Created attachment 792814 [details] Reproducer Description of problem: Geeqie crashes when opening image with multiple dots in name (e.g. test.dot.svg). Version-Release number of selected component (if applicable): geeqie-1.1-10.fc19.x86_64 How reproducible: Always Steps to Reproduce: 1. Open the attached image by: geeqie ./test.dot.svg Actual results: Crash Expected results: No crash Additional info: The eog and firefox haven't problem with the image. Also the image can be opened in geeqie if renamed to test.svg.
Amazing. It's hard to reproduce, however. Gave the reproducer a try with Fedora 20, it crashed immediately. ABRT didn't catch anything. So, I ran "debuginfo-install geeqie". Tried to reproduce once more. Couldn't. After deinstalling all debuginfo pkgs and trying a few more times, suddenly it crashed again. So, I don't have a detailed backtrace yet, just confirmation that it's outside Geeqie (which uses gdk-pixbuf2 for SVG loading). $ geeqie test.dot.svg Could not init LIRC support *** longjmp causes uninitialized stack frame ***: geeqie terminated ======= Backtrace: ========= /lib64/libc.so.6(+0x3332675d9f)[0x7f2ab8d5ad9f] /lib64/libc.so.6(__fortify_fail+0x37)[0x7f2ab8debb07] /lib64/libc.so.6(+0x3332706a2d)[0x7f2ab8deba2d] /lib64/libc.so.6(__longjmp_chk+0x29)[0x7f2ab8deb989] /lib64/libfreetype.so.6(+0x3338e5f75e)[0x7f2ab572675e] /lib64/libfreetype.so.6(+0x3338e60502)[0x7f2ab5727502] /lib64/libfreetype.so.6(FT_Outline_Decompose+0x16a)[0x7f2ab56da25a] /lib64/libfreetype.so.6(+0x3338e60663)[0x7f2ab5727663] /lib64/libfreetype.so.6(+0x3338e609ad)[0x7f2ab57279ad] /lib64/libfreetype.so.6(+0x3338e5f463)[0x7f2ab5726463] /lib64/libfreetype.so.6(FT_Render_Glyph_Internal+0xb3)[0x7f2ab56dea83] /lib64/libcairo.so.2(+0x3070cc8c33)[0x7f2ab7f11c33] [...]
Created attachment 792855 [details] non-detailed backtrace
The multiple dots are the false track, btw. $ geeqie test.svg Segmentation fault (core dumped) There are other side-effects seldomly, too: $ geeqie test.svg (geeqie:12540): Pango-WARNING **: shaping failure, expect ugly output. shape-engine='BasicEngineFc', font='Nimbus Roman No9 L 13.9990234375', text='b'
https://bugzilla.redhat.com/678397 (gray_find_cell() - longjmp causes uninitialized stack frame) The reproducer there was a PNG file. Do you know the assignee?
(In reply to Michael Schwendt from comment #4) I pinged him.
(In reply to Jaroslav Škarvada from comment #5) > (In reply to Michael Schwendt from comment #4) > I pinged him. He wrote me, that he will try to respond in one or two days. If you think it's dupe, feel free to close this bug.
Yes, I think it's the same issue that also affects gnome-shell, cinnamon, evince and other programs. *** This bug has been marked as a duplicate of bug 678397 ***