RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 644390 - libgegl.so leaks "root" symbol which may cause crashes
Summary: libgegl.so leaks "root" symbol which may cause crashes
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: gegl
Version: 6.0
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Josef Ridky
QA Contact: Desktop QE
URL:
Whiteboard: abrt_hash:7465771f25b2c22ebf65c77fb5d...
Depends On: 642992
Blocks: 1356044
TreeView+ depends on / blocked
 
Reported: 2010-10-19 15:25 UTC by Nils Philippsen
Modified: 2017-03-21 09:43 UTC (History)
4 users (show)

Fixed In Version: gegl-0.1.2-6.el6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 642992
Environment:
Last Closed: 2017-03-21 09:43:04 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:0623 0 normal SHIPPED_LIVE gegl bug fix update 2017-03-21 12:28:58 UTC

Description Nils Philippsen 2010-10-19 15:25:51 UTC
+++ This bug was initially created as a clone of Bug #642992 +++

abrt version: 1.1.13
architecture: i686
Attached file: backtrace
cmdline: gimp-2.6
component: gimp
crash_function: timing_find
executable: /usr/bin/gimp-2.6
kernel: 2.6.34.7-56.fc13.i686.PAE
package: gimp-2:2.6.11-1.fc13
rating: 4
reason: Process /usr/bin/gimp-2.6 was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)
time: 1287057659
uid: 500

--- Additional comment from vo_ngoc_hung on 2010-10-14 08:10:47 EDT ---

Created attachment 453443 [details]
File: backtrace

--- Additional comment from nphilipp on 2010-10-14 10:54:47 EDT ---

Changing component to gegl as this is where the crash happens. I'm at a loss though why it would crash -- I don't understand how the "root" variable could ever become "0xffffffff".

Two questions:

What exactly were you doing when the crash happened?
Are you sure your memory (RAM) is okay?

--- Additional comment from vo_ngoc_hung on 2010-10-15 02:49:57 EDT ---

FYI, I'm able to run memtest this morning. There is no error with my RAM. 

The crash happens whenever I run gimp (even after a fresh reboot)

Following is some additional info that may help to resolve this issue. Feel free to ask for more info.

Cheers,
H.


hung@hung-laptop:~$ uname -r
2.6.34.7-56.fc13.i686.PAE
hung@hung-laptop:~$ cat /proc/meminfo 
MemTotal:        4109840 kB
MemFree:         2299688 kB
Buffers:          256696 kB
Cached:           997736 kB
SwapCached:            0 kB
Active:           678388 kB
Inactive:         888788 kB
Active(anon):     313880 kB
Inactive(anon):    93824 kB
Active(file):     364508 kB
Inactive(file):   794964 kB
Unevictable:           0 kB
Mlocked:               0 kB
HighTotal:       3277640 kB
HighFree:        1949724 kB
LowTotal:         832200 kB
LowFree:          349964 kB
SwapTotal:       1622528 kB
SwapFree:        1622528 kB
Dirty:                68 kB
Writeback:             0 kB
AnonPages:        312744 kB
Mapped:           126352 kB
Shmem:             94960 kB
Slab:             195936 kB
SReclaimable:     168144 kB
SUnreclaim:        27792 kB
KernelStack:        2544 kB
PageTables:        10300 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:     3677448 kB
Committed_AS:    1782476 kB
VmallocTotal:     122880 kB
VmallocUsed:       22004 kB
VmallocChunk:      79368 kB
HardwareCorrupted:     0 kB
HugePages_Total:       0
HugePages_Free:        0
HugePages_Rsvd:        0
HugePages_Surp:        0
Hugepagesize:       2048 kB
DirectMap4k:       10232 kB
DirectMap2M:      897024 kB
hung@hung-laptop:~$

--- Additional comment from nphilipp on 2010-10-15 06:13:53 EDT ---

(In reply to comment #3)
> FYI, I'm able to run memtest this morning. There is no error with my RAM. 

Just for reference: Which versions of gegl/babl do you have installed?

Maybe one of the gimp/gegl/babl packages is damaged in some way. Please verify these by running this command as root:

rpm -Va gimp\* gegl\* babl\*

Thanks.

--- Additional comment from vo_ngoc_hung on 2010-10-17 09:11:14 EDT ---

This is the output from yum list installed
# yum list installed | grep gegl
gegl.i686                          0.1.2-3.fc13               @updates          
gegl-debuginfo.i686                0.1.2-3.fc13               @updates-debuginfo
gegl-devel.i686                    0.1.2-3.fc13               @updates          
# yum list installed | grep babl
babl.i686                          0.1.2-4.fc13               @updates          
babl-debuginfo.i686                0.1.2-4.fc13               @updates-debuginfo
babl-devel.i686                    0.1.2-4.fc13               @updates          

rpm -Va gimp\* gegl\* babl\* displayed nothing on the terminal.

Was: [abrt] gimp-2:2.6.11-1.fc13: timing_find: Process /usr/bin/gimp-2.6 was killed by signal 11 (SIGSEGV)

--- Additional comment from nphilipp on 2010-10-19 11:00:56 EDT ---

This issue is most likely triggered because you have xvnkb installed (which Fedora doesn't ship) and it is preloaded because either the LD_PRELOAD environment variable or /etc/ld.so.preload are set accordingly:

1. Both libgegl.so and xvnkb.so export a symbol named "root".
2. Because xvnkb.so is loaded earlier than libgegl.so, its "root" symbol takes precedence. It is initialized to -1 in xvnkb.so.
3. Because root isn't NULL (0), gegl_instrument() doesn't allocate memory and passes on the value -1 (0xFFFFFFFF) to timing_find().
4. timing_find() tries to dereference root and crashes.

Concluding, both gegl and xvnkb libs are broken: they should not export a symbol named just "root" as this may clash in many places (applications may have global symbols shadowed by this e.g.).

I've already fixed this in gegl upstream: http://git.gnome.org/browse/gegl/commit/?id=75a5c4a5042aa3c531977637e5f0b5e62d14978c

I'll build a new version soon which contains this fix.

You should report this issue to xvnkb upstream so they can fix their library as well.

Comment 2 Suzanne Logcher 2011-02-15 21:43:47 UTC
This issue was proposed for RHEL 6.1 FasTrack but did not get resolved in time.
It has been moved to RHEL 6.2 FasTrack.

Comment 19 errata-xmlrpc 2017-03-21 09:43:04 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0623.html


Note You need to log in before you can comment on or make changes to this bug.