Bug 1048499 - [abrt] liferea: enclosure_list_view_load(): liferea killed by SIGSEGV
Summary: [abrt] liferea: enclosure_list_view_load(): liferea killed by SIGSEGV
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: liferea
Version: 20
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Steven M. Parrish
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:0ee4afe268808a924bf188af2f5...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-01-04 17:35 UTC by Carlos Manso
Modified: 2014-03-07 06:28 UTC (History)
4 users (show)

Fixed In Version: liferea-1.10.6-1.fc20
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-03-07 06:28:26 UTC
Type: ---


Attachments (Terms of Use)
File: backtrace (37.17 KB, text/plain)
2014-01-04 17:35 UTC, Carlos Manso
no flags Details
File: cgroup (172 bytes, text/plain)
2014-01-04 17:35 UTC, Carlos Manso
no flags Details
File: core_backtrace (11.98 KB, text/plain)
2014-01-04 17:35 UTC, Carlos Manso
no flags Details
File: dso_list (15.61 KB, text/plain)
2014-01-04 17:35 UTC, Carlos Manso
no flags Details
File: environ (1.51 KB, text/plain)
2014-01-04 17:35 UTC, Carlos Manso
no flags Details
File: exploitable (82 bytes, text/plain)
2014-01-04 17:35 UTC, Carlos Manso
no flags Details
File: limits (1.29 KB, text/plain)
2014-01-04 17:35 UTC, Carlos Manso
no flags Details
File: maps (74.56 KB, text/plain)
2014-01-04 17:35 UTC, Carlos Manso
no flags Details
File: open_fds (1.20 KB, text/plain)
2014-01-04 17:35 UTC, Carlos Manso
no flags Details
File: proc_pid_status (937 bytes, text/plain)
2014-01-04 17:35 UTC, Carlos Manso
no flags Details
File: var_log_messages (785 bytes, text/plain)
2014-01-04 17:35 UTC, Carlos Manso
no flags Details

Description Carlos Manso 2014-01-04 17:35:08 UTC
Description of problem:
Just launching it.

Version-Release number of selected component:
liferea-1.10.3-1.fc20

Additional info:
reporter:       libreport-2.1.10
backtrace_rating: 4
cmdline:        liferea
crash_function: enclosure_list_view_load
executable:     /usr/bin/liferea
kernel:         3.12.5-302.fc20.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (7 frames)
 #0 enclosure_list_view_load at enclosure_list_view.c:248
 #1 itemview_select_item at itemview.c:189
 #2 liferea_shell_create at liferea_shell.c:1361
 #3 on_app_activate at main.c:87
 #8 g_application_activate at gapplication.c:1414
 #9 g_application_real_local_command_line at gapplication.c:499
 #10 g_application_run at gapplication.c:1585

Comment 1 Carlos Manso 2014-01-04 17:35:14 UTC
Created attachment 845427 [details]
File: backtrace

Comment 2 Carlos Manso 2014-01-04 17:35:16 UTC
Created attachment 845428 [details]
File: cgroup

Comment 3 Carlos Manso 2014-01-04 17:35:18 UTC
Created attachment 845429 [details]
File: core_backtrace

Comment 4 Carlos Manso 2014-01-04 17:35:21 UTC
Created attachment 845430 [details]
File: dso_list

Comment 5 Carlos Manso 2014-01-04 17:35:23 UTC
Created attachment 845431 [details]
File: environ

Comment 6 Carlos Manso 2014-01-04 17:35:25 UTC
Created attachment 845432 [details]
File: exploitable

Comment 7 Carlos Manso 2014-01-04 17:35:29 UTC
Created attachment 845433 [details]
File: limits

Comment 8 Carlos Manso 2014-01-04 17:35:36 UTC
Created attachment 845434 [details]
File: maps

Comment 9 Carlos Manso 2014-01-04 17:35:39 UTC
Created attachment 845435 [details]
File: open_fds

Comment 10 Carlos Manso 2014-01-04 17:35:41 UTC
Created attachment 845436 [details]
File: proc_pid_status

Comment 11 Carlos Manso 2014-01-04 17:35:46 UTC
Created attachment 845437 [details]
File: var_log_messages

Comment 12 Paul Bolle 2014-01-27 16:38:40 UTC
0) Still reproducible with liferea-1.10.5-1.fc20.x86_64

1) I installed liferea-debuginfo, ran liferea from gdb and peeked and poked liferea a bit. It turns out this seems to be enough to work around this segmentation fault:

    l itemview_select_item
    break 188 if ivp->enclosureView == 0
    commands
    jump 193
    end
    r

Ie, set this conditional breakpoint:
    (gdb) info break
    Num     Type           Disp Enb Address            What
    1       breakpoint     keep y   0x0000000000441cbd in itemview_select_item 
                                                   at itemview.c:188
    	stop only if ivp->enclosureView == 0
	breakpoint already hit 1 time
        jump 193

2) See, somehow we end up with a NULL ivp->enclosureView in itemview_select_item(). I haven't investigated whether that means something went awry before or that we have to add a
    if (ivp->enclosureView) 

test here somewhere. To be continued, perhaps ...

Comment 13 Yanko Kaneti 2014-01-27 17:15:05 UTC
I've filed an upstream report although I can't reproduce it.
https://sourceforge.net/p/liferea/bugs/1137/

Comment 14 Paul Bolle 2014-01-27 19:43:36 UTC
(In reply to Yanko Kaneti from comment #13)
> I've filed an upstream report although I can't reproduce it.

Neither can I anymore. Now that I've passed this bump using gdb liferea runs just fine. Maybe there's still an item in one of the feeds that triggers this bug, maybe not. This might be hard to trigger from now on. We'll see...

Comment 15 Paul Bolle 2014-01-29 23:53:50 UTC
(In reply to Paul Bolle from comment #14)
> Neither can I anymore.

0) The crash is back!

1) So let's look at the code I fiddled with when using gdb:

void
itemview_select_item (itemPtr item)
{
        [...]

        if (item)
                enclosure_list_view_load (ivp->enclosureView, item);
        else
                enclosure_list_view_hide (ivp->enclosureView);

        item_history_add (item->id);
}

But the "if (item)" test is bogus, because all callers of itemview_select_item() test for a non-NULL item beforehand. So that test will always evaluate to true. Moreover, if a NULL item would have been passed to this function we'd crashed at "item_history_add (item->id)" (NULL dereference).

2) So, it's quite likely the code should actually read:

void
itemview_select_item (itemPtr item)
{
        [...]

        if (ivp->enclosureView)
                enclosure_list_view_load (ivp->enclosureView, item);

        item_history_add (item->id);
}

Which is what my gdb breakpoint and command basically did.

3) Does upstream track updates to this report?

Comment 16 Paul Bolle 2014-01-30 00:20:22 UTC
(In reply to Paul Bolle from comment #15) 
> 2) So, it's quite likely the code should actually read:
> 
> void
> itemview_select_item (itemPtr item)
> {
>         [...]
> 
>         if (ivp->enclosureView)
>                 enclosure_list_view_load (ivp->enclosureView, item);
> 
>         item_history_add (item->id);
> }
> 
> Which is what my gdb breakpoint and command basically did.

To which I should add that it's obviously wrong to call enclosure_list_view_load() with a NULL first argument (ie, to call it with a NULL ivp->enclosureView). So now I'm certain itemview_select_item() should be changed this way.

Unless, of course, this all indicates there's a more basic problem here. In that case someone may figure out how we can ensure itemview_select_item() isn't called while ivp->enclosureView is NULL.

Anyhow, in the mean time we have a clearly correct fix for a crash that seems to be regularly hit. Do I need to submit the trivial patch to - at least for the mean time - fix this in Fedora?

Comment 17 Fedora Update System 2014-02-25 01:21:50 UTC
liferea-1.10.6-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/liferea-1.10.6-1.fc20

Comment 18 Fedora Update System 2014-02-26 13:58:40 UTC
Package liferea-1.10.6-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing liferea-1.10.6-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-3117/liferea-1.10.6-1.fc20
then log in and leave karma (feedback).

Comment 19 Fedora Update System 2014-03-07 06:28:26 UTC
liferea-1.10.6-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.