Bug#361355: gnome_segv2 segfaults when using Solaris 2.7 X server

sacrificial-spam-address at horizon.com sacrificial-spam-address at horizon.com
Sat Apr 8 02:56:51 UTC 2006 

Package: libgnomeui-0
Version: 2.14.0-1

I actually noticed this trying to run galeon (which used to work, but I
last did it a few months ago), but I noticed that the crash notification
program was itself crashing, and figured that would be a better test case.

Unfortunately, although only a 16K binary, it's linked to an unbelievable
number of libraries, and the problem's probably in one of the libraries.

Still, I got an xtrace and an ltrace of the event.  The ltrace proceeds
as follows

7832 __libc_start_main(0x8048e20, 3, 0xafab0e54, 0x80495e0, 0x8049650 <unfinished ...>
7832 memset(0xafab0d34, '\000', 140)                                           = 0xafab0d34
7832 sigaction(11, 0xafab0d34, NULL)                                           = 0
7832 bindtextdomain("libgnomeui-2.0", "/usr/share/locale")                     = "/usr/share/locale"
7832 textdomain("libgnomeui-2.0")                                              = "libgnomeui-2.0"
7832 gnome_client_disable_master_connection(0x804972f, 0x479d3844, 0, 135168, 0) = 0
7832 gnome_init_with_popt_table(0x8049745, 0x804973e, 3, 0xafab0e54, 0 <unfinished ...>
(child 7833 is alive briefly and exits)
(child 7834 is alive and logs things as "gconfd")

7832 <... gnome_init_with_popt_table resumed> )                                = 0
7832 memset(0xafab0d34, '\000', 140)                                           = 0xafab0d34
7832 sigaction(11, 0xafab0d34, NULL)                                           = 0
7832 poptGetArgs(0x805aca8, 0xafab0d34, 0, 0xafab0e54, 0)                      = 0x805ac30
7832 g_path_get_basename(0xafab16db, 0xafab0d34, 0, 0xafab0e54, 0)             = 0x8093e48
7832 __strtol_internal("1", NULL, 10)                                          = 1
7832 g_strsignal(1, 0, 10, 0, 0)                                               = 0x8093ef8
7832 g_locale_to_utf8(0xafab16db, -1, 0xafab0dc0, 0xafab0dc4, 0)               = 0x8093f40
7832 dcgettext(0, 0x8049930, 5, 0xafab0dc4, 0)                                 = 0x8049930
7832 g_strdup_printf(0x8049930, 0x8093f40, 5, 0xafab0dc4, 0)                   = 0x80b10a0
7832 g_getenv(0x804975f, 0x8093f40, 5, 0xafab0dc4, 0)                          = 0
7832 dcgettext(0, 0x804995c, 5, 0xafab0dc4, 0)                                 = 0x804995c
7832 g_strdup_printf(0x8049a04, 0x80b10a0, 0x804995c, 0xafab0dc4, 0)           = 0x80b1230
7832 g_free(0x80b10a0, 0x80b10a0, 0x804995c, 0xafab0dc4, 0)                    = 0x479ea8a4
7832 g_free(0x8093f40, 0x80b10a0, 0x804995c, 0xafab0dc4, 0)                    = 0x479ea890
7832 g_free(0x8093e48, 0x80b10a0, 0x804995c, 0xafab0dc4, 0)                    = 0x479ea890
7832 g_strdup(0xafab16db, 0x80b10a0, 0x804995c, 0xafab0dc4, 0)                 = 0x8093e48
7832 gtk_window_set_default_icon_name(0x804977b, 0x80b10a0, 0x804995c, 0xafab0dc4, 0) = 1
7832 gtk_message_dialog_new_with_markup(0, 1, 3, 0, 0x80b1230)                 = 0x80b9008
7832 gtk_dialog_get_type(0, 1, 3, 0, 0x80b1230)                                = 0x80b1468
7832 g_type_check_instance_cast(0x80b9008, 0x80b1468, 3, 0, 0x80b1230)         = 0x80b9008
7832 gtk_dialog_set_default_response(0x80b9008, -7, 3, 0, 0x80b1230)           = 1
7832 g_free(0x80b1230, -7, 3, 0, 0x80b1230)                                    = 217
7832 g_find_program_in_path(0x8093e48, -7, 3, 0, 0x80b1230)                    = 0
7832 g_type_check_instance_cast(0x80b9008, 0x80b1468, 3, 0, 0x80b1230)         = 0x80b9008
7832 gtk_dialog_add_button(0x80b9008, 0x80497a3, 0, 0, 0x80b1230)              = 0x808c4b0
7832 g_find_program_in_path(0x80497ad, 0x80497a3, 0, 0, 0x80b1230)             = 0
7832 g_getenv(0x80497ca, 0x80497a3, 0, 0, 0x80b1230)                           = 0
7832 g_type_check_instance_cast(0x80b9008, 0x80b1468, 0, 0, 0x80b1230)         = 0x80b9008
7832 gtk_dialog_run(0x80b9008, 0x80b1468, 0, 0, 0x80b1230 <unfinished ...>
7832 --- SIGSEGV (Segmentation fault) ---
7832 +++ killed by SIGSEGV +++
(child 7834 continues with gconf_log and lots of CORBA calls)

The tail of the corresponding "xtrace -e -n" output goes:

000:<:028a: 16: Request(84): AllocColor cmap=0x00000021 red=0xffff green=0x9999 blue=0x5555
000:>:0x028a:32: Reply to AllocColor: red=0xffff green=0x9999 blue=0x5555 pixel=0x000000f0
000:<:028b: 16: Request(84): AllocColor cmap=0x00000021 red=0xffff green=0x9999 blue=0xaaaa
000:>:0x028b:32: Reply to AllocColor: red=0xffff green=0x9999 blue=0xaaaa pixel=0x000000f1
000:<:028c: 16: Request(84): AllocColor cmap=0x00000021 red=0xffff green=0xcccc blue=0x5555
000:>:0x028c:32: Reply to AllocColor: red=0xffff green=0xcccc blue=0x5555 pixel=0x000000f2
000:<:028d: 16: Request(84): AllocColor cmap=0x00000021 red=0xffff green=0xcccc blue=0xaaaa
000:>:0x028d:32: Reply t000:>: still waiting for reply to seq=01fe
000:>: still waiting for reply to seq=01fe
o AllocColor: red=0xffff green=0xcccc blue=0xaaaa pixel=0x000000f3
000:<:028e: 20: Request(56): ChangeGC gc=0x02800009  values={clip-x-origin=-403 clip-y-origin=-94}
000:<:028f:424: Request(72): PutImage format=ZPixmap(0x02) drawable=0x02800024 gc=0x02800009 width=20 height=20 dst-x=14 dst-y=6 left-pad=0x00 depth=0x08
000:<:0290: 20: Request(59): SetClipRectangles ordering=YXSorted(0x02) gc=0x02800025 clip-x-origin=0 clip-y-origin=0 rectangles ={x=36 y=6 w=35 h=20};
000:<:0291: 20: Request(73): GetImage format=ZPixmap(0x02) drawable=0x02800024 x=37 y=11 width=7 height=9 plane-mask=0xffffffff
000:>:0x0291:104: Reply to GetImage: depth=0x08 32-bit values got=0x00000012 visual=None(0x00000000)
(connection broken)

The strace is not too informative, but dies just after a readv, which
may be sufficiently unusual to be a clue:

write(3, "T\10\4\0!\0\0\0\377\377\314\314UU\0\0", 16) = 16
read(3, 0xafa83d9c, 32)                 = -1 EAGAIN (Resource temporarily unavailable)
select(4, [3], NULL, NULL, NULL)        = 1 (in [3])
read(3, "\1\0\214\2\0\0\0\0\377\377\314\314UU\0\0\362\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 32) = 32
write(3, "T\10\4\0!\0\0\0\377\377\314\314\252\252\0\0", 16) = 16
read(3, 0xafa83d9c, 32)                 = -1 EAGAIN (Resource temporarily unavailable)
select(4, [3], NULL, NULL, NULL)        = 1 (in [3])
read(3, "\1\0\215\2\0\0\0\0\377\377\314\314\252\252\0\0\363\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 32) = 32
write(3, "8\10\5\0\t\0\200\2\0\0\6\0m\376\377\377\242\377\377\377H\2j\0$\0\200\2\t\0\200\2\24\0\24\0\16\0\6\0\0\10\0\0\351\264\351\353\252\351\351\264\264\351\264\353\264\353\351\353\264\264\252\351\252\353\252\351\264\353\264\353\353\351\351\252\351\264\252"..., 484) = 484
read(3, 0xafa8433c, 32)                 = -1 EAGAIN (Resource temporarily unavailable)
select(4, [3], NULL, NULL, NULL)        = 1 (in [3])
read(3, "\1\10\221\2\22\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0/\204\260\0\0\1\320", 32) = 32
readv(3, [{"bbbbbbb\354bbbbbbb\0bbbbbbb bbbbbbb\270bbbbbbb\0bbbbbbb\27bbbbbbb\0bbbbbbb\0bbbbbbb\0", 72}, {"", 0}], 2) = 72
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++


Other notes: the Solaris display is only 8 bits deep, although a test with
a local (xserver-xorg 6.9.0.dfsg.1-6) "startx -- -depth 8" worked fine.
Reproduced on two separate Solaris boxes.  Solaris 9 with a 24-bit display
worked as expected.  konqueror works fine on Solaris 2.7.  (And, as I said,
galeon used to work.)

If some X protocol or Gnome library wizard can suggest steps for further
narrowing down the problem, I'd be happy to do more testing.  I understand
that isolating it to gtk_dialog_run() is not the most precise bug report.

Thanks!

More information about the Pkg-gnome-maintainers mailing list