Bug#547683: Backtrace without optimizations

Matt Kraai kraai at ftbfs.org
Tue Sep 22 12:27:41 UTC 2009


Hi,

I was able to obtain the following backtrace using a
libtotem-plparser12 compiled with optimizations disabled:

#0  0xb7ea879f in lexer_get_token (tok=0x94a1fe78 "\r\n    ", tok_size=65536) at xmllexer.c:154
#1  0xb7ea7c5b in xml_parser_get_node_internal (current_node=0x8a89590, root_names=0x94abffe4, rec=3, flags=3) at xmlparser.c:242
#2  0xb7ea7779 in xml_parser_get_node_internal (current_node=0x8a87cc0, root_names=0x94abffe4, rec=2, flags=3) at xmlparser.c:334
#3  0xb7ea7779 in xml_parser_get_node_internal (current_node=0x8a87c88, root_names=0x94abffe4, rec=1, flags=3) at xmlparser.c:334
#4  0xb7ea7779 in xml_parser_get_node_internal (current_node=0x895ed98, root_names=0x94abffe4, rec=0, flags=3) at xmlparser.c:334
#5  0xb7ea7cc9 in xml_parser_get_node (current_node=0x895ed98, flags=3) at xmlparser.c:628
#6  0xb7ea7cfb in xml_parser_build_tree_with_options (root_node=0x94ac00c4, flags=3) at xmlparser.c:636
#7  0xb7e9d2a0 in totem_pl_parser_parse_xml_relaxed (contents=0x8a9e818 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<rss xmlns:itunes=\"http://www.itunes.com/dtds/podcast-1.0.dtd\" version=\"2.0\">\r\n\r\n  <channel>    \r\n    <title>SALT - Seminars About Long Term Thinking</title>\r\n "..., size=53662) at totem-pl-parser.c:1682
#8  0xb7ea354a in totem_pl_parser_add_rss (parser=0xb4575250, file=0xb4362bc0, base_file=0x8747738, parse_data=0x94ac0214, data=0x88167e8) at totem-pl-parser-podcast.c:249
#9  0xb7e9df53 in totem_pl_parser_parse_internal (parser=0xb4575250, file=0xb4362bc0, base_file=0x8747738, parse_data=0x94ac0214) at totem-pl-parser.c:1865
#10 0xb7e9e7a6 in totem_pl_parser_parse_with_base (parser=0xb4575250, uri=0xb2fc7ef0 "http://longnow.org/projects/seminars/SALT.xml", base=0x0, fallback=0) at totem-pl-parser.c:2048
#11 0xb7e9e9e1 in totem_pl_parser_parse (parser=0xb4575250, uri=0xb2fc7ef0 "http://longnow.org/projects/seminars/SALT.xml", fallback=0) at totem-pl-parser.c:2130
#12 0xb7f1eedb in rb_podcast_parse_load_feed () from /usr/lib/librhythmbox-core.so.0
#13 0xb7f21054 in ?? () from /usr/lib/librhythmbox-core.so.0
#14 0xb73316bf in ?? () from /usr/lib/libglib-2.0.so.0
#15 0xb73d14b5 in start_thread () from /lib/i686/cmov/libpthread.so.0
#16 0xb723ba5e in clone () from /lib/i686/cmov/libc.so.6

Line 154 of xmllexer.c is

      c = lexbuf[lexbuf_pos];

Here are the values of the interesting variables:

(gdb) p lexbuf
$6 = 0xb3a7e008 <Address 0xb3a7e008 out of bounds>
(gdb) p lexbuf_pos
$7 = 1659

lexbuf is a private, global variable.  If Rhythmbox is trying to parse
multiple podcasts simultaneously, this would cause a race condition
for this variable.

Is totem-pl-parser supposed to be thread-safe?

-- 
Matt Kraai                                           http://ftbfs.org/





More information about the pkg-gnome-maintainers mailing list