argc=1, argv=0x7fffd9bccd98) at nautilus-main.c:536
kill_shell = 0
no_default_window = 0
browser_window = 0
no_desktop = 1
version = 0
autostart_mode = <value optimized out>
autostart_id = <value optimized out>
geometry = 0x0
remaining = 0x1d281d0
application = 0x1db28f0
context = <value optimized out>
file = <value optimized out>
uri = <value optimized out>
uris = 0x1dc0b10
uris_array = <value optimized out>
error = 0x0
i = <value optimized out>
options = {{long_name = 0x549799 "version", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fffd9bccc8c, description = 0x52b518 "Show the version of the program.", arg_description = 0x0}, {long_name = 0x52ed7c "geometry", short_name = 103 'g', flags = 0, arg = G_OPTION_ARG_STRING, arg_data = 0x7fffd9bccc80, description = 0x52b540 "Create the initial window with the given geometry.", arg_description = 0x52b411 "GEOMETRY"}, {long_name = 0x52b41a "no-default-window", short_name = 110 'n', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fffd9bccc98, description = 0x52b578 "Only create windows for explicitly specified URIs.", arg_description = 0x0}, {long_name = 0x52b42c "no-desktop", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fffd9bccc90, description = 0x52b5b0 "Do not manage the desktop (ignore the preference set in the preferences dialog).", arg_description = 0x0}, {long_name = 0x52cb3f "browser", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fffd9bccc94, description = 0x52b437 "open a browser window.", arg_description = 0x0}, {long_name = 0x54b9d5 "quit", short_name = 113 'q', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fffd9bccc9c, description = 0x52b44e "Quit Nautilus.", arg_description = 0x0}, {long_name = 0x530178 "", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_STRING_ARRAY, arg_data = 0x7fffd9bccc78, description = 0x0, arg_description = 0x52b45d "[URI...]"}, {long_name = 0x0, short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x0, description = 0x0, arg_description = 0x0}}
(gdb)
OK. gdb says:
(gdb) up
#2 0x00007f691d3e04d9 in gtk_im_context_get_preedit_string (
context=0x1f64270, str=0x7fffd9bcc768, attrs=0x7fffd9bcc760,
cursor_pos=0x0) at gtkimcontext.c:447
447 g_return_if_fail (str == NULL || g_utf8_validate (*str, -1, NULL));
(gdb) list
442
443 g_return_if_fail (GTK_IS_IM_CONTEXT (context));
444
445 klass = GTK_IM_CONTEXT_GET_CLASS (context);
446 klass->get_preedit_string (context, str, attrs, cursor_pos);
447 g_return_if_fail (str == NULL || g_utf8_validate (*str, -1, NULL));
448 }
449
450 /**
451 * gtk_im_context_filter_keypress:
(gdb) print str
$2 = (gchar **) 0x7fffd9bcc768
(gdb)
But, '*str' is NULL:
(gdb) print *str
$4 = (gchar *) 0x0
(gdb)
Appears that neither g_utf8_validate nor fast_validate actually checks if str is NULL.
Not sure something else isn't broken, but does it make sense to change:
g_return_if_fail (str == NULL || g_utf8_validate (*str, -1, NULL));
to
g_return_if_fail (str == NULL || *str == NULL || g_utf8_validate (*str, -1, NULL));
*** Bug 637796 has been marked as a duplicate of this bug. *** Created attachment 449962 [details]
Patch that stops nautilus segfaulting opening up 'root folders'
The attached patch to gtk3 'makes it work for me'.
It adds a '*str == NULL' check to guard the 'fast_validate' functions.
Of course, I have no idea if this is the "right thing"......
Should this be reassigned to gtk3?
Should be reassigned to ibus; its gtk3 module is returning NULL where it isn't supposed to. g_utf8_validate() is about whether a *string* is valid, NULL isn't actually a string. (Uninstalling ibus will work around) OK, reassigning to ibus. I removed: Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: ibus x86_64 1.3.7-5.fc15 @15koji 1.6 M Removing for dependencies: ibus-anthy x86_64 1.2.1-2.fc14 @15koji 613 k ibus-chewing x86_64 1.3.7.20100910-1.fc15 @15koji 145 k ibus-gtk2 x86_64 1.3.7-5.fc15 @15koji 24 k ibus-gtk3 x86_64 1.3.7-5.fc15 @15koji 21 k ibus-hangul x86_64 1.3.0.20100329-3.fc15 @15koji 105 k ibus-m17n x86_64 1.3.1-1.fc15 @15koji 95 k ibus-pinyin x86_64 1.3.11-1.fc15 @15koji 1.0 M ibus-rawcode x86_64 1.3.1.20100707-1.fc14 @14koji/14 36 k Transaction Summary ================================================================================ Remove 9 Package(s) and downgraded gtk3 back to Sep 28 16:47:35 Installed: gtk3-2.90.7-2.fc15.x86_64 Sep 28 16:47:40 Installed: gtk3-devel-2.90.7-2.fc15.x86_64 Appears that I no longer get the segfault. But..... I do seem to be getting other crashes: revelation applet, usr/bin/python /usr/share/system-config-printer/applet.py, and I believe abrt itself. Guessing these packages "need" ibus (ibus-gtk[23]) ... ? Crashes of "other packages" appear to be due to updates to some other packages.... Please get the latest ibus-gtk3-1.3.7-8.fc15 in rawhide.
It seems ibus would need a rebuild to work with the latest gtk3.
I could see the problem with f14 ibus-gtk3 but I don't see the problem in rawhide ibus-gtk3.
I'd like to close this bug as not a Bug.
BTW, I created a small program of GtkEntry for this bug because I could not succeed to run rawhide nautilus.
(nautilus:3800): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed
#0 0x00000034c0a4b580 in g_log () from /lib64/libglib-2.0.so.0
#1 0x00007ffff6ed9482 in message_to_write_data_free (data=0x877300)
at gdbusprivate.c:879
#2 0x00007ffff6eda281 in maybe_write_next_message (worker=0x878340)
at gdbusprivate.c:1305
#3 0x00007ffff6eda381 in write_message_in_idle_cb (user_data=0x878340)
at gdbusprivate.c:1347
#4 0x00000034c0a427d3 in g_main_context_dispatch ()
from /lib64/libglib-2.0.so.0
#5 0x00000034c0a42fb0 in ?? () from /lib64/libglib-2.0.so.0
#6 0x00000034c0a43622 in g_main_loop_run () from /lib64/libglib-2.0.so.0
#7 0x00007ffff6ed8359 in gdbus_shared_thread_func (data=0x0)
at gdbusprivate.c:277
#8 0x00000034c0a69ff6 in ?? () from /lib64/libglib-2.0.so.0
#9 0x0000003107407761 in start_thread () from /lib64/libpthread.so.0
#10 0x0000003106ce14dd in clone () from /lib64/libc.so.6
879 g_object_unref (data->message);
The data->message was NULL:
$4 = (GDBusMessage *) 0x0
Program received signal SIGABRT, Aborted.
#0 0x0000003106c329a5 in raise () from /lib64/libc.so.6
#1 0x0000003106c34185 in abort () from /lib64/libc.so.6
#2 0x00000034c0a68134 in g_assertion_message () from /lib64/libglib-2.0.so.0
#3 0x00000034c0a686d0 in g_assertion_message_expr ()
from /lib64/libglib-2.0.so.0
#4 0x000000000042e7dd in nautilus_application_startup (application=0x883050,
kill_shell=0, no_default_window=0, no_desktop=0, browser_window=0,
geometry=0x0, urls=0x0) at nautilus-application.c:905
#5 0x0000000000441cd9 in main (argc=1, argv=0x7fffffffe4c8)
at nautilus-main.c:523
905 g_assert (error == NULL);
The error message was:
$2 = (gchar *) 0x896e20 "Timeout was reached"
This crashed for me with ibus-gtk3-1.3.7-5.fc15.x86_64. (There were other reports of this crash on the lists). This works for me with ibus-gtk3-1.3.7-8.fc15.x86_64. Thanks for the 'not a Bug' fix! Not sure how to close this: NOTABUG or RAWHIDE. When the latest gtk3 will be integrated in f14, we may need to rebuild it in f14 again. |
Description of problem: Nautilus is crashing every time I try to open a folder (from Places). For example, trying to open 'Desktop' produces the following segfault: Core was generated by `nautilus --no-desktop /home/tbl/Desktop'. Program terminated with signal 11, Segmentation fault. #0 fast_validate (str=0x0, max_len=-1, end=0x0) at gutf8.c:1616 1616 for (p = str; *p; p++) (gdb) set pagination off (gdb) bt full #0 fast_validate (str=0x0, max_len=-1, end=0x0) at gutf8.c:1616 val = <value optimized out> min = <value optimized out> p = 0x0 #1 g_utf8_validate (str=0x0, max_len=-1, end=0x0) at gutf8.c:1784 p = <value optimized out> #2 0x00007f429cf864d9 in gtk_im_context_get_preedit_string (context=0x2174250, str=0x7fff10f6d1d8, attrs=0x7fff10f6d1d0, cursor_pos=0x0) at gtkimcontext.c:447 klass = 0x2195300 __PRETTY_FUNCTION__ = "gtk_im_context_get_preedit_string" #3 0x00007f429cf864c2 in gtk_im_context_get_preedit_string (context=0x206f700, str=0x7fff10f6d1d8, attrs=0x7fff10f6d1d0, cursor_pos=0x0) at gtkimcontext.c:446 klass = 0x20690b0 __PRETTY_FUNCTION__ = "gtk_im_context_get_preedit_string" #4 0x00007f429cf2cd25 in gtk_entry_create_layout (entry=0x20121c0, include_preedit=1) at gtkentry.c:5401 widget = 0x20121c0 layout = 0x7f428c004da0 preedit_length = 0 tmp_attrs = 0x7f428c00a100 preedit_string = 0x0 preedit_attrs = 0x0 display = 0x2179d90 "" n_bytes = 32578 #5 gtk_entry_ensure_layout (entry=0x20121c0, include_preedit=1) at gtkentry.c:5480 No locals. #6 0x00007f429cf2dc0c in gtk_entry_get_cursor_locations (entry=0x20121c0, type=CURSOR_STANDARD, strong_x=0x7fff10f6d2ac, weak_x=0x0) at gtkentry.c:5933 layout = <value optimized out> strong_pos = {x = 33173392, y = 0, width = -1693725168, height = 32578} text = <value optimized out> weak_pos = {x = 0, y = 0, width = 1, height = 0} index = <value optimized out> mode = DISPLAY_NORMAL #7 0x00007f429cf2e141 in update_im_cursor_location (data=0x20121c0) at gtkentry.c:5326 strong_x = 32578 area_width = -1647913760 area_height = 0 area = {x = 34733664, y = 0, width = 32924760, height = 0} strong_xoffset = <value optimized out> #8 recompute_idle_func (data=0x20121c0) at gtkentry.c:5360 entry = 0x20121c0 #9 0x00007f429cc0f32f in gdk_threads_dispatch (data=0x20678c0) at gdk.c:487 dispatch = 0x20678c0 ret = 0 #10 0x00007f429adf87d3 in g_main_dispatch (context=0x1f66450) at gmain.c:2149 dispatch = 0x7f429adf4810 <g_idle_dispatch> was_in_call = 0 user_data = 0x20678c0 callback = 0x7f429cc0f300 <gdk_threads_dispatch> cb_funcs = 0x7f429b0bce10 cb_data = 0x20d3c10 current_source_link = {data = 0x211fe60, next = 0x0} need_destroy = <value optimized out> source = 0x211fe60 current = 0x1fa2f90 i = <value optimized out> #11 g_main_context_dispatch (context=0x1f66450) at gmain.c:2702 No locals. #12 0x00007f429adf8fb0 in g_main_context_iterate (context=0x1f66450, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2780 max_priority = 115 timeout = 0 some_ready = 1 nfds = 13 allocated_nfds = <value optimized out> fds = <value optimized out> #13 0x00007f429adf9622 in g_main_loop_run (loop=0x2021c20) at gmain.c:2988 __PRETTY_FUNCTION__ = "g_main_loop_run" #14 0x00007f429cf9e24d in gtk_main () at gtkmain.c:1320 tmp_list = <value optimized out> functions = 0x0 init = <value optimized out> loop = 0x2021c20 #15 0x000000000043d3e9 in main (argc=1, argv=0x7fff10f6d808) at nautilus-main.c:536 kill_shell = 0 no_default_window = 0 browser_window = 0 no_desktop = 1 version = 0 autostart_mode = <value optimized out> autostart_id = <value optimized out> geometry = 0x0 remaining = 0x1f3c1d0 application = 0x1fc68f0 context = <value optimized out> file = <value optimized out> uri = <value optimized out> uris = 0x1fd4ab0 uris_array = <value optimized out> error = 0x0 i = <value optimized out> options = {{long_name = 0x549799 "version", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fff10f6d6fc, description = 0x52b518 "Show the version of the program.", arg_description = 0x0}, {long_name = 0x52ed7c "geometry", short_name = 103 'g', flags = 0, arg = G_OPTION_ARG_STRING, arg_data = 0x7fff10f6d6f0, description = 0x52b540 "Create the initial window with the given geometry.", arg_description = 0x52b411 "GEOMETRY"}, {long_name = 0x52b41a "no-default-window", short_name = 110 'n', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fff10f6d708, description = 0x52b578 "Only create windows for explicitly specified URIs.", arg_description = 0x0}, {long_name = 0x52b42c "no-desktop", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fff10f6d700, description = 0x52b5b0 "Do not manage the desktop (ignore the preference set in the preferences dialog).", arg_description = 0x0}, {long_name = 0x52cb3f "browser", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fff10f6d704, description = 0x52b437 "open a browser window.", arg_description = 0x0}, {long_name = 0x54b9d5 "quit", short_name = 113 'q', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fff10f6d70c, description = 0x52b44e "Quit Nautilus.", arg_description = 0x0}, {long_name = 0x530178 "", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_STRING_ARRAY, arg_data = 0x7fff10f6d6e8, description = 0x0, arg_description = 0x52b45d "[URI...]"}, {long_name = 0x0, short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x0, description = 0x0, arg_description = 0x0}} (gdb) Version-Release number of selected component (if applicable): nautilus-2.90.1-4.gitf3bbee7.fc15.x86_64 gtk2-2.21.8-2.fc15.x86_64 gtk2-2.21.8-2.fc15.i686 gtk3-2.90.7-2.fc15.x86_64 gobject-introspection-0.9.6-1.fc15.x86_64 How reproducible: every time Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: