Bug 815681 - Crashed while playing with some compound object
Summary: Crashed while playing with some compound object
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: xfig
Version: 19
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Hans de Goede
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-04-24 09:06 UTC by Zdenek Kabelac
Modified: 2014-06-18 14:52 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-18 14:52:11 UTC
Type: Bug

Attachments (Terms of Use)
Full backtrace (17.89 KB, text/plain)
2012-04-24 09:06 UTC, Zdenek Kabelac 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Zdenek Kabelac 2012-04-24 09:06:51 UTC 
Created attachment 579795 [details]
Full backtrace

Description of problem:

I've been just making some modification to compound object and xfig crashed.
Here is the traceback

#0  0x000000000043bdc8 in write_line (fp=fp@entry=0x11b20c0, l=l@entry=0x119d810) at f_save.c:399
399	    for (npts=0, p = l->points; p != NULL; p = p->next)
(gdb) bt
#0  0x000000000043bdc8 in write_line (fp=fp@entry=0x11b20c0, l=l@entry=0x119d810) at f_save.c:399
#1  0x000000000043ccd2 in write_objects (fp=fp@entry=0x11b20c0) at f_save.c:142
#2  0x000000000043cec6 in emergency_save (file_name=file_name@entry=0x4c4970 "SAVE.fig") at f_save.c:598
#3  0x00000000004506fe in emergency_quit (abortflag=<optimized out>) at u_error.c:97
#4  <signal handler called>
#5  calc_arrow (x1=18538256, y1=<optimized out>, x2=18471072, y2=0, linethick=1, arrow=arrow@entry=0x105e8a0, 
    points=points@entry=0x7fffc5b2d690, npoints=npoints@entry=0x7fffc5b2d688, 
    fillpoints=fillpoints@entry=0x7fffc5b2d820, nfillpoints=nfillpoints@entry=0x7fffc5b2d68c, 
    clippts=clippts@entry=0x7fffc5b2d9b0, nclippts=nclippts@entry=0x7fffc5b2d684) at u_draw.c:1636
#6  0x000000000044041f in arrow_bound (objtype=objtype@entry=2, obj=0x119d810, 
    xmin=xmin@entry=0x7fffc5b2db80, ymin=ymin@entry=0x7fffc5b2db84, xmax=xmax@entry=0x7fffc5b2db88, 
    ymax=ymax@entry=0x7fffc5b2db8c) at u_bound.c:640
#7  0x0000000000441a6d in line_bound (l=<optimized out>, xmin=xmin@entry=0x7fffc5b2db80, 
    ymin=ymin@entry=0x7fffc5b2db84, xmax=xmax@entry=0x7fffc5b2db88, ymax=ymax@entry=0x7fffc5b2db8c)
    at u_bound.c:433
#8  0x000000000045e3bb in redisplay_line (l=<optimized out>) at u_redraw.c:660
#9  0x0000000000445170 in place_line_x (x=5550, y=6075) at u_drag.c:444
#10 0x000000000046eb66 in canvas_selected (tool=<optimized out>, event=0x7fffc5b2e440, 
    params=<optimized out>, nparams=<optimized out>) at w_canvas.c:385
#11 0x00007f6c8ce3213d in HandleActions (w=w@entry=0xf8c310, event=0x7fffc5b2e440, 
    accelWidget=<optimized out>, procs=0xfd0d98, actions=actions@entry=0x7f6c8d04e1a0, 
    stateTree=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at TMstate.c:645
#12 0x00007f6c8ce32591 in HandleSimpleState (w=w@entry=0xf8c310, tmRecPtr=tmRecPtr@entry=0xf8c358, 
    curEventPtr=curEventPtr@entry=0x7fffc5b2de00) at TMstate.c:884
#13 0x00007f6c8ce3332d in _XtTranslateEvent (w=w@entry=0xf8c310, event=event@entry=0x7fffc5b2e440)
    at TMstate.c:1101
#14 0x00007f6c8ce0b81b in XtDispatchEventToWidget (widget=widget@entry=0xf8c310, 
    event=event@entry=0x7fffc5b2e440) at Event.c:906
#15 0x00007f6c8ce0bf6e in _XtDefaultDispatcher (event=0x7fffc5b2e440) at Event.c:1367
#16 0x00007f6c8ce0c034 in XtDispatchEvent (event=event@entry=0x7fffc5b2e440) at Event.c:1423
#17 0x000000000040921d in main (argc=1, argv=<optimized out>) at main.c:1551

(gdb) print *p
Cannot access memory at address 0x692030203d207964

Version-Release number of selected component (if applicable):
xfig-3.2.5-30.b.fc18.x86_64

How reproducible:
not really sure how to trigger this in some deterministic way.

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Zdenek Kabelac 2012-04-24 09:09:29 UTC 
Maybe this might help as well:


#0  0x000000000043bdc8 in write_line (fp=fp@entry=0x11b20c0, l=l@entry=0x119d810) at f_save.c:399
399	    for (npts=0, p = l->points; p != NULL; p = p->next)
(gdb) print *l
$1 = {tagged = -1942443896, distrib = 32620, type = -1942443896, style = 32620, thickness = 1, pen_color = 0, fill_color = 24, 
  fill_style = -1, depth = 50, pen_style = -1, style_val = 0, for_arrow = 0x105e8a0, back_arrow = 0x119d890, cap_style = 0, 
  points = 0x119d8b0, join_style = 0, radius = -1, pic = 0x0, comments = 0x0, next = 0x0}
(gdb) print l->points
$2 = (struct f_point *) 0x119d8b0
(gdb) print *l->points
$3 = {x = 18538256, y = 0, next = 0x119d8d0}
(gdb) print *l->points->next
$4 = {x = 17164432, y = 0, next = 0x7f6c8c38a7b8}
(gdb) print *l->points->next->next
$5 = {x = 18561536, y = 0, next = 0x11b2800}
(gdb) print *l->points->next->next->next
$6 = {x = 540422447, y = 539782761, next = 0x692030203d207964}
Comment 2 Fedora Admin XMLRPC Client 2013-02-06 15:16:52 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 3 Fedora End Of Life 2013-04-03 14:59:42 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
Comment 4 Hans de Goede 2014-06-18 14:52:11 UTC 
Hi,

I'm currently going through xfig bugs, I've been looking at your backtrace and trying to reproduce this issue, but no luck. Since we don't have a reproducer I'm going to close this with a resolution of insufficient data.

Regards,

Hans
Note You need to log in before you can comment on or make changes to this bug.