Bug 783620

Summary: [abrt] ucblogo-6.0-8.fc15: save_move: Process /usr/bin/logo was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Dave Allan <dallan>
Component: ucblogoAssignee: Dave Allan <dallan>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: auroux, gemi
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:168b5453a81ffb96628e8933ff6cbe8e910b4513
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-20 18:14:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: backtrace
none
File: backtrace
none
potential fix none

Description Dave Allan 2012-01-21 02:37:17 UTC 
libreport version: 2.0.8
abrt_version:   2.0.7
backtrace_rating: 4
cmdline:        logo
crash_function: save_move
executable:     /usr/bin/logo
kernel:         3.1.9-1.fc16.x86_64
pid:            29234
pwd:            /home/dallan
reason:         Process /usr/bin/logo was killed by signal 11 (SIGSEGV)
time:           Fri 20 Jan 2012 09:28:44 PM EST
username:       dallan

backtrace:      Text file, 4676 bytes

build_ids:
:9d1209fc79304f03cc839de1c0036c61b48dfff8
:1c6a95451ee19617be5abea3d121f0226d21ddda
:638db099ff5fb986d1a092629d1bb1dca5be4904
:4c842320387ff7f6f91b7842b223c16518be909f
:3ed9e61c2b7e707ce244816335776afa2ad0307d
:cb005ba39e60ec10a2c690a3ff352ccefa898cc9
:0f0c9eed63ed279ceb0aef109eff8bcbb351e4bb
:374add1ead31ccb449779bc7ee7877de3377e5ad
:3cbc639da8b05f5cd87202ff77c5c335313d3276
:7994f114cf7189e482f2665fae8e351ed8bc05e3

comment:
:This segfault appears to be 100% reproducible.  If I enter:
:
:? repeat 10000 [ fd .1 rt 360/10000]
:
:in the interpreter, logo segfaults.  I'm just playing around with it, so I've no idea whether that's a valid instruction or not (although sometimes it gets a quarter through drawing the figure before it crashes).

dso_list:
:/lib64/libdl-2.14.90.so glibc-2.14.90-24.fc16.4.x86_64 (Fedora Project) 1325824728
:/lib64/libm-2.14.90.so glibc-2.14.90-24.fc16.4.x86_64 (Fedora Project) 1325824728
:/usr/lib64/libxcb.so.1.1.0 libxcb-1.7-3.fc16.x86_64 (Fedora Project) 1325824741
:/lib64/libc-2.14.90.so glibc-2.14.90-24.fc16.4.x86_64 (Fedora Project) 1325824728
:/usr/lib64/libX11.so.6.3.0 libX11-1.4.3-1.fc16.x86_64 (Fedora Project) 1325824741
:/lib64/libgcc_s-4.6.2-20111027.so.1 libgcc-4.6.2-1.fc16.x86_64 (Fedora Project) 1325824717
:/usr/bin/logo ucblogo-6.0-8.fc15.x86_64 (Fedora Project) 1327101012
:/usr/lib64/libXau.so.6.0.0 libXau-1.0.6-2.fc15.x86_64 (Fedora Project) 1325824740
:/lib64/libtinfo.so.5.9 ncurses-libs-5.9-2.20110716.fc16.x86_64 (Fedora Project) 1325824732
:/lib64/ld-2.14.90.so glibc-2.14.90-24.fc16.4.x86_64 (Fedora Project) 1325824728

maps:
:00400000-0042c000 r-xp 00000000 fd:02 2632578                            /usr/bin/logo
:0062c000-0062f000 rw-p 0002c000 fd:02 2632578                            /usr/bin/logo
:0062f000-00662000 rw-p 00000000 00:00 0 
:01b16000-01b75000 rw-p 00000000 00:00 0                                  [heap]
:3355000000-3355022000 r-xp 00000000 fd:02 1049062                        /lib64/ld-2.14.90.so
:3355221000-3355222000 r--p 00021000 fd:02 1049062                        /lib64/ld-2.14.90.so
:3355222000-3355223000 rw-p 00022000 fd:02 1049062                        /lib64/ld-2.14.90.so
:3355223000-3355224000 rw-p 00000000 00:00 0 
:3355400000-33555ab000 r-xp 00000000 fd:02 1049063                        /lib64/libc-2.14.90.so
:33555ab000-33557ab000 ---p 001ab000 fd:02 1049063                        /lib64/libc-2.14.90.so
:33557ab000-33557af000 r--p 001ab000 fd:02 1049063                        /lib64/libc-2.14.90.so
:33557af000-33557b1000 rw-p 001af000 fd:02 1049063                        /lib64/libc-2.14.90.so
:33557b1000-33557b6000 rw-p 00000000 00:00 0 
:3355c00000-3355c02000 r-xp 00000000 fd:02 1049069                        /lib64/libdl-2.14.90.so
:3355c02000-3355e02000 ---p 00002000 fd:02 1049069                        /lib64/libdl-2.14.90.so
:3355e02000-3355e03000 r--p 00002000 fd:02 1049069                        /lib64/libdl-2.14.90.so
:3355e03000-3355e04000 rw-p 00003000 fd:02 1049069                        /lib64/libdl-2.14.90.so
:3356400000-3356483000 r-xp 00000000 fd:02 1049077                        /lib64/libm-2.14.90.so
:3356483000-3356682000 ---p 00083000 fd:02 1049077                        /lib64/libm-2.14.90.so
:3356682000-3356683000 r--p 00082000 fd:02 1049077                        /lib64/libm-2.14.90.so
:3356683000-3356684000 rw-p 00083000 fd:02 1049077                        /lib64/libm-2.14.90.so
:3356800000-3356815000 r-xp 00000000 fd:02 1049078                        /lib64/libgcc_s-4.6.2-20111027.so.1
:3356815000-3356a14000 ---p 00015000 fd:02 1049078                        /lib64/libgcc_s-4.6.2-20111027.so.1
:3356a14000-3356a15000 rw-p 00014000 fd:02 1049078                        /lib64/libgcc_s-4.6.2-20111027.so.1
:3359400000-3359539000 r-xp 00000000 fd:02 2642501                        /usr/lib64/libX11.so.6.3.0
:3359539000-3359738000 ---p 00139000 fd:02 2642501                        /usr/lib64/libX11.so.6.3.0
:3359738000-335973e000 rw-p 00138000 fd:02 2642501                        /usr/lib64/libX11.so.6.3.0
:3359800000-3359802000 r-xp 00000000 fd:02 2630796                        /usr/lib64/libXau.so.6.0.0
:3359802000-3359a02000 ---p 00002000 fd:02 2630796                        /usr/lib64/libXau.so.6.0.0
:3359a02000-3359a03000 rw-p 00002000 fd:02 2630796                        /usr/lib64/libXau.so.6.0.0
:3359c00000-3359c1b000 r-xp 00000000 fd:02 2642500                        /usr/lib64/libxcb.so.1.1.0
:3359c1b000-3359e1a000 ---p 0001b000 fd:02 2642500                        /usr/lib64/libxcb.so.1.1.0
:3359e1a000-3359e1b000 rw-p 0001a000 fd:02 2642500                        /usr/lib64/libxcb.so.1.1.0
:3366000000-3366023000 r-xp 00000000 fd:02 1049045                        /lib64/libtinfo.so.5.9
:3366023000-3366222000 ---p 00023000 fd:02 1049045                        /lib64/libtinfo.so.5.9
:3366222000-3366226000 r--p 00022000 fd:02 1049045                        /lib64/libtinfo.so.5.9
:3366226000-3366227000 rw-p 00026000 fd:02 1049045                        /lib64/libtinfo.so.5.9
:7f0e7fe42000-7f0e7ff42000 rw-p 00000000 00:00 0 
:7f0e7ff57000-7f0e7ff5a000 rw-p 00000000 00:00 0 
:7fff6763a000-7fff6765b000 rw-p 00000000 00:00 0                          [stack]
:7fff6775a000-7fff6775b000 r-xp 00000000 00:00 0                          [vdso]
:ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Comment 1 Dave Allan 2012-01-21 02:37:19 UTC 
Created attachment 556661 [details]
File: backtrace
Comment 2 Dave Allan 2012-04-03 02:28:21 UTC 
A simple repeat statement causes logo to segfault 100% of the time:

repeat 10000 [ fd 1 ]


backtrace_rating: 4
Package: ucblogo-6.0-8.fc15
OS Release: Fedora release 16 (Verne)
Comment 3 Dave Allan 2012-04-03 02:28:24 UTC 
Created attachment 574716 [details]
File: backtrace
Comment 4 Fedora End Of Life 2013-01-16 13:36:03 UTC 
This message is a reminder that Fedora 16 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 16. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '16'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 16's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 16 is end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" and open it against that version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 5 Dave Allan 2013-01-16 18:47:18 UTC 
Still present in ucblogo-6.0-10.fc18.x86_64, so I'm changing the version on the odd chance somebody else hits it or that I get around to making a patch.  IIRC I poked around a bit and discovered that this only affects 64 bit packages, but my memory might be off on that.
Comment 6 Dave Allan 2013-08-14 00:31:41 UTC 
Created attachment 786353 [details]
potential fix

I finally got some time to dig into the crash, and it's the result of an assumption that sizeof(int) == sizeof(char *).  I've tested the attached patch extensively without problems.
Comment 7 Dave Allan 2013-09-20 18:14:07 UTC 
I have switched from ucblogo to python with turtle graphics, so I no longer have an itch to scratch with this bug.  Since I reported it and there is no indication that anyone else has experienced it, I am closing as WONTFIX.  FWIW, I believe the attached patch is correct if anybody wants to pick it up.
Comment 8 Denis Auroux 2018-01-02 14:44:06 UTC 
I confirm this bug is still present in the fc26 package. It only affects the x86-64 version. My workaround was to install the i686 binary, so I didn't test the proposed patch, but I think this would be worth reopening and fixing.