Bug 189317 - abiword: munmap_chunk(): invalid pointer
abiword: munmap_chunk(): invalid pointer
Status: CLOSED DUPLICATE of bug 182399
Product: Fedora
Classification: Fedora
Component: abiword (Show other bugs)
5
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Marc Maurer
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-18 22:29 EDT by Scott Tsai
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-05-12 16:34:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
document to reproduce crash (32.00 KB, application/msword)
2006-04-18 22:29 EDT, Scott Tsai
no flags Details

  None (edit)
Description Scott Tsai 2006-04-18 22:29:12 EDT
Description of problem:
After opening the attached word document, quiting abiword causes glibc to detect
an invalid pointer on free.

Version-Release number of selected component (if applicable):
abiword-2.4.4-2.fc5
fontconfig-2.3.94-1
libXft-2.1.8.2-3.2

How reproducible:
always


Steps to Reproduce:
1. open attached file in abiword
2. quit abiword

  
Actual results:
(AbiWord-2.4:27802): GModule-CRITICAL **: g_module_close: assertion `module !=
NULL' failed

(AbiWord-2.4:27802): libgsf:msole-CRITICAL **: ole_get_block: assertion `block <
ole->info->max_block' failed
*** glibc detected *** abiword: munmap_chunk(): invalid pointer:
0x000000000102e800 ***
======= Backtrace: =========
/lib64/libc.so.6(__libc_free+0x17a)[0x3d2946da1a]
/usr/lib64/libfontconfig.so.1(FcValueListDestroy+0x360)[0x3d2b323dc0]
/usr/lib64/libfontconfig.so.1(FcPatternDestroy+0xff)[0x3d2b3240af]
/usr/lib64/libXft.so.2[0x3d33f0b293]
/usr/lib64/libXft.so.2(XftFontManageMemory+0x108)[0x3d33f0b448]
abiword(_ZN12XAP_UnixFontD1Ev+0x97)[0x60bc77]
abiword(_ZN19XAP_UnixFontManagerD1Ev+0x49)[0x5fe5b9]
abiword(_ZN11XAP_UnixAppD2Ev+0x46)[0x5fa446]
abiword(_ZN10AP_UnixAppD0Ev+0x63)[0x518423]
abiword(_ZN10AP_UnixApp4mainEPKciPS1_+0x354)[0x519ce4]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x3d2941d084]
abiword(__gxx_personality_v0+0x319)[0x515e59]
======= Memory map: ========
00400000-008cb000 r-xp 00000000 fd:00 20110315                          
/usr/bin/AbiWord-2.4
009ca000-00a93000 rw-p 004ca000 fd:00 20110315                          
/usr/bin/AbiWord-2.4
00a93000-00b72000 rw-p 00a93000 00:00 0
00c92000-00d26000 rw-p 00592000 fd:00 20110315                          
/usr/bin/AbiWord-2.4
00d26000-01bce000 rw-p 00d26000 00:00 0                                  [heap]
3264000000-3264013000 r-xp 00000000 fd:00 29655065                      
/lib64/libnsl-2.4.so
3264013000-3264113000 ---p 00013000 fd:00 29655065                      
/lib64/libnsl-2.4.so
3264113000-3264114000 r--p 00013000 fd:00 29655065                      
/lib64/libnsl-2.4.so
3264114000-3264115000 rw-p 00014000 fd:00 29655065                      
/lib64/libnsl-2.4.so
3264115000-3264117000 rw-p 3264115000 00:00 0
3264200000-3264269000 r-xp 00000000 fd:00 29655072                      
/lib64/libdbus-1.so.2.0.0
3264269000-3264368000 ---p 00069000 fd:00 29655072                      
/lib64/libdbus-1.so.2.0.0
3264368000-326436a000 rw-p 00068000 fd:00 29655072                      
/lib64/libdbus-1.so.2.0.0
3265400000-3265407000 r-xp 00000000 fd:00 20093702                      
/usr/lib64/libpopt.so.0.0.0
3265407000-3265507000 ---p 00007000 fd:00 20093702                      
/usr/lib64/libpopt.so.0.0.0
3265507000-3265508000 rw-p 00007000 fd:00 20093702                      
/usr/lib64/libpopt.so.0.0.0
3491a00000-3491a5a000 r-xp 00000000 fd:00 20094332                      
/usr/lib64/libORBit-2.so.0.1.0
3491a5a000-3491b5a000 ---p 0005a000 fd:00 20094332                      
/usr/lib64/libORBit-2.so.0.1.0
3491b5a000-3491b6c000 rw-p 0005a000 fd:00 20094332                      
/usr/lib64/libORBit-2.so.0.1.0
3491b6c000-3491b6d000 rw-p 3491b6c000 00:00 0
3491c00000-3491c05000 r-xp 00000000 fd:00 20097982                      
/usr/lib64/libORBitCosNaming-2.so.0.1.0
3491c05000-3491d04000 ---p 00005000 fd:00 20097982                      
/usr/lib64/libORBitCosNaming-2.so.0.1.0
3491d04000-3491d06000 rw-p 00004000 fd:00 20097982                      
/usr/lib64/libORBitCosNaming-2.so.0.1.0
3492000000-3492016000 r-xp 00000000 fd:00 20098000                      
/usr/lib64/libbonobo-activation.so.4.0.0
3492016000-3492115000 ---p 00016000 fd:00 20098000                      
/usr/lib64/libbonobo-activation.so.4.0.0
3492115000-3492119000 rw-p 00015000 fd:00 20098000                      
/usr/lib64/libbonobo-activation.so.4.0.0
3492200000-3492263000 r-xp 00000000 fd:00 20098596                      
/usr/lib64/libbonobo-2.so.0.0.0
3492263000-3492362000 ---p 00063000 fd:00 20098596                      
/usr/lib64/libbonobo-2.so.0.0.0
3492362000-3492373000 rw-p 00062000 fd:00 20098596                      
/usr/lib64/libbonobo-2.so.0.0.0
3492a00000-3492a0c000 r-xp 00000000 fd:00 20100042                      
/usr/lib64/libgnome-keyring.so.0.0.1
3492a0c000-3492b0b000 ---p 0000c000 fd:00 20100042                      
/usr/lib64/libgnome-keyring.so.0.0.1
3492b0b000-3492b0c000 rw-p 0000b000 fd:00 20100042                      
/usr/lib64/libgnome-keyring.so.0.0.1
3493a00000-3493a6d000 r-xp 00000000 fd:00 20098611                      
/usr/lib64/libgnomeprint-2-2.so.0.1.0
3493a6d000-3493b6d000 ---p 0006d000 fd:00 20098611                    Aborted
(core dumped)

Expected results:
not crashing

Additional info:
The stack trace looks similar to the one in Bug 182399.
gdb backtrace:
#0  0x0000003d2942f765 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x0000003d2942f765 in raise () from /lib64/libc.so.6
#1  0x0000003d29431050 in abort () from /lib64/libc.so.6
#2  0x0000003d294665eb in __libc_message () from /lib64/libc.so.6
#3  0x0000003d2946da1a in free () from /lib64/libc.so.6
#4  0x0000003d2b323dc0 in FcValueListDestroy () from /usr/lib64/libfontconfig.so.1
#5  0x0000003d2b3240af in FcPatternDestroy () from /usr/lib64/libfontconfig.so.1
#6  0x0000003d33f0b293 in XftInitFtLibrary () from /usr/lib64/libXft.so.2
#7  0x0000003d33f0b448 in XftFontManageMemory () from /usr/lib64/libXft.so.2
#8  0x000000000060bc77 in ~XAP_UnixFont (this=0xe0d1c0) at xap_UnixFont.cpp:272
#9  0x00000000005fe5b9 in ~XAP_UnixFontManager (this=Variable "this" is not
available.
) at ../../../../src/af/util/xp/ut_hash.h:145
#10 0x00000000005fa446 in ~XAP_UnixApp (this=0xd26280) at xap_UnixApp.cpp:140
#11 0x0000000000518423 in ~AP_UnixApp (this=0xd26280) at ap_UnixApp.cpp:184
#12 0x0000000000519ce4 in AP_UnixApp::main (szAppName=Variable "szAppName" is
not available.
) at ap_UnixApp.cpp:1546
#13 0x0000003d2941d084 in __libc_start_main () from /lib64/libc.so.6
#14 0x0000000000515e59 in _start ()
#15 0x00007fffff89a0b8 in ?? ()
#16 0x0000000000000000 in ?? ()
Comment 1 Scott Tsai 2006-04-18 22:29:12 EDT
Created attachment 127967 [details]
document to reproduce crash
Comment 2 Michal Jaegermann 2006-05-12 12:30:26 EDT
I think that this is a duplicate of #182399.  BTW - an update to
abiword-2.4.4-3.fc5 does not help with this at all.
Comment 3 Scott Tsai 2006-05-12 14:01:56 EDT
I can also confirm that this still happens with abiword-1:2.4.4-3.fc5.x86_64
Comment 4 Marc Maurer 2006-05-12 16:34:35 EDT

*** This bug has been marked as a duplicate of 182399 ***

Note You need to log in before you can comment on or make changes to this bug.