Version-Release number of selected component: unrtf-0.21.5-4.fc21 Additional info: reporter: libreport-2.3.0 backtrace_rating: 4 cmdline: unrtf --nopict -t text 'Shadowmarch - Tad Williams.rtf' crash_function: hash_get_string executable: /usr/bin/unrtf kernel: 3.17.7-200.fc20.x86_64 runlevel: N 3 type: CCpp uid: 500 Truncated backtrace: [New LWP 16180] Core was generated by `unrtf --nopict -t text Shadowmarch - Tad Williams.rtf'. Program terminated with signal SIGSEGV, Segmentation fault. #0 hash_get_string (value=18446744071880836975) at hash.c:212 212 if (hi->value == value) Thread 1 (LWP 16180): #0 hash_get_string (value=18446744071880836975) at hash.c:212 index = -109 hi = 0x277 #1 0x000000000040bef8 in optimize_word (w=0x16bce90) at word.c:236 s = <optimized out> s1 = <optimized out> i = <optimized out> len = <optimized out> c = 0x2838780 tags_to_opt = {{name = 0x40e98b "\\fs", has_param = 1}, {name = 0x40ca0a "\\f", has_param = 1}, {name = 0x40c2f8 "", has_param = 0}} root = 0x15f3300 w2 = 0x16bce70 #2 0x000000000040bfc8 in optimize_word (w=0x15f2050) at word.c:267 s = 0x0 s1 = <optimized out> i = <optimized out> len = <optimized out> c = 0x0 tags_to_opt = {{name = 0x40e98b "\\fs", has_param = 1}, {name = 0x40ca0a "\\f", has_param = 1}, {name = 0x40c2f8 "", has_param = 0}} root = 0x15f2050 w2 = 0xffffff93 #3 0x0000000000401806 in main (argc=5, argv=<optimized out>) at main.c:266 f = 0x15f24d0 word = 0x15f2050 path = <optimized out> env_path_p = <optimized out> i = <optimized out> From To Syms Read Shared Object Library 0x00007f8acae944f0 0x00007f8acafdfca4 Yes /lib64/libc.so.6 0x00007f8acb232b10 0x00007f8acb24d6d0 Yes /lib64/ld-linux-x86-64.so.2 $1 = 0x0 No symbol "__glib_assert_msg" in current context. rax 0x277 631 rbx 0x2 2 rcx 0x68 104 rdx 0x0 0 rsi 0x16b9c70 23829616 rdi 0xffffffff9300076f -1828714641 rbp 0x2 0x2 rsp 0x7fff3e6d0dc0 0x7fff3e6d0dc0 r8 0x2838780 42174336 r9 0x15f2af0 23014128 r10 0x20 32 r11 0x2 2 r12 0x16b9c70 23829616 r13 0x16bce70 23842416 r14 0x16bce90 23842448 r15 0x40c2f8 4244216 rip 0x408478 0x408478 <hash_get_string+40> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 Dump of assembler code for function hash_get_string: 0x0000000000408450 <+0>: mov %rdi,%rax 0x0000000000408453 <+3>: sub $0x8,%rsp 0x0000000000408457 <+7>: shr $0x18,%rax 0x000000000040845b <+11>: cltq 0x000000000040845d <+13>: mov 0x65d200(,%rax,8),%rax 0x0000000000408465 <+21>: test %rax,%rax 0x0000000000408468 <+24>: jne 0x408478 <hash_get_string+40> 0x000000000040846a <+26>: jmp 0x408490 <hash_get_string+64> 0x000000000040846c <+28>: nopl 0x0(%rax) 0x0000000000408470 <+32>: mov (%rax),%rax 0x0000000000408473 <+35>: test %rax,%rax 0x0000000000408476 <+38>: je 0x408490 <hash_get_string+64> => 0x0000000000408478 <+40>: cmp %rdi,0x10(%rax) 0x000000000040847c <+44>: jne 0x408470 <hash_get_string+32> 0x000000000040847e <+46>: mov 0x8(%rax),%rax 0x0000000000408482 <+50>: add $0x8,%rsp 0x0000000000408486 <+54>: retq 0x0000000000408487 <+55>: nopw 0x0(%rax,%rax,1) 0x0000000000408490 <+64>: mov $0x40df42,%edi 0x0000000000408495 <+69>: callq 0x4082b0 <warning_handler> 0x000000000040849a <+74>: xor %eax,%eax 0x000000000040849c <+76>: add $0x8,%rsp 0x00000000004084a0 <+80>: retq End of assembler dump. Potential duplicate: bug 957215
Created attachment 974173 [details] File: backtrace
Created attachment 974174 [details] File: cgroup
Created attachment 974175 [details] File: core_backtrace
Created attachment 974176 [details] File: dso_list
Created attachment 974177 [details] File: environ
Created attachment 974178 [details] File: exploitable
Created attachment 974179 [details] File: limits
Created attachment 974180 [details] File: maps
Created attachment 974181 [details] File: open_fds
Created attachment 974182 [details] File: proc_pid_status
Created attachment 974183 [details] File: var_log_messages
Hi Kerry, would you mind testing version 0.21.7? Version 0.21.7 is available in Fedora 21's updates-testing, and you can install it with "yum --enablerepo=updates-testing update unrtf". This fixes a number of crasher bugs. https://admin.fedoraproject.org/updates/FEDORA-2014-17281/unrtf-0.21.7-1.fc21 Alternatively I've just submitted the package to Fedora's main updates repository today, so it should get out to the mirrors in a couple of days.
unrtf-0.21.7 has been submitted to Fedora 21 stable and it should be available from the mirrors. Kerry, would you mind testing against 0.21.9? I've submitted it for testing yesterday, and it should be signed and pushed out to Fedora's updates-testing mirrors soon. You can grab the Fedora 21 build directly from http://koji.fedoraproject.org/koji/buildinfo?buildID=601814 immediately if you wish. If you'd rather wait for signed builds, you can wait a few days for the Fedora infra admins to sign the package and push it out to the Fedora mirrors: https://admin.fedoraproject.org/updates/unrtf-0.21.9-1.fc21 . When that's done, you can run "yum --enablerepo=updates-testing update unrtf", and yum will then update your system to unrtf-0.21.9-1.fc21 . Either way, we'd really welcome your feedback and confirmation that this does in fact fix your issue.
Thanks. unrtf-0.21.9-1.fc21.x86_64 no longer crashes processing that file.
That's really great. Thanks for getting back to us. I'll plan to push unrtf-0.21.9-1 to stable as soon as it's spent the required time in updates-testing.
unrtf-0.21.9-1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/FEDORA-2015-0159/unrtf-0.21.9-1.fc21
unrtf-0.21.9-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
This message is a reminder that Fedora 21 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 21. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '21'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 21 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 21 changed to end-of-life (EOL) status on 2015-12-01. Fedora 21 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.