Bug#823755: pinpoint: segfaults on example

ydirson at free.fr ydirson at free.fr
Sun May 8 15:12:15 UTC 2016 

Package: pinpoint
Version: 1:0.1.8-2
Severity: important
X-debbugs-CC: pkg-gnome-maintainers at lists.alioth.debian.org

Just running "pinpoint /usr/share/doc/pinpoint/examples/introduction.pin" shows the first slide,
and if I just wait or hit a key, I get a segfault.  The problem may be in the underlying
libraries, but could simply be a case of buffer overflow.

This machine uses gtk 3.20, and I could reproduce the crash on one that's still on 3.18.
Both are using libxcursor 1:1.1.14-1+b1.

(gdb) bt
#0  __GI___pthread_mutex_lock (mutex=0x21) at ../nptl/pthread_mutex_lock.c:68
#1  0x00007ffff313e44a in XrmQGetResource (db=0x63ecc0, names=names at entry=0x7fffffffd560, classes=classes at entry=0x7fffffffd570, pType=pType at entry=0x7fffffffd55c, 
    pValue=pValue at entry=0x7fffffffd580) at ../../src/Xrm.c:2549
#2  0x00007ffff311a796 in XGetDefault (dpy=dpy at entry=0x6284f0, prog=prog at entry=0x7fffeccba63d "Xcursor", name=name at entry=0x7fffeccba6cf "core") at ../../src/GetDflt.c:231
#3  0x00007fffeccb7748 in _XcursorGetDisplayInfo (dpy=0x6284f0) at ../../src/display.c:151
#4  0x00007fffeccb7789 in XcursorSupportsARGB (dpy=<optimized out>) at ../../src/display.c:297
#5  0x00007fffeccba121 in XcursorNoticeCreateBitmap (dpy=0x21, pid=140737488344416, width=4294956400, height=332) at ../../src/xlib.c:132
#6  0x00007ffff3114d01 in XCreatePixmap (dpy=0x6284f0, d=d at entry=245, width=width at entry=1, height=height at entry=1, depth=depth at entry=1) at ../../src/CrPixmap.c:61
#7  0x00007ffff245bbe4 in _gdk_x11_window_create_bitmap_surface (window=0x63f000, width=width at entry=1, height=height at entry=1)
    at /build/gtk+3.0-Ym2tpG/gtk+3.0-3.20.3/./gdk/x11/gdkwindow-x11.c:586
#8  0x00007ffff243ad82 in get_blank_cursor (display=0x635020) at /build/gtk+3.0-Ym2tpG/gtk+3.0-3.20.3/./gdk/x11/gdkcursor-x11.c:219
#9  _gdk_x11_display_get_cursor_for_type (display=0x635020, cursor_type=GDK_BLANK_CURSOR) at /build/gtk+3.0-Ym2tpG/gtk+3.0-3.20.3/./gdk/x11/gdkcursor-x11.c:270
#10 0x00007ffff6da6776 in clutter_stage_gdk_set_cursor_visible (stage_window=0x671120, cursor_visible=<optimized out>) at gdk/clutter-stage-gdk.c:545
#11 0x00007ffff6e0f384 in clutter_stage_hide_cursor (stage=0xb18d00) at clutter-stage.c:2724
#12 0x0000000000408123 in ?? ()
#13 0x00007ffff5806a53 in g_timeout_dispatch (source=0x142af50, callback=<optimized out>, user_data=<optimized out>) at /build/glib2.0-2CrUwg/glib2.0-2.48.0/./glib/gmain.c:4577
#14 0x00007ffff5805fea in g_main_dispatch (context=0x65ac10) at /build/glib2.0-2CrUwg/glib2.0-2.48.0/./glib/gmain.c:3154
#15 g_main_context_dispatch (context=context at entry=0x65ac10) at /build/glib2.0-2CrUwg/glib2.0-2.48.0/./glib/gmain.c:3769
#16 0x00007ffff5806390 in g_main_context_iterate (context=context at entry=0x65ac10, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>)
    at /build/glib2.0-2CrUwg/glib2.0-2.48.0/./glib/gmain.c:3840
#17 0x00007ffff580643c in g_main_context_iteration (context=context at entry=0x65ac10, may_block=may_block at entry=1) at /build/glib2.0-2CrUwg/glib2.0-2.48.0/./glib/gmain.c:3901
#18 0x00007ffff6a86ccd in g_application_run (application=0x84d0f0, argc=0, argv=0x0) at /build/glib2.0-2CrUwg/glib2.0-2.48.0/./gio/gapplication.c:2381
#19 0x0000000000405101 in ?? ()
#20 0x00007ffff521b610 in __libc_start_main (main=0x404f40, argc=2, argv=0x7fffffffda38, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffda28)
    at libc-start.c:291
#21 0x00000000004051d9 in ?? ()


a valgrind run would point to some unitialized mutex:

==8274== Use of uninitialised value of size 8
==8274==    at 0x745EA94: pthread_mutex_lock (pthread_mutex_lock.c:68)
==8274==    by 0x9826449: XrmQGetResource (Xrm.c:2549)
==8274==    by 0x9802795: XGetDefault (GetDflt.c:231)
==8274==    by 0xFD57747: _XcursorGetDisplayInfo (display.c:151)
==8274==    by 0xFD57788: XcursorSupportsARGB (display.c:297)
==8274==    by 0xFD5A120: XcursorNoticeCreateBitmap (xlib.c:132)
==8274==    by 0x97FCD00: XCreatePixmap (CrPixmap.c:61)
==8274==    by 0xA5BABE3: _gdk_x11_window_create_bitmap_surface (gdkwindow-x11.c:586)
==8274==    by 0xA599D81: get_blank_cursor (gdkcursor-x11.c:219)
==8274==    by 0xA599D81: _gdk_x11_display_get_cursor_for_type (gdkcursor-x11.c:270)
==8274==    by 0x5B95775: clutter_stage_gdk_set_cursor_visible (in /usr/lib/x86_64-linux-gnu/libclutter-1.0.so.0.2600.0)
==8274==    by 0x5BFE383: clutter_stage_hide_cursor (in /usr/lib/x86_64-linux-gnu/libclutter-1.0.so.0.2600.0)
==8274==    by 0x408122: ??? (in /usr/bin/pinpoint)
==8274==
==8274== Invalid read of size 4
==8274==    at 0x745EA94: pthread_mutex_lock (pthread_mutex_lock.c:68)
==8274==    by 0x9826449: XrmQGetResource (Xrm.c:2549)
==8274==    by 0x9802795: XGetDefault (GetDflt.c:231)
==8274==    by 0xFD57747: _XcursorGetDisplayInfo (display.c:151)
==8274==    by 0xFD57788: XcursorSupportsARGB (display.c:297)
==8274==    by 0xFD5A120: XcursorNoticeCreateBitmap (xlib.c:132)
==8274==    by 0x97FCD00: XCreatePixmap (CrPixmap.c:61)
==8274==    by 0xA5BABE3: _gdk_x11_window_create_bitmap_surface (gdkwindow-x11.c:586)
==8274==    by 0xA599D81: get_blank_cursor (gdkcursor-x11.c:219)
==8274==    by 0xA599D81: _gdk_x11_display_get_cursor_for_type (gdkcursor-x11.c:270)
==8274==    by 0x5B95775: clutter_stage_gdk_set_cursor_visible (in /usr/lib/x86_64-linux-gnu/libclutter-1.0.so.0.2600.0)
==8274==    by 0x5BFE383: clutter_stage_hide_cursor (in /usr/lib/x86_64-linux-gnu/libclutter-1.0.so.0.2600.0)
==8274==    by 0x408122: ??? (in /usr/bin/pinpoint)
==8274==  Address 0x10 is not stack'd, malloc'd or (recently) free'd

More information about the pkg-gnome-maintainers mailing list