Bug#748588: [python-gtk2] python crashes on certain uses of the clipboard via python-gtk2
Giovanni Mascellani
gio at debian.org
Sun May 18 16:56:46 UTC 2014
Package: python-gtk2
Version: 2.24.0-3+b1
Severity: normal
Hi.
Thanks for your work on python-gtk2. Unfortunately I encounter
conditions that make python crash. Please try to execute this snippet:
---
import gtk
buf = gtk.TextBuffer()
gtk.clipboard_get().wait_for_rich_text(buf)
---
Doing so I encounter a segmentation fault. Looking with gdb (the code
snippet is in file test.py in my environment):
> giovanni at amalgama:/tmp$ gdb python
> GNU gdb (GDB) 7.6.2 (Debian 7.6.2-1.1)
> Copyright (C) 2013 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law. Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /usr/bin/python2.7...Reading symbols from /usr/lib/debug/usr/bin/python2.7...done.
> done.
> (gdb) run test.py
> Starting program: /usr/bin/python test.py
> warning: Could not load shared library symbols for linux-vdso.so.1.
> Do you need "set solib-search-path" or "set sysroot"?
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff529e369 in IA__gtk_clipboard_wait_for_rich_text (clipboard=0xcb3810, buffer=0x2, format=0x7fffffffdd60, length=0x7fffffffdd68) at /tmp/buildd/gtk+2.0-2.24.23/gtk/gtkclipboard.c:1429
> 1429 /tmp/buildd/gtk+2.0-2.24.23/gtk/gtkclipboard.c: File o directory non esistente.
> (gdb) bt
> #0 0x00007ffff529e369 in IA__gtk_clipboard_wait_for_rich_text (clipboard=0xcb3810, buffer=0x2, format=0x7fffffffdd60, length=0x7fffffffdd68) at /tmp/buildd/gtk+2.0-2.24.23/gtk/gtkclipboard.c:1429
> #1 0x00007ffff58417ce in ?? () from /usr/lib/python2.7/dist-packages/gtk-2.0/gtk/_gtk.so
> #2 0x000000000050887d in call_function (oparg=<optimized out>, pp_stack=0x7fffffffdec0) at ../Python/ceval.c:4020
> #3 PyEval_EvalFrameEx (f=f at entry=Frame 0x7ffff7fe1c20, for file test.py, line 5, in <module> (), throwflag=throwflag at entry=0) at ../Python/ceval.c:2666
> #4 0x0000000000576f9c in PyEval_EvalCodeEx (closure=0x0, defcount=0, defs=0x0, kwcount=0, kws=0x0, argcount=0, args=0x0, locals=<optimized out>, globals=<optimized out>, co=<optimized out>) at ../Python/ceval.c:3252
> #5 PyEval_EvalCode (co=0x7ffff7ee9b30, globals=<optimized out>, locals=<optimized out>) at ../Python/ceval.c:667
> #6 0x0000000000469884 in run_mod (mod=<optimized out>, filename=<optimized out>,
> globals={'__builtins__': <module at remote 0x7ffff7fb8b08>, '__file__': 'test.py', 'gtk': <module at remote 0x7ffff7ea77f8>, '__package__': None, 'GPollableInputStream': <type at remote 0xa97820>, 'GInitiallyUnowned': <GObjectMeta(__gtype__=<gobject.GType at remote 0x7fffed113810>, __doc__=<gobject.GObject.__doc__ at remote 0x7ffff7ec8090>, __module__='gtk') at remote 0xb271e0>, '__name__': '__main__', 'GPollableOutputStream': <type at remote 0xa9f9b0>, 'GFileDescriptorBased': <type at remote 0xa9e170>, 'buf': <gtk.TextBuffer at remote 0x7fffecbdd6e0>, '__doc__': None},
> locals={'__builtins__': <module at remote 0x7ffff7fb8b08>, '__file__': 'test.py', 'gtk': <module at remote 0x7ffff7ea77f8>, '__package__': None, 'GPollableInputStream': <type at remote 0xa97820>, 'GInitiallyUnowned': <GObjectMeta(__gtype__=<gobject.GType at remote 0x7fffed113810>, __doc__=<gobject.GObject.__doc__ at remote 0x7ffff7ec8090>, __module__='gtk') at remote 0xb271e0>, '__name__': '__main__', 'GPollableOutputStream': <type at remote 0xa9f9b0>, 'GFileDescriptorBased': <type at remote 0xa9e170>, 'buf': <gtk.TextBuffer at remote 0x7fffecbdd6e0>, '__doc__': None}, flags=<optimized out>, arena=<optimized out>) at ../Python/pythonrun.c:1370
> #7 0x0000000000469c04 in PyRun_FileExFlags (fp=fp at entry=0x9ee390, filename=filename at entry=0x7fffffffe554 "test.py", start=start at entry=257,
> globals=globals at entry={'__builtins__': <module at remote 0x7ffff7fb8b08>, '__file__': 'test.py', 'gtk': <module at remote 0x7ffff7ea77f8>, '__package__': None, 'GPollableInputStream': <type at remote 0xa97820>, 'GInitiallyUnowned': <GObjectMeta(__gtype__=<gobject.GType at remote 0x7fffed113810>, __doc__=<gobject.GObject.__doc__ at remote 0x7ffff7ec8090>, __module__='gtk') at remote 0xb271e0>, '__name__': '__main__', 'GPollableOutputStream': <type at remote 0xa9f9b0>, 'GFileDescriptorBased': <type at remote 0xa9e170>, 'buf': <gtk.TextBuffer at remote 0x7fffecbdd6e0>, '__doc__': None},
> locals=locals at entry={'__builtins__': <module at remote 0x7ffff7fb8b08>, '__file__': 'test.py', 'gtk': <module at remote 0x7ffff7ea77f8>, '__package__': None, 'GPollableInputStream': <type at remote 0xa97820>, 'GInitiallyUnowned': <GObjectMeta(__gtype__=<gobject.GType at remote 0x7fffed113810>, __doc__=<gobject.GObject.__doc__ at remote 0x7ffff7ec8090>, __module__='gtk') at remote 0xb271e0>, '__name__': '__main__', 'GPollableOutputStream': <type at remote 0xa9f9b0>, 'GFileDescriptorBased': <type at remote 0xa9e170>, 'buf': <gtk.TextBuffer at remote 0x7fffecbdd6e0>, '__doc__': None}, closeit=closeit at entry=1, flags=flags at entry=0x7fffffffe090) at ../Python/pythonrun.c:1356
> #8 0x000000000046a809 in PyRun_SimpleFileExFlags (fp=fp at entry=0x9ee390, filename=<optimized out>, filename at entry=0x7fffffffe554 "test.py", closeit=closeit at entry=1, flags=flags at entry=0x7fffffffe090) at ../Python/pythonrun.c:948
> #9 0x000000000046a905 in PyRun_AnyFileExFlags (fp=fp at entry=0x9ee390, filename=filename at entry=0x7fffffffe554 "test.py", closeit=closeit at entry=1, flags=flags at entry=0x7fffffffe090) at ../Python/pythonrun.c:752
> #10 0x000000000046b46e in Py_Main (argc=<optimized out>, argv=0x7fffffffe248) at ../Modules/main.c:640
> #11 0x00007ffff6f15b45 in __libc_start_main (main=0x46b52c <main>, argc=2, argv=0x7fffffffe248, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe238) at libc-start.c:287
> #12 0x0000000000579514 in _start ()
> (gdb)
It seems that python-gtk2 is faulty here, because in frame #0 buffer is
set to 0x2, which is hardly a legitimate value for a pointer. The crash
line is actually inspecting buffer:
> g_return_val_if_fail (GTK_IS_TEXT_BUFFER (buffer), NULL);
(in some other cases I've seen buffer set to 0x3, but cannot reproduce
it anymore)
Thanks, Giovanni.
--- System information. ---
Architecture: amd64
Kernel: Linux 3.14-1-amd64
Debian Release: jessie/sid
500 unstable ftp.ch.debian.org
500 stable dl.google.com
500 sid linux.dropbox.com
1 experimental ftp.ch.debian.org
--- Package information. ---
Depends (Version) | Installed
=====================================-+-===============
python (<< 2.8) | 2.7.5-5
python (>= 2.6.6-7~) | 2.7.5-5
python-numpy (>= 1:1.6.1) | 1:1.8.1-1
python-numpy-abi9 |
libatk1.0-0 (>= 1.12.4) |
libc6 (>= 2.2.5) |
libcairo2 (>= 1.2.4) |
libfontconfig1 (>= 2.9.0) |
libfreetype6 (>= 2.2.1) |
libgdk-pixbuf2.0-0 (>= 2.22.0) |
libglib2.0-0 (>= 2.24.0) |
libgtk2.0-0 (>= 2.24.0) |
libpango1.0-0 (>= 1.22.0) |
python-cairo (>= 1.0.2-1.1) |
python-gobject-2 (>= 2.21.3) |
Package's Recommends field is empty.
Suggests (Version) | Installed
==============================-+-===========
python-gtk2-doc | 2.24.0-3
--
Giovanni Mascellani <giovanni.mascellani at sns.it>
PhD Student - Scuola Normale Superiore, Pisa, Italy
http://poisson.phc.unipi.it/~mascellani
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 274 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20140518/b6d00683/attachment.sig>
More information about the pkg-gnome-maintainers
mailing list