Bug#773512: crash in jpc_dec_decodecblks() in Nautilus thumbnailer

[Simon McVittie]

Control: clone 773512 -2
Control: retitle 773512 crash in jpc_dec_decodecblks() in Nautilus thumbnailer
Control: reassign 773512 libjasper1
Control: retitle -2 run thumbnailers in a subprocess so they can't crash Nautilus
Control: severity -2 wishlist

On 19/12/14 15:17, Mathieu Malaterre wrote:
> Just for reference, chromium crashed:
> 
> [86573.137553] chromium[2233]: segfault at 0 ip 00007fce4aeeb785 sp
> 00007fff21991b20 error 6 in libjasper.so.1.0.0[7fce4aebc000+4f000]
...
> dmesg actually shows two types of crashes [for Nautilus]:
>
> [69727.744833] nautilus[11822]: segfault at 7ff85cb2d510 ip
> 00007ffb50d17d87 sp 00007ffb26eaa6a8 error 4 in
> libgdk_pixbuf-2.0.so.0.3100.1[7ffb50d03000+20000]
> [71582.118170] nautilus[13187]: segfault at 0 ip 00007f60f1f56785
> sp 00007f610c0c55b0 error 6 in libjasper.so.1.0.0[7f60f1f27000+4f000]

Based on this, and on libjasper.so being implicated in your backtrace,
I think this is at least one bug and one feature request, and possibly
a second bug:

* bug A: libjasper should not crash when presented with a malformed or
  truncated .jp2 file

* feature request B: nautilus should run thumbnailers in a subprocess
  so that a crashing thumbnailer does not bring down all of nautilus

* bug C: libgdk_pixbuf's JP2 loader might also have a separate crash
  bug (or it might be dying from memory corruption caused by bug A,
  in which case this is not its fault)

I'm somewhat sceptical about the feature request, and it might end up
tagged wontfix with "no, we should fix the decoding libraries instead"
if people agree with my point of view, but I'll give you the benefit
of the doubt and clone the bug.

I haven't cloned bug C yet, but if you can get a backtrace showing
the libgdk_pixbuf class of crash, that might indicate which package
it is a bug in, and hence whether a third Debian bug (most likely
assigned to libgdk-pixbuf2.0-0) is necessary.

    S