Description of problem: clicked on an emoji in the Characters app Version-Release number of selected component: gjs-1.52.2-1.fc28 Additional info: reporter: libreport-2.9.4 backtrace_rating: 4 cmdline: /usr/bin/gjs /usr/share/org.gnome.Characters/org.gnome.Characters --gapplication-service crash_function: memcpy executable: /usr/bin/gjs-console journald_cursor: s=11ea4f5d97d143ffb85d769ed717ed00;i=7d45e;b=68398fde0f114732a33f5ee7ad05eb11;m=7f30a1dd83;t=56a792026861b;x=bbdf7138d883d258 kernel: 4.16.2-300.fc28.x86_64 rootdir: / runlevel: N 5 type: CCpp uid: 1000 Truncated backtrace: Thread no. 1 (10 frames) #0 memcpy at /usr/include/bits/string_fortified.h:34 #1 init_blocks at ../lib/gc.c:926 #2 gc_character_iter_init_for_related at ../lib/gc.c:937 #3 gc_search_context_search at ../lib/gc.c:1124 #4 ffi_call_unix64 at ../src/x86/unix64.S:76 #5 ffi_call at ../src/x86/ffi64.c:525 #6 ?? #7 ?? #8 js::CallJSNative at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/jscntxtinlines.h:239 #9 js::InternalCallOrConstruct at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/vm/Interpreter.cpp:447
Created attachment 1425477 [details] File: backtrace
Created attachment 1425478 [details] File: cgroup
Created attachment 1425479 [details] File: core_backtrace
Created attachment 1425480 [details] File: cpuinfo
Created attachment 1425481 [details] File: dso_list
Created attachment 1425482 [details] File: environ
Created attachment 1425483 [details] File: exploitable
Created attachment 1425484 [details] File: limits
Created attachment 1425485 [details] File: maps
Created attachment 1425486 [details] File: mountinfo
Created attachment 1425487 [details] File: open_fds
Created attachment 1425488 [details] File: proc_pid_status
Similar problem has been detected: Just opened the app, selected (clicked on a) a character in Favourites, app immediately SIGSEGVed. reporter: libreport-2.9.4 backtrace_rating: 4 cmdline: /usr/bin/gjs /usr/share/org.gnome.Characters/org.gnome.Characters --gapplication-service crash_function: memcpy executable: /usr/bin/gjs-console journald_cursor: s=85cf6e87ac054deb81b508e67d22e9fe;i=14dce3;b=c8f3c511b23c4c9e954fdf03ee3a6162;m=230f4518;t=56a803362313d;x=b18697a8382c2d50 kernel: 4.16.3-300.fc28.x86_64 package: gjs-1.52.2-1.fc28 reason: gjs-console killed by SIGSEGV rootdir: / runlevel: N 5 type: CCpp uid: 1000
Similar problem has been detected: Clicked on a character. reporter: libreport-2.9.4 backtrace_rating: 4 cmdline: /usr/bin/gjs /usr/share/org.gnome.Characters/org.gnome.Characters --gapplication-service crash_function: memcpy executable: /usr/bin/gjs-console journald_cursor: s=72532229e95441b88b9d87fae005bfbc;i=1ee580;b=113edc80746540138a92e1462a1971b2;m=7fbe8888d;t=56b031c7cf1b7;x=af0bf2e4a86891f2 kernel: 4.16.4-300.fc28.x86_64 package: gjs-1.52.2-1.fc28 reason: gjs-console killed by SIGSEGV rootdir: / runlevel: N 5 type: CCpp uid: 1402400001
Similar problem has been detected: Very reproducable. I'm trying to get an em dash from the GNOME character map. I open up the character map, search for 'em' or 'dash' (it doesn't matter which), click on the em dash in the pane on the right and the character map crashes. reporter: libreport-2.9.4 backtrace_rating: 4 cmdline: /usr/bin/gjs /usr/share/org.gnome.Characters/org.gnome.Characters --gapplication-service crash_function: memcpy executable: /usr/bin/gjs-console journald_cursor: s=d153c413e8d14cafb6385ae143df13e7;i=1a05b;b=7c5429b3bcc54b88b881588e07bb27ec;m=1a6dc1099;t=56b14fa8ce64e;x=60367aa826e3f686 kernel: 4.16.3-301.fc28.x86_64 package: gjs-1.52.2-1.fc28 reason: gjs-console killed by SIGSEGV rootdir: / runlevel: N 5 type: CCpp uid: 1000
Similar problem has been detected: Recently updated to 28 and tried to select an emoji reporter: libreport-2.9.5 backtrace_rating: 4 cmdline: /usr/bin/gjs /usr/share/org.gnome.Characters/org.gnome.Characters --gapplication-service crash_function: memcpy executable: /usr/bin/gjs-console journald_cursor: s=4b1f7cbdccb64d17990dca3397f9396d;i=28893;b=7798bb22aa564d049abd202f937b1e32;m=13804179f;t=56b39ebc81e41;x=168df8a6c90c7627 kernel: 4.16.5-300.fc28.x86_64 package: gjs-1.52.2-1.fc28 reason: gjs-console killed by SIGSEGV rootdir: / runlevel: N 5 type: CCpp uid: 1000
Hello! It looks like a NULL pointer dereferencing, I ran it with GDB: gdb --args /usr/bin/gjs /usr/share/org.gnome.Characters/org.gnome.Characters the src of memcpy is 0x0. Thread 1 "gjs" received signal SIGSEGV, Segmentation fault. 0x00007fffa546530b in memcpy (__len=16, __src=0x0, __dest=0x7fffa54691a0 <latin_blocks>) at /usr/include/bits/string_fortified.h:34 warning: Source file is more recent than executable. 34 return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); Missing separate debuginfos, use: dnf debuginfo-install cairo-1.15.12-2.fc28.x86_64 cairo-gobject-1.15.12-2.fc28.x86_64 (gdb) bt #0 0x00007fffa546530b in memcpy (__len=16, __src=0x0, __dest=0x7fffa54691a0 <latin_blocks>) at /usr/include/bits/string_fortified.h:34 #1 0x00007fffa546530b in init_blocks (blocks=blocks@entry=0x7fffa54691a0 <latin_blocks>, starters=starters@entry=0x7fffa5469180 <latin_block_starters>, size=size@entry=4) at ../lib/gc.c:926 #2 0x00007fffa54664cc in gc_character_iter_init_for_related (uc=128077, iter=0x5555562e8e08) at ../lib/gc.c:937 #3 0x00007fffa54664cc in gc_search_context_search (context=0x5555562e8de0 [GcSearchContext], max_matches=-1, cancellable=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at ../lib/gc.c:1124 #4 0x00007ffff5ba603e in ffi_call_unix64 () at ../src/x86/unix64.S:76 #5 0x00007ffff5ba59ff in ffi_call (cif=<optimized out>, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>) at ../src/x86/ffi64.c:525 #6 0x00007ffff7b38601 in gjs_invoke_c_function(JSContext*, Function*, JS::HandleObject, JS::HandleValueArray const&, mozilla::Maybe<JS::MutableHandle<JS::Value> >, GIArgument*) (context=0x5555557846b0, function=0x55555633c400, obj=..., args=..., js_rval=..., r_value=0x0) at gi/function.cpp:1088 #7 0x00007ffff7b39cc8 in function_call(JSContext*, unsigned int, JS::Value*) (context=0x5555557846b0, js_argc=3, vp=0x5555559bd578) at /usr/include/c++/8/new:169 #8 0x00007ffff3da2335 in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) (args=..., native=0x7ffff7b39b60 <function_call(JSContext*, unsigned int, JS::Value*)+98723>, cx=0x5555557846b0) at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/jscntxtinlines.h:239 #9 0x00007ffff3da2335 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (cx=0x5555557846b0, args=..., construct=NO_CONSTRUCT) at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/vm/Interpreter.cpp:447 #10 0x00007ffff3d9c67a in js::CallFromStack(JSContext*, JS::CallArgs const&) (args=..., cx=<optimized out>) at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/vm/Interpreter.cpp:2922 #11 0x00007ffff3d9c67a in Interpret(JSContext*, js::RunState&) (cx=0x5555557846b0, state=...) at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/vm/Interpreter.cpp:2922 #12 0x00007ffff3da1dad in js::RunScript(JSContext*, js::RunState&) (cx=cx@entry=0x5555557846b0, state=...) at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/vm/Interpreter.cpp:405 #13 0x00007ffff3da217a in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (cx=cx@entry=0x5555557846b0, args=..., construct=construct@entry=NO_CONSTRUCT) at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/vm/Interpreter.cpp:477 #14 0x00007ffff3da23f9 in InternalCall(JSContext*, js::AnyInvokeArgs const&) (cx=cx@entry=0x5555557846b0, args=...) at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/vm/Interpreter.cpp:504 #15 0x00007ffff3da245d in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) (cx=cx@entry=0x5555557846b0, fval=..., fval@entry=..., thisv=..., args=..., rval=...) at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/vm/Interpreter.cpp:523 #16 0x00007ffff3c5dd8c in js::fun_apply(JSContext*, unsigned int, JS::Value*) (cx=cx@entry=0x5555557846b0, argc=<optimized out>, vp=0x7fffffff5218) at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/jsfun.cpp:1318 #17 0x00007ffff3da22a5 in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) (args=..., native=0x7ffff3c5da20 <js::fun_apply(JSContext*, unsigned int, JS::Value*)>, cx=0x5555557846b0) at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/jscntxtinlines.h:239 #18 0x00007ffff3da22a5 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (cx=cx@entry=0x5555557846b0, args=..., construct=construct@entry=NO_CONSTRUCT) at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/vm/Interpreter.cpp:459 #19 0x00007ffff3da23f9 in InternalCall(JSContext*, js::AnyInvokeArgs const&) (cx=cx@entry=0x5555557846b0, args=...) at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/vm/Interpreter.cpp:504 #20 0x00007ffff3da2429 in js::CallFromStack(JSContext*, JS::CallArgs const&) (cx=cx@entry=0x5555557846b0, args=...) at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/vm/Interpreter.cpp:510 #21 0x00007ffff3fc421c in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, uint32_t, JS::Value*, JS::MutableHandleValue) (cx=0x5555557846b0, frame=0x7fffffff5298, stub_=0x5555560f3378, argc=2, vp=0x7fffffff5218, res=...) at /usr/src/debug/mozjs52-52.7.3-1.fc28.x86_64/jit/BaselineIC.cpp:6020 #22 0x00001f0b3c2b3a96 in () #23 0x0000000000000000 in ()
https://gitlab.gnome.org/GNOME/gnome-characters/commit/00877953360f4a42c9f3c9cd11b4a16843494e00
*** Bug 1575558 has been marked as a duplicate of this bug. ***
This may have the same root cause is bug 1575842. That bug is also specific to F28, related to fonts and makes Inkscape crash instantly. (The same version of inkscape works fine with other distributions.)
*** Bug 1576064 has been marked as a duplicate of this bug. ***