Bug 155939 - Ethereal's find crashes with glibc backtrace
Ethereal's find crashes with glibc backtrace
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: ethereal (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Radek Vokal
:
Depends On:
Blocks: FC4Target
  Show dependency treegraph
 
Reported: 2005-04-25 17:40 EDT by Oskari Saarenmaa
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-05 06:51:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Oskari Saarenmaa 2005-04-25 17:40:59 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050417 Fedora/1.0.3-2.os.1 Firefox/1.0.3

Description of problem:
When exiting ethereal's find it crashes the program and outputs a glibc backtrace.

Version-Release number of selected component (if applicable):
ethereal-0.10.10-1

How reproducible:
Always

Steps to Reproduce:
1. Fire up ethereal.. capture a few packets
2. Search the packets with a hex string
3. Close search dialog
  

Actual Results:  Program terminated

Expected Results:  Dialog closes normally

Additional info:

*** glibc detected *** ethereal: corrupted double-linked list: 0x007338b8 ***
======= Backtrace: =========
/lib/libc.so.6[0x670801]
/lib/libc.so.6[0x671a1b]
/lib/libc.so.6(malloc+0x74)[0x673107]
/usr/lib/libglib-2.0.so.0(g_malloc+0x30)[0x888a00]
/usr/lib/libpango-1.0.so.0(pango_log2vis_get_embedding_levels+0x14f)[0xa929fd]
/usr/lib/libpango-1.0.so.0[0xa81724]
/usr/lib/libpango-1.0.so.0(pango_itemize_with_base_dir+0xa0)[0xa82354]
/usr/lib/libpango-1.0.so.0[0xa89459]
/usr/lib/libpango-1.0.so.0(pango_layout_get_iter+0x59)[0xa8a353]
/usr/lib/libpango-1.0.so.0(pango_renderer_draw_layout+0xbc)[0xa8f185]
/usr/lib/libgdk-x11-2.0.so.0(gdk_draw_layout_with_colors+0x32b)[0x11bd95]
/usr/lib/libgdk-x11-2.0.so.0(gdk_draw_layout+0xef)[0x11bf7d]
/usr/lib/libgtk-x11-2.0.so.0[0x2c054a1]
/usr/lib/gtk-2.0/2.4.0/engines/libclearlooks.so[0x3555ed]
/usr/lib/libgtk-x11-2.0.so.0(gtk_paint_layout+0x89)[0x2c0855c]
/usr/lib/libgtk-x11-2.0.so.0[0x2ba2977]
/usr/lib/libgtk-x11-2.0.so.0[0x2bb1352]
/usr/lib/libgobject-2.0.so.0[0x8f1d9b]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x10a)[0x8f2285]
/usr/lib/libgobject-2.0.so.0[0x900917]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x41e)[0x901c53]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0x902254]
/usr/lib/libgtk-x11-2.0.so.0[0x2c8ca13]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_propagate_expose+0x15a)[0x2b30a06]
/usr/lib/libgtk-x11-2.0.so.0[0x2b30a5d]
/usr/lib/libgtk-x11-2.0.so.0[0x2af66b9]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_forall+0x65)[0x2b2ef4a]
/usr/lib/libgtk-x11-2.0.so.0[0x2b307d1]
/usr/lib/libgtk-x11-2.0.so.0[0x2bb1352]
/usr/lib/libgobject-2.0.so.0[0x8f1d9b]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x10a)[0x8f2285]
/usr/lib/libgobject-2.0.so.0[0x900917]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x41e)[0x901c53]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0x902254]
/usr/lib/libgtk-x11-2.0.so.0[0x2c8ca13]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_propagate_expose+0x15a)[0x2b30a06]
/usr/lib/libgtk-x11-2.0.so.0[0x2b30a5d]
/usr/lib/libgtk-x11-2.0.so.0[0x2af2f5b]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_forall+0x65)[0x2b2ef4a]
/usr/lib/libgtk-x11-2.0.so.0[0x2b307d1]
/usr/lib/libgtk-x11-2.0.so.0[0x2bb1352]
/usr/lib/libgobject-2.0.so.0[0x8f1d9b]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x10a)[0x8f2285]
/usr/lib/libgobject-2.0.so.0[0x900917]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x41e)[0x901c53]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0x902254]
/usr/lib/libgtk-x11-2.0.so.0[0x2c8ca13]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_propagate_expose+0x15a)[0x2b30a06]
/usr/lib/libgtk-x11-2.0.so.0[0x2b30a5d]
/usr/lib/libgtk-x11-2.0.so.0[0x2af2f5b]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_forall+0x65)[0x2b2ef4a]
/usr/lib/libgtk-x11-2.0.so.0[0x2b307d1]
/usr/lib/libgtk-x11-2.0.so.0[0x2af891b]
/usr/lib/libgtk-x11-2.0.so.0[0x2bb1352]
/usr/lib/libgobject-2.0.so.0[0x8f1d9b]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x10a)[0x8f2285]
/usr/lib/libgobject-2.0.so.0[0x900917]
/usr/lib/libgobject-2.0.so.0[0x900917]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x41e)[0x901c53]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0x902254]
/usr/lib/libgtk-x11-2.0.so.0[0x2c8ca13]
/usr/lib/libgtk-x11-2.0.so.0(gtk_container_propagate_expose+0x15a)[0x2b30a06]
/usr/lib/libgtk-x11-2.0.so.0[0x2b30a5d]
/usr/lib/libgtk-x11-2.0.so.0[0x2af6688]
======= Memory map: ========
00101000-0017d000 r-xp 00000000 fd:00 183632     /usr/lib/libgdk-x11-2.0.so.0.600.7
0017d000-00184000 rwxp 0007c000 fd:00 183632     /usr/lib/libgdk-x11-2.0.so.0.600.7
00184000-00185000 r-xp 00000000 fd:00 251326     /usr/X11R6/lib/X11/locale/lib/common/xlcUTF8Load.so.2
00185000-00186000 rwxp 00000000 fd:00 251326     /usr/X11R6/lib/X11/locale/lib/common/xlcUTF8Load.so.2
00186000-00211000 r-xp 00000000 fd:00 185250     /usr/lib/libnetsnmp.so.5.2.1
00211000-00214000 rwxp 0008b000 fd:00 185250     /usr/lib/libnetsnmp.so.5.2.1
00214000-00232000 rwxp 00214000 00:00 0
00232000-00329000 r-xp 00000000 fd:00 348287     /lib/libcrypto.so.0.9.7f
Comment 1 Radek Vokal 2005-04-26 07:36:22 EDT
I didn't manage to reproduce this bug here. Should I really search for _any_ hex
value? I've tried to find a packet with fe. 0004 and this seems to work fine ..
even find next and find previous still search for this hex value. 
Comment 2 Radek Vokal 2005-04-28 07:34:15 EDT
There's a new rawhide version which might fix this issue, please test it. 
Comment 3 Oskari Saarenmaa 2005-04-28 10:50:10 EDT
I was able to reproduce this with the latest ethereal from rawhide.  I listened
to "all interfaces" in promiscuous mode, hit enter a few times in a ssh window
and stopped capturing.  Then I hit ctrl+f, entered a simple hex string - 0404 -
and hit find.  Find reports no results and the program dies when you click ok.

I also got this captured in valgrind:
==5880== Invalid free() / delete / delete[]
==5880==    at 0x1B908743: free (vg_replace_malloc.c:152)
==5880==    by 0x888B43: g_free (in /usr/lib/libglib-2.0.so.0.600.4)
==5880==    by 0x80ACD04: (within /usr/sbin/ethereal)
==5880==    by 0x8FD816: g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.600.4)
==5880==    by 0x8F2284: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.600.4)
==5880==    by 0x90078A: (within /usr/lib/libgobject-2.0.so.0.600.4)
==5880==    by 0x901EDF: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.600.4)
==5880==    by 0x902253: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.600.4)
==5880==    by 0x42B3B1B: gtk_button_clicked (in /usr/lib/libgtk-x11-2.0.so.0.600.7)
==5880==    by 0x42B5138: (within /usr/lib/libgtk-x11-2.0.so.0.600.7)
==5880==    by 0x42B51CF: (within /usr/lib/libgtk-x11-2.0.so.0.600.7)
==5880==    by 0x436D351: (within /usr/lib/libgtk-x11-2.0.so.0.600.7)
==5880==  Address 0x1CD245C0 is 0 bytes inside a block of size 2 free'd
==5880==    at 0x1B908743: free (vg_replace_malloc.c:152)
==5880==    by 0x888B43: g_free (in /usr/lib/libglib-2.0.so.0.600.4)
==5880==    by 0x80ACCC4: (within /usr/sbin/ethereal)
==5880==    by 0x8FD816: g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.600.4)
==5880==    by 0x8F2284: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.600.4)
==5880==    by 0x90078A: (within /usr/lib/libgobject-2.0.so.0.600.4)
==5880==    by 0x901EDF: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.600.4)
==5880==    by 0x902253: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.600.4)
==5880==    by 0x42B3B1B: gtk_button_clicked (in /usr/lib/libgtk-x11-2.0.so.0.600.7)
==5880==    by 0x42B5138: (within /usr/lib/libgtk-x11-2.0.so.0.600.7)

Maybe this isn't an ethereal issue, but a gtk one?

I'm running gtk2-2.6.7-2 and glib2-2.6.4-1.  Everything else is a day or two old
Rawhide.
Comment 4 Radek Vokal 2005-05-04 07:10:04 EDT
Hmm, still no luck reproducing it. And it seems I've got gtk2 and glib2 same as
you have. I'm currently on FC4t2 with latest rawhide updates. And even valgrind
doesn't show any memory violations ..

$ rpm -q glib2 gtk2
glib2-2.6.4-1
gtk2-2.6.7-2
Comment 5 Radek Vokal 2005-07-05 06:51:07 EDT
Please reopen if you still see this bug with ethereal-0.10.11.

Note You need to log in before you can comment on or make changes to this bug.