655613 – [abrt] gimp-2:2.6.11-1.fc14: strlen: Process /usr/bin/gimp-2.6 was killed by signal 11 (SIGSEGV)

Bug 655613 - [abrt] gimp-2:2.6.11-1.fc14: strlen: Process /usr/bin/gimp-2.6 was killed by signal 11 (SIGSEGV)

Summary: [abrt] gimp-2:2.6.11-1.fc14: strlen: Process /usr/bin/gimp-2.6 was killed by ...

Keywords:
Status:	CLOSED DUPLICATE of bug 716325
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gtk2
Sub Component:
Version:	14
Hardware:	x86_64
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Matthias Clasen
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:963ca308372e39b9aabc9b6fc6e...
Duplicates (2):	669361 677632 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-11-22 00:08 UTC by Javier Jardón
Modified:	2012-01-18 10:52 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2012-01-18 10:52:58 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
File: backtrace (49.48 KB, text/plain) 2010-11-22 00:08 UTC, Javier Jardón	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	706909	0	unspecified	CLOSED	[abrt] gimp-2.6.11-9.fc15: strlen: Process /usr/bin/gimp-2.6 was killed by signal 11 (SIGSEGV)	2021-02-22 00:41:40 UTC

Internal Links: 706909

Description Javier Jardón 2010-11-22 00:08:07 UTC

abrt version: 1.1.14
architecture: x86_64
Attached file: backtrace
cmdline: gimp-2.6
component: gimp
crash_function: strlen
executable: /usr/bin/gimp-2.6
kernel: 2.6.35.6-48.fc14.x86_64
package: gimp-2:2.6.11-1.fc14
rating: 4
reason: Process /usr/bin/gimp-2.6 was killed by signal 11 (SIGSEGV)
release: Fedora release 14 (Laughlin)
time: 1290384394
uid: 500

How to reproduce
-----
1. Open a PNG image
2. Save as jpeg
3. Crash

Comment 1 Javier Jardón 2010-11-22 00:08:10 UTC

Created attachment 461893 [details]
File: backtrace

Comment 2 Nils Philippsen 2010-11-22 13:25:12 UTC

Which version of gtk2 do you have installed?

Comment 3 Javier Jardón 2010-11-22 19:23:37 UTC

(In reply to comment #2)
> Which version of gtk2 do you have installed?

2.22.0

Comment 4 Nils Philippsen 2010-11-23 09:35:43 UTC

Oh, I meant the whole  package version... I'll simply assume gtk2-2.22.0-1.fc14.1, shout if that is wrong ;-).

Comment 5 Nils Philippsen 2010-11-23 10:29:41 UTC

This seems like a bug in gtk2, specifically the gtk file chooser completion code to me:

--- 8< --- gtkfilechooser.c / completion_match_func() ---
  norm_file_part = g_utf8_normalize (chooser_entry->file_part, -1, G_NORMALIZE_ALL);
  norm_name = g_utf8_normalize (name, -1, G_NORMALIZE_ALL);
[...]
  result = (strncmp (norm_file_part, norm_name, strlen (norm_file_part)) == 0);
--- >8 --------------------------------------------------

The crash happens in this last line, when calling strlen(norm_file_part). Both norm_file_part and norm_name are NULL at that time, which indicates that the strings fed to g_utf8_normalize() above weren't valid UTF-8. So both norm_file_part and norm_name should be checked to be != NULL before being fed to "normal" glibc string functions that can't cope with NULL args like strlen() and strncmp().

I'll change the component accordingly.

Comment 6 Nils Philippsen 2011-05-31 11:06:58 UTC

*** Bug 669361 has been marked as a duplicate of this bug. ***

Comment 7 Nils Philippsen 2011-05-31 11:08:20 UTC

*** Bug 677632 has been marked as a duplicate of this bug. ***

Comment 8 Nils Philippsen 2012-01-18 10:52:58 UTC

Fedora 14 has reached its end of life. The same issue on Fedora 15 is tracked in bug #716325.

*** This bug has been marked as a duplicate of bug 716325 ***

Note You need to log in before you can comment on or make changes to this bug.