libreport version: 2.0.8 abrt_version: 2.0.7 backtrace_rating: 4 cmdline: gimp-2.6 comment: I converted a png image in jpeg image with default options crash_function: __strncmp_sse4_2 executable: /usr/bin/gimp-2.6 kernel: 3.1.8-2.fc16.i686 pid: 2249 pwd: /home/mike reason: Process /usr/bin/gimp-2.6 was killed by signal 11 (SIGSEGV) time: mar 17 ene 2012 07:33:20 CST uid: 1000 username: mike backtrace: Text file, 67083 bytes build_ids: Text file, 4141 bytes dso_list: Text file, 10547 bytes event_log: Text file, 20460 bytes maps: Text file, 29343 bytes environ: :XDG_VTNR=1 :XDG_SESSION_ID=2 :HOSTNAME=TuzaLabs3 :IMSETTINGS_INTEGRATE_DESKTOP=yes :SHELL=/bin/bash :TERM=dumb :HISTSIZE=1000 :XDG_SESSION_COOKIE=da7798741be674f13e98727900000016-1326806435.695570-1432447468 :QTDIR=/usr/lib/qt-3.3 :GNOME_KEYRING_CONTROL=/tmp/keyring-NQliHP :QTINC=/usr/lib/qt-3.3/include :IMSETTINGS_MODULE=none :USER=mike :USERNAME=mike :MAIL=/var/spool/mail/mike :PATH=/usr/lib/qt-3.3/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/libexec/sdcc:/home/mike/.local/bin:/home/mike/bin :DESKTOP_SESSION=gnome :QT_IM_MODULE=xim :PWD=/home/mike :XMODIFIERS=@im=none :KDE_IS_PRELINKED=1 :GNOME_KEYRING_PID=1422 :LANG=es_ES.utf8 :GDM_LANG=es_ES.utf8 :KDEDIRS=/usr :GDMSESSION=gnome :HISTCONTROL=ignoredups :HOME=/home/mike :XDG_SEAT=seat0 :SHLVL=1 :LOGNAME=mike :QTLIB=/usr/lib/qt-3.3/lib :DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-FQGW1dNkAE,guid=7556597bfbd6c04d94b2955e000000af :'LESSOPEN=||/usr/bin/lesspipe.sh %s' :WINDOWPATH=1 :XDG_RUNTIME_DIR=/run/user/mike :DISPLAY=:0 :XAUTHORITY=/var/run/gdm/auth-for-mike-PMCBGJ/database :_=/usr/bin/gnome-session :GNOME_DESKTOP_SESSION_ID=this-is-deprecated :SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/1430,unix/unix:/tmp/.ICE-unix/1430 :SSH_AUTH_SOCK=/tmp/keyring-NQliHP/ssh :GPG_AGENT_INFO=/tmp/keyring-NQliHP/gpg:0:1 :GJS_DEBUG_OUTPUT=stderr :'GJS_DEBUG_TOPICS=JS ERROR;JS LOG' :DESKTOP_STARTUP_ID=gnome-shell-1652-TuzaLabs3-gimp-2.6-4_TIME904697 :GIO_LAUNCHED_DESKTOP_FILE=/usr/share/applications/gimp.desktop :GIO_LAUNCHED_DESKTOP_FILE_PID=2249 var_log_messages: :Jan 17 07:33:20 TuzaLabs3 kernel: [ 939.233751] gimp-2.6[2249]: segfault at 0 ip 0e0cdedc sp bfa02378 error 4 in libc-2.14.90.so[df93000+1a6000] :Jan 17 07:33:21 TuzaLabs3 abrt[2276]: Saved core dump of pid 2249 (/usr/bin/gimp-2.6) to /var/spool/abrt/ccpp-2012-01-17-07:33:20-2249 (111239168 bytes)
Created attachment 555813 [details] File: dso_list
Created attachment 555814 [details] File: build_ids
Created attachment 555815 [details] File: event_log
Created attachment 555816 [details] File: maps
Created attachment 555817 [details] File: backtrace
(In reply to comment #0) > libreport version: 2.0.8 > abrt_version: 2.0.7 > backtrace_rating: 4 > cmdline: gimp-2.6 > comment: I converted a png image in jpeg image with default options I'm not exactly sure when exactly this bug happens to you, but I guess it's at the time you attempt to save the converted image. Miguel, is this correct? Anyway, this bug is very similar, if not the same, as bug #716325 for Fedora 15: The backtrace shows that you click a button (presumably "Ok" in the file dialog), and in response to it the file dialog window and its child widgets/components get destroyed: ... GimpFileDialog ==> GtkVBox ==> GtkFileChooserWidget ==> GtkFileChooserDefault ==> GtkVBox ==> GtkTable ==> GtkFileChooserEntry: sets its completion to NULL, original completion unref()ed ==> GtkEntryCompletion ==> GtkTreeView: removes a column ==> GAIL/accessibility: columns_changed() -> get_row_count() -> count_rows() => gtk_tree_model_iter_n_children() => gtk_tree_model_filter_iter_n_children() => gtk_tree_model_filter_build_level() => gtk_tree_model_filter_visible() => gtk_entry_completion_visible_func() => completion_match_func(): # Tries to pull what I presume should be a file name from the # chooser_entry->completion_store tree model which at this point # contains garbage: ... gtkfilechooserentry.c, line 387 ... gtk_tree_model_get (GTK_TREE_MODEL (chooser_entry->completion_store), iter, DISPLAY_NAME_COLUMN, &name, -1); ... # --> name = 0x156d94 "\215d$\030[\303\215\266" # UTF8-normalize the file part of the entry and the name from above ... line 410 ... norm_file_part = g_utf8_normalize (chooser_entry->file_part, -1, G_NORMALIZE_ALL); norm_name = g_utf8_normalize (name, -1, G_NORMALIZE_ALL); ... # At this point, norm_name is NULL because name is not valid UTF8 # (norm_file_part is, but I guess that's simply luck -- the ASCII # "start of heading" character doesn't look like a valid file name # to me) and g_utf8_normalize returns NULL on input which is not # valid UTF-8. ... line 427 ... result = (strncmp (norm_file_part, norm_name, strlen (norm_file_part)) == 0); ... # This ^^ calls __strncmp_sse4_2("\001", NULL, 1) which crashes # because one of the compared strings cannot be dereferenced. My knowledge about gtk is limited, but I think that one of these ways or a combination of them would avoid crashing: - don't call the whole accessibility stuff when widgets are destroyed - catch NULL values that stem from garbage being UTF8-normalized (not sure if this is 100% effective -- the garbage could still be valid UTF8 and I have no idea what happens when the normalized garbage is compared subsequently) - catch garbage before UTF8-normalization is attempted (how? perhaps rather:) - explicitly set certain struct members to NULL so functions can check for this value before operating on garbage Changing component to gtk2 -- Matthias, what do you think?
*** Bug 804338 has been marked as a duplicate of this bug. ***
Backtrace analysis found this bug to be similar to bug #716325, closing as duplicate. Bugs which were found to be similar to this bug: gimp: bug #804338 gtk2: bug #716325 inkscape: bug #806973, bug #807188 This comment is automatically generated. *** This bug has been marked as a duplicate of bug 716325 ***