Bug 401661 - Reproducible GTK (probably buffer overflow) bug in FC7.
Reproducible GTK (probably buffer overflow) bug in FC7.
Product: Fedora
Classification: Fedora
Component: gtk2 (Show other bugs)
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Matthias Clasen
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-11-27 14:15 EST by Evgeniy Polyakov
Modified: 2008-04-25 07:32 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-04-25 02:10:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
reproducer (1.50 MB, image/png)
2008-01-22 23:13 EST, Jon Stanley
no flags Details

  None (edit)
Description Evgeniy Polyakov 2007-11-27 14:15:58 EST
Program received signal SIGSEGV, Segmentation fault.
0x00b096e3 in ?? () from /usr/lib/libgdk_pixbuf-2.0.so.0
(gdb) bt
#0  0x00b096e3 in ?? () from /usr/lib/libgdk_pixbuf-2.0.so.0
#1  0x00b026f1 in gdk_pixbuf_composite_color () from /usr/lib/libgdk_pixbuf-2.0.so.0
#2  0x08083ece in gtk_tree_path_free ()
#3  0x0808450d in gtk_tree_path_free ()
#4  0x068c4a91 in ?? () from /lib/libglib-2.0.so.0
#5  0x068c67f2 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#6  0x068c97cf in ?? () from /lib/libglib-2.0.so.0
#7  0x068c9b79 in g_main_loop_run () from /lib/libglib-2.0.so.0
#8  0x06f20f44 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#9  0x08097d3f in gtk_tree_path_free ()
#10 0x007bff70 in __libc_start_main () from /lib/libc.so.6
#11 0x080532c1 in gtk_tree_path_free ()

I generated a big graph using Graphviz and tried to see it with gqview, which
crashed badly. All updates were installed. x86 arch.
Since there is no gqview related trace entries, I filled bug against gtk2.

Bug is 100% reproducible with following test suit:
get a png file from: http://tservice.net.ru/~s0mbre/tmp/1.png (1.5 Mb)
run gqview ./1.png
scale until you can clearly can see numbers on the graph
scale a bit more
move image area to the left of the graph, move it around and eventually (quite
quickly) it will crash.
Comment 1 David Nielsen 2007-12-06 10:45:43 EST
I can reproduce the crash on Rawhide on x86_64 very nice catch Evgeniy


Setting this baby F9Blocker
Comment 2 Jon Stanley 2008-01-22 23:12:01 EST
Removing this as a blocker.  I tried to reproduce this on F7 and I can't (and
that's where this was originally reported).  The instructions to reproduce are a
bit vague, so if you can provide some more precise details (what level of zoom,
what area of the graph - the left isn't very specific - is it the left bottom or
the left top - I tried both).  How is the scrolling accomplished - with the
mouse or the keyboard shortcuts?  Is it fast or slow?  My arm got quite the
workout trying to reproduce this with my mouse.

What I was hoping to get from reproducing it here is a fully symbolic stack
trace, so if could install the -debuginfo packages and just provide the trace,
that would work too.
Comment 3 Jon Stanley 2008-01-22 23:13:58 EST
Created attachment 292584 [details]

Original image from the URL in comment #0
Comment 4 mail@romal.de 2008-04-25 02:10:13 EDT
The information we've requested above is required in order
to review this problem report further and diagnose/fix the
issue if it is still present.  Since there have not been any
updates to the report since thirty (30) days or more since we
requested additional information, we're assuming the problem
is either no longer present in the current Fedora release, or
that there is no longer any interest in tracking the problem.

Setting status to "CLOSED INSUFFICIENT_DATA".  If you still
experience this problem after updating to our latest Fedora
release and can provide the information previously requested, 
please feel free to reopen the bug report.

Maintenance for Fedora 7 ends 90 days after release of Fedora 9.

Thank you in advance.
Comment 5 Evgeniy Polyakov 2008-04-25 07:32:24 EDT
Let's _hope_ that after two persons reproduced problem and no patches, directly
aimed to it, things were really changed somewhere in underlying software.

I dropped FC quite for a while already because yum can not update system from
release to release on machine with 512 mb swap and 256 mb of RAM because of
constant ENOMEM error.

Note You need to log in before you can comment on or make changes to this bug.