Bug 216797 - handle ':' in search strings without crashing
handle ':' in search strings without crashing
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: yelp (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Matthew Barnes
David Lawrence
: Desktop
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-21 19:48 EST by Matthias Clasen
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: 5.0.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-12-19 08:42:20 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
a patch (1.96 KB, patch)
2006-12-15 13:31 EST, Matthias Clasen
no flags Details | Diff

  None (edit)
Description Matthias Clasen 2006-11-21 19:48:45 EST
filed upstream here: http://bugzilla.gnome.org/show_bug.cgi?id=364768
fix is contained in 2.16.2
Comment 1 Matthias Clasen 2006-11-23 01:15:38 EST
fixed in yelp-2.16.0-11.el5
Comment 2 RHEL Product and Program Management 2006-11-27 21:39:47 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 3 Nicole Dai 2006-12-15 02:21:12 EST
Retested the following test case in yelp-2.16.0-11.el5 on RHEL5-Client-20061207.0:
1. Launch yelp
2. Search "::"
Result: it crashed immediately with the following msg:
-------------------------------------------------------------------------------
Distribution: Red Hat Enterprise Linux Client release 4.92 (Tikanga)
Gnome Release: 2.16.0 2006-09-04 (Red Hat, Inc)
BugBuddy Version: 2.16.0

Memory status: size: 211623936 vsize: 0 resident: 211623936 share: 0 rss:
47329280 rss_rlim: 0
CPU usage: start_time: 1166166727 rtime: 0 utime: 149 stime: 0 cutime:136
cstime: 0 timeout: 13 it_real_value: 0 frequency: 1

Backtrace was generated from '/usr/bin/yelp'

Using host libthread_db library "/lib/i686/nosegneg/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1208379680 (LWP 16075)]
[New Thread -1341142128 (LWP 16084)]
[New Thread -1330652272 (LWP 16083)]
[New Thread -1320162416 (LWP 16082)]
[New Thread -1309672560 (LWP 16081)]
[New Thread -1297294448 (LWP 16077)]
[New Thread -1211642992 (LWP 16076)]
0x009c3402 in __kernel_vsyscall ()
#0  0x009c3402 in __kernel_vsyscall ()
#1  0x00781d4b in __waitpid_nocancel () from /lib/i686/nosegneg/libpthread.so.0
#2  0x002fdcf6 in gnome_gtk_module_info_get () from /usr/lib/libgnomeui-2.so.0
#3  <signal handler called>
#4  slow_search_setup (pager=0x83d8070) at yelp-search-pager.c:1561
#5  0x00b675e1 in g_source_is_destroyed () from /lib/libglib-2.0.so.0
#6  0x00b69342 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#7  0x00b6c31f in g_main_context_check () from /lib/libglib-2.0.so.0
#8  0x00b6c6c9 in g_main_loop_run () from /lib/libglib-2.0.so.0
#9  0x071acb54 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#10 0x08067072 in main (argc=) at yelp-main.c:121
#11 0x00619dec in __libc_start_main () from /lib/i686/nosegneg/libc.so.6
#12 0x08051811 in _start ()

Thread 7 (Thread -1211642992 (LWP 16076)):
#0  0x009c3402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x006c9083 in poll () from /lib/i686/nosegneg/libc.so.6
No symbol table info available.
#2  0x041f1ab9 in PR_Poll () from /usr/lib/libnspr4.so
No symbol table info available.
#3  0x00ed9e27 in NSGetModule ()
   from /usr/lib/firefox-1.5.0.8/components/libnecko.so
No symbol table info available.
#4  0x00eda020 in NSGetModule ()
   from /usr/lib/firefox-1.5.0.8/components/libnecko.so
No symbol table info available.
#5  0x042a91ed in nsIThread::SetMainThread ()
   from /usr/lib/firefox-1.5.0.8/libxpcom_core.so
No symbol table info available.
#6  0x041f5d3d in PR_JoinThread () from /usr/lib/libnspr4.so
No symbol table info available.
#7  0x0077a302 in start_thread () from /lib/i686/nosegneg/libpthread.so.0
No symbol table info available.
#8  0x006d304e in clone () from /lib/i686/nosegneg/libc.so.6
No symbol table info available.

Thread 6 (Thread -1297294448 (LWP 16077)):
#0  0x009c3402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x0077e38c in pthread_cond_timedwait@@GLIBC_2.3.2 ()
   from /lib/i686/nosegneg/libpthread.so.0
No symbol table info available.
#2  0x041eef66 in PRP_NakedNotify () from /usr/lib/libnspr4.so
No symbol table info available.
#3  0x041efda4 in PR_WaitCondVar () from /usr/lib/libnspr4.so
No symbol table info available.
#4  0x042ab21c in nsIThread::SetMainThread ()
   from /usr/lib/firefox-1.5.0.8/libxpcom_core.so
No symbol table info available.
#5  0x042a91ed in nsIThread::SetMainThread ()
   from /usr/lib/firefox-1.5.0.8/libxpcom_core.so
No symbol table info available.
#6  0x041f5d3d in PR_JoinThread () from /usr/lib/libnspr4.so
No symbol table info available.
#7  0x0077a302 in start_thread () from /lib/i686/nosegneg/libpthread.so.0
No symbol table info available.
#8  0x006d304e in clone () from /lib/i686/nosegneg/libc.so.6
No symbol table info available.

Thread 5 (Thread -1309672560 (LWP 16081)):
#0  0x009c3402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x0077e38c in pthread_cond_timedwait@@GLIBC_2.3.2 ()
   from /lib/i686/nosegneg/libpthread.so.0
No symbol table info available.
#2  0x041eef66 in PRP_NakedNotify () from /usr/lib/libnspr4.so
No symbol table info available.
#3  0x041efda4 in PR_WaitCondVar () from /usr/lib/libnspr4.so
No symbol table info available.
#4  0x00eb65d5 in NSGetModule ()
   from /usr/lib/firefox-1.5.0.8/components/libnecko.so
No symbol table info available.
#5  0x041f5d3d in PR_JoinThread () from /usr/lib/libnspr4.so
No symbol table info available.
#6  0x0077a302 in start_thread () from /lib/i686/nosegneg/libpthread.so.0
No symbol table info available.
#7  0x006d304e in clone () from /lib/i686/nosegneg/libc.so.6
No symbol table info available.

Thread 4 (Thread -1320162416 (LWP 16082)):
#0  0x009c3402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x0077e38c in pthread_cond_timedwait@@GLIBC_2.3.2 ()
   from /lib/i686/nosegneg/libpthread.so.0
No symbol table info available.
#2  0x041eef66 in PRP_NakedNotify () from /usr/lib/libnspr4.so
No symbol table info available.
#3  0x041efda4 in PR_WaitCondVar () from /usr/lib/libnspr4.so
No symbol table info available.
#4  0x00eb65d5 in NSGetModule ()
   from /usr/lib/firefox-1.5.0.8/components/libnecko.so
No symbol table info available.
#5  0x041f5d3d in PR_JoinThread () from /usr/lib/libnspr4.so
No symbol table info available.
#6  0x0077a302 in start_thread () from /lib/i686/nosegneg/libpthread.so.0
No symbol table info available.
#7  0x006d304e in clone () from /lib/i686/nosegneg/libc.so.6
No symbol table info available.

Thread 3 (Thread -1330652272 (LWP 16083)):
#0  0x009c3402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x0077e38c in pthread_cond_timedwait@@GLIBC_2.3.2 ()
   from /lib/i686/nosegneg/libpthread.so.0
No symbol table info available.
#2  0x041eef66 in PRP_NakedNotify () from /usr/lib/libnspr4.so
No symbol table info available.
#3  0x041efda4 in PR_WaitCondVar () from /usr/lib/libnspr4.so
No symbol table info available.
#4  0x00eb65d5 in NSGetModule ()
   from /usr/lib/firefox-1.5.0.8/components/libnecko.so
No symbol table info available.
#5  0x041f5d3d in PR_JoinThread () from /usr/lib/libnspr4.so
No symbol table info available.
#6  0x0077a302 in start_thread () from /lib/i686/nosegneg/libpthread.so.0
No symbol table info available.
#7  0x006d304e in clone () from /lib/i686/nosegneg/libc.so.6
No symbol table info available.

Thread 2 (Thread -1341142128 (LWP 16084)):
#0  0x009c3402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x0077e38c in pthread_cond_timedwait@@GLIBC_2.3.2 ()
   from /lib/i686/nosegneg/libpthread.so.0
No symbol table info available.
#2  0x041eef66 in PRP_NakedNotify () from /usr/lib/libnspr4.so
No symbol table info available.
#3  0x041efda4 in PR_WaitCondVar () from /usr/lib/libnspr4.so
No symbol table info available.
#4  0x00eb65d5 in NSGetModule ()
   from /usr/lib/firefox-1.5.0.8/components/libnecko.so
No symbol table info available.
#5  0x041f5d3d in PR_JoinThread () from /usr/lib/libnspr4.so
No symbol table info available.
#6  0x0077a302 in start_thread () from /lib/i686/nosegneg/libpthread.so.0
No symbol table info available.
#7  0x006d304e in clone () from /lib/i686/nosegneg/libc.so.6
No symbol table info available.

Thread 1 (Thread -1208379680 (LWP 16075)):
#0  0x009c3402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00781d4b in __waitpid_nocancel () from /lib/i686/nosegneg/libpthread.so.0
No symbol table info available.
#2  0x002fdcf6 in gnome_gtk_module_info_get () from /usr/lib/libgnomeui-2.so.0
No symbol table info available.
#3  <signal handler called>
No symbol table info available.
#4  slow_search_setup (pager=0x83d8070) at yelp-search-pager.c:1561
	priv = (YelpSearchPagerPriv *) 0x83d80a0
	content_list = (gchar *) 0x8ab5480 ""
	stderr_str = (
    gchar *) 0x8bade20 "\200ÓÜ\b\210\020á\bing : failed to load external entity
\"/var/lib/scrollkeeper/en_US.UTF-8/scrollkeeper_cl.xml\"\nI/O warning : failed
to load external entity \"/var/lib/scrollkeeper/en_US/scrollkeeper_cl.xml\"\nI/O
"...
	lang = <value optimized out>
	command = <value optimized out>
	terms_list = (gchar **) 0x0
	terms_number = 0
	required_no = 0
	parser = (xmlParserCtxtPtr) 0x8fc23b8
	sk_sax_handler = {internalSubset = 0, isStandalone = 0, 
  hasInternalSubset = 0, hasExternalSubset = 0, resolveEntity = 0, 
  getEntity = 0, entityDecl = 0, notationDecl = 0, attributeDecl = 0, 
  elementDecl = 0, unparsedEntityDecl = 0, setDocumentLocator = 0, 
  startDocument = 0, endDocument = 0, 
  startElement = 0x8071de0 <sk_startElement>, 
  endElement = 0x8071db0 <sk_endElement>, reference = 0, 
  characters = 0x8070280 <sk_characters>, ignorableWhitespace = 0, 
  processingInstruction = 0, comment = 0, warning = 0, error = 0, 
  fatalError = 0, getParameterEntity = 0, cdataBlock = 0, externalSubset = 0, 
  initialized = 1, _private = 0x0, startElementNs = 0, endElementNs = 0, 
  serror = 0}
	__PRETTY_FUNCTION__ = "slow_search_setup"
#5  0x00b675e1 in g_source_is_destroyed () from /lib/libglib-2.0.so.0
No symbol table info available.
#6  0x00b69342 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
No symbol table info available.
#7  0x00b6c31f in g_main_context_check () from /lib/libglib-2.0.so.0
No symbol table info available.
#8  0x00b6c6c9 in g_main_loop_run () from /lib/libglib-2.0.so.0
No symbol table info available.
#9  0x071acb54 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#10 0x08067072 in main (argc=) at yelp-main.c:121
	program = (GnomeProgram *) 0x80c9428
	url = (gchar *) 0x0
	client = <value optimized out>
	context = <value optimized out>
#11 0x00619dec in __libc_start_main () from /lib/i686/nosegneg/libc.so.6
No symbol table info available.
#12 0x08051811 in _start ()
No symbol table info available.
#0  0x009c3402 in __kernel_vsyscall ()
-------------------------------------------------------------------------------
Put it back now.


Comment 4 Ken Reilly 2006-12-15 12:40:08 EST
I set the blocker flag to ? so this bug can be evaluated for inclusion in RHEL5 RC. 
Comment 5 Matthias Clasen 2006-12-15 13:31:57 EST
Created attachment 143797 [details]
a patch

Here is a patch which makes the search a bit more robust against strings being
NULL here and there. The first hunk is a backport from upstream, the rest is
additional fixes that are necessary on top of that to avoid segfaults.
Comment 6 Matthias Clasen 2006-12-15 14:06:25 EST
Fixed in yelp-2.16.0-12.el5
Comment 8 Nicole Dai 2006-12-17 22:26:14 EST
Verified the crash was not found in yelp-2.16.0-12.el5 (tested
::,:XX:,XX:XX,~,!,@,#,$,%,^,&,*,(,),|,; and some of their combinations, etc.)
The bug will be resolved when the package is confirmed in a tree.
Comment 9 Jay Turner 2006-12-19 08:42:20 EST
yelp-2.16.0-12.el5 confirmed in the 20061218.1 trees.

Note You need to log in before you can comment on or make changes to this bug.