Bug 644390 - libgegl.so leaks "root" symbol which may cause crashes
libgegl.so leaks "root" symbol which may cause crashes
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: gegl (Show other bugs)
All Linux
low Severity medium
: rc
: ---
Assigned To: Josef Ridky
Desktop QE
: EasyFix, FastFix, Patch
Depends On: 642992
Blocks: 1356044
  Show dependency treegraph
Reported: 2010-10-19 11:25 EDT by Nils Philippsen
Modified: 2017-03-21 05:43 EDT (History)
4 users (show)

See Also:
Fixed In Version: gegl-0.1.2-6.el6
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 642992
Last Closed: 2017-03-21 05:43:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Nils Philippsen 2010-10-19 11:25:51 EDT
+++ This bug was initially created as a clone of Bug #642992 +++

abrt version: 1.1.13
architecture: i686
Attached file: backtrace
cmdline: gimp-2.6
component: gimp
crash_function: timing_find
executable: /usr/bin/gimp-2.6
package: gimp-2:2.6.11-1.fc13
rating: 4
reason: Process /usr/bin/gimp-2.6 was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)
time: 1287057659
uid: 500

--- Additional comment from vo_ngoc_hung@yahoo.com on 2010-10-14 08:10:47 EDT ---

Created attachment 453443 [details]
File: backtrace

--- Additional comment from nphilipp@redhat.com on 2010-10-14 10:54:47 EDT ---

Changing component to gegl as this is where the crash happens. I'm at a loss though why it would crash -- I don't understand how the "root" variable could ever become "0xffffffff".

Two questions:

What exactly were you doing when the crash happened?
Are you sure your memory (RAM) is okay?

--- Additional comment from vo_ngoc_hung@yahoo.com on 2010-10-15 02:49:57 EDT ---

FYI, I'm able to run memtest this morning. There is no error with my RAM. 

The crash happens whenever I run gimp (even after a fresh reboot)

Following is some additional info that may help to resolve this issue. Feel free to ask for more info.


hung@hung-laptop:~$ uname -r
hung@hung-laptop:~$ cat /proc/meminfo 
MemTotal:        4109840 kB
MemFree:         2299688 kB
Buffers:          256696 kB
Cached:           997736 kB
SwapCached:            0 kB
Active:           678388 kB
Inactive:         888788 kB
Active(anon):     313880 kB
Inactive(anon):    93824 kB
Active(file):     364508 kB
Inactive(file):   794964 kB
Unevictable:           0 kB
Mlocked:               0 kB
HighTotal:       3277640 kB
HighFree:        1949724 kB
LowTotal:         832200 kB
LowFree:          349964 kB
SwapTotal:       1622528 kB
SwapFree:        1622528 kB
Dirty:                68 kB
Writeback:             0 kB
AnonPages:        312744 kB
Mapped:           126352 kB
Shmem:             94960 kB
Slab:             195936 kB
SReclaimable:     168144 kB
SUnreclaim:        27792 kB
KernelStack:        2544 kB
PageTables:        10300 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:     3677448 kB
Committed_AS:    1782476 kB
VmallocTotal:     122880 kB
VmallocUsed:       22004 kB
VmallocChunk:      79368 kB
HardwareCorrupted:     0 kB
HugePages_Total:       0
HugePages_Free:        0
HugePages_Rsvd:        0
HugePages_Surp:        0
Hugepagesize:       2048 kB
DirectMap4k:       10232 kB
DirectMap2M:      897024 kB

--- Additional comment from nphilipp@redhat.com on 2010-10-15 06:13:53 EDT ---

(In reply to comment #3)
> FYI, I'm able to run memtest this morning. There is no error with my RAM. 

Just for reference: Which versions of gegl/babl do you have installed?

Maybe one of the gimp/gegl/babl packages is damaged in some way. Please verify these by running this command as root:

rpm -Va gimp\* gegl\* babl\*


--- Additional comment from vo_ngoc_hung@yahoo.com on 2010-10-17 09:11:14 EDT ---

This is the output from yum list installed
# yum list installed | grep gegl
gegl.i686                          0.1.2-3.fc13               @updates          
gegl-debuginfo.i686                0.1.2-3.fc13               @updates-debuginfo
gegl-devel.i686                    0.1.2-3.fc13               @updates          
# yum list installed | grep babl
babl.i686                          0.1.2-4.fc13               @updates          
babl-debuginfo.i686                0.1.2-4.fc13               @updates-debuginfo
babl-devel.i686                    0.1.2-4.fc13               @updates          

rpm -Va gimp\* gegl\* babl\* displayed nothing on the terminal.

Was: [abrt] gimp-2:2.6.11-1.fc13: timing_find: Process /usr/bin/gimp-2.6 was killed by signal 11 (SIGSEGV)

--- Additional comment from nphilipp@redhat.com on 2010-10-19 11:00:56 EDT ---

This issue is most likely triggered because you have xvnkb installed (which Fedora doesn't ship) and it is preloaded because either the LD_PRELOAD environment variable or /etc/ld.so.preload are set accordingly:

1. Both libgegl.so and xvnkb.so export a symbol named "root".
2. Because xvnkb.so is loaded earlier than libgegl.so, its "root" symbol takes precedence. It is initialized to -1 in xvnkb.so.
3. Because root isn't NULL (0), gegl_instrument() doesn't allocate memory and passes on the value -1 (0xFFFFFFFF) to timing_find().
4. timing_find() tries to dereference root and crashes.

Concluding, both gegl and xvnkb libs are broken: they should not export a symbol named just "root" as this may clash in many places (applications may have global symbols shadowed by this e.g.).

I've already fixed this in gegl upstream: http://git.gnome.org/browse/gegl/commit/?id=75a5c4a5042aa3c531977637e5f0b5e62d14978c

I'll build a new version soon which contains this fix.

You should report this issue to xvnkb upstream so they can fix their library as well.
Comment 2 Suzanne Yeghiayan 2011-02-15 16:43:47 EST
This issue was proposed for RHEL 6.1 FasTrack but did not get resolved in time.
It has been moved to RHEL 6.2 FasTrack.
Comment 19 errata-xmlrpc 2017-03-21 05:43:04 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.