Bug 655613

Summary: [abrt] gimp-2:2.6.11-1.fc14: strlen: Process /usr/bin/gimp-2.6 was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Javier Jardón <jjardon>
Component: gtk2Assignee: Matthias Clasen <mclasen>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 14CC: cnangel, i-graszka, mclasen, nphilipp
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:963ca308372e39b9aabc9b6fc6e3da4ef51c056f
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-01-18 10:52:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace none

Description Javier Jardón 2010-11-22 00:08:07 UTC 
abrt version: 1.1.14
architecture: x86_64
Attached file: backtrace
cmdline: gimp-2.6
component: gimp
crash_function: strlen
executable: /usr/bin/gimp-2.6
kernel: 2.6.35.6-48.fc14.x86_64
package: gimp-2:2.6.11-1.fc14
rating: 4
reason: Process /usr/bin/gimp-2.6 was killed by signal 11 (SIGSEGV)
release: Fedora release 14 (Laughlin)
time: 1290384394
uid: 500

How to reproduce
-----
1. Open a PNG image
2. Save as jpeg
3. Crash
Comment 1 Javier Jardón 2010-11-22 00:08:10 UTC 
Created attachment 461893 [details]
File: backtrace
Comment 2 Nils Philippsen 2010-11-22 13:25:12 UTC 
Which version of gtk2 do you have installed?
Comment 3 Javier Jardón 2010-11-22 19:23:37 UTC 
(In reply to comment #2)
> Which version of gtk2 do you have installed?

2.22.0
Comment 4 Nils Philippsen 2010-11-23 09:35:43 UTC 
Oh, I meant the whole  package version... I'll simply assume gtk2-2.22.0-1.fc14.1, shout if that is wrong ;-).
Comment 5 Nils Philippsen 2010-11-23 10:29:41 UTC 
This seems like a bug in gtk2, specifically the gtk file chooser completion code to me:

--- 8< --- gtkfilechooser.c / completion_match_func() ---
  norm_file_part = g_utf8_normalize (chooser_entry->file_part, -1, G_NORMALIZE_ALL);
  norm_name = g_utf8_normalize (name, -1, G_NORMALIZE_ALL);
[...]
  result = (strncmp (norm_file_part, norm_name, strlen (norm_file_part)) == 0);
--- >8 --------------------------------------------------

The crash happens in this last line, when calling strlen(norm_file_part). Both norm_file_part and norm_name are NULL at that time, which indicates that the strings fed to g_utf8_normalize() above weren't valid UTF-8. So both norm_file_part and norm_name should be checked to be != NULL before being fed to "normal" glibc string functions that can't cope with NULL args like strlen() and strncmp().

I'll change the component accordingly.
Comment 6 Nils Philippsen 2011-05-31 11:06:58 UTC 
*** Bug 669361 has been marked as a duplicate of this bug. ***
Comment 7 Nils Philippsen 2011-05-31 11:08:20 UTC 
*** Bug 677632 has been marked as a duplicate of this bug. ***
Comment 8 Nils Philippsen 2012-01-18 10:52:58 UTC 
Fedora 14 has reached its end of life. The same issue on Fedora 15 is tracked in bug #716325.

*** This bug has been marked as a duplicate of bug 716325 ***