Bug#897069: shutter: SIGSEGV in strlen ()

[Nathaniel Morck Beaver]

Package: shutter
Version: 0.93.1-1.3
Severity: normal

Segfaults upon exit sometimes. Backtrace is attached.

Sincerely,

Nathaniel Beaver

-- System Information:
Debian Release: 9.4
   APT prefers stable-updates
   APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-0.bpo.3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: 
LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages shutter depends on:
ii  imagemagick                        8:6.9.7.4+dfsg-11+deb9u4
ii  imagemagick-6.q16 [imagemagick]    8:6.9.7.4+dfsg-11+deb9u4
ii  libfile-basedir-perl               0.07-1
ii  libfile-copy-recursive-perl        0.38-1
ii  libfile-which-perl                 1.21-1
ii  libglib-perl                       3:1.324-1
ii  libgnome2-canvas-perl              1.002-4+b1
ii  libgnome2-gconf-perl               1.044-6+b1
ii  libgnome2-perl                     1.046-3+b1
ii  libgnome2-vfs-perl                 1.082-1+b3
ii  libgnome2-wnck-perl                0.16-3+b3
ii  libgtk2-imageview-perl             0.05-2+b3
ii  libgtk2-perl                       2:1.2499-1
ii  libgtk2-unique-perl                0.05-2+b3
ii  libimage-magick-perl [perlmagick]  8:6.9.7.4+dfsg-11+deb9u4
ii  libjson-perl                       2.90-1
ii  libjson-xs-perl                    3.030-1
ii  liblocale-gettext-perl             1.07-3+b1
ii  libnet-dbus-perl                   1.1.0-4+b1
ii  libnet-dropbox-api-perl            1.9-1
ii  libpath-class-perl                 0.37-1
ii  libproc-processtable-perl          0.53-2
ii  libproc-simple-perl                1.32-1
ii  librsvg2-common                    2.40.16-1+b1
ii  libsort-naturally-perl             1.03-1
ii  libwww-mechanize-perl              1.83-1
ii  libwww-perl                        6.15-1
ii  libx11-protocol-other-perl         29-2
ii  libx11-protocol-perl               0.56-7
ii  libxml-simple-perl                 2.22-1
ii  perlmagick                         8:6.9.7.4+dfsg-11+deb9u4
ii  procps                             2:3.3.12-3
ii  xdg-utils                          1.1.1-1

Versions of packages shutter recommends:
ii  libgoo-canvas-perl         0.06-2+b3
ii  libgtk2-appindicator-perl  0.15-1+b4

Versions of packages shutter suggests:
pn  gnome-web-photo         <none>
ii  libimage-exiftool-perl  10.40-1
pn  libnet-dbus-glib-perl   <none>
ii  nautilus-sendto         3.8.4-2+b1

-- no debconf information
-------------- next part --------------
GNU gdb (Debian 7.12-6) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/perl...Reading symbols from /usr/lib/debug//usr/bin/perl...done.
done.

warning: core file may not match specified executable file.
[New LWP 15707]
[New LWP 15727]
[New LWP 15728]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/bin/perl /usr/bin/shutter /home/nathaniel/archive/2017/personal/software/b'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
106	../sysdeps/x86_64/strlen.S: No such file or directory.
[Current thread is 1 (Thread 0x7fddf07fc2c0 (LWP 15707))]
(gdb) info proc
exe = '/usr/bin/perl /usr/bin/shutter /home/nathaniel/archive/2017/personal/software/b'
(gdb) info locals
No locals.
(gdb) info args
No symbol table info available.
(gdb) info frame
Stack level 0, frame at 0x7ffefefe40d0:
 rip = 0x7fddefbf7676 in strlen (../sysdeps/x86_64/strlen.S:106); saved rip = 0x55ab0822d113
 called by frame at 0x7ffefefe4100
 source language asm.
 Arglist at 0x7ffefefe40c0, args: 
 Locals at 0x7ffefefe40c0, Previous frame's sp is 0x7ffefefe40d0
 Saved registers:
  rip at 0x7ffefefe40c8
(gdb) info threads
  Id   Target Id         Frame 
* 1    Thread 0x7fddf07fc2c0 (LWP 15707) strlen () at ../sysdeps/x86_64/strlen.S:106
  2    Thread 0x7fddd85d6700 (LWP 15727) 0x00007fddefc5667d in poll () at ../sysdeps/unix/syscall-template.S:84
  3    Thread 0x7fddcffff700 (LWP 15728) 0x00007fddefc5667d in poll () at ../sysdeps/unix/syscall-template.S:84
(gdb) thread apply all backtrace full

Thread 3 (Thread 0x7fddcffff700 (LWP 15728)):
#0  0x00007fddefc5667d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007fddeef609f6 in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x7fddc80010c0, timeout=<optimized out>, context=0x55ab0d9eb290) at ././glib/gmain.c:4228
        poll_func = 0x7fddeef70840 <g_poll>
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 2
        allocated_nfds = 2
        fds = 0x7fddc80010c0
#2  0x00007fddeef609f6 in g_main_context_iterate (context=0x55ab0d9eb290, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ././glib/gmain.c:3924
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 2
        allocated_nfds = 2
        fds = 0x7fddc80010c0
#3  0x00007fddeef60d82 in g_main_loop_run (loop=0x55ab0d9e1ea0) at ././glib/gmain.c:4125
        __func__ = "g_main_loop_run"
#4  0x00007fdde999a656 in gdbus_shared_thread_func (user_data=0x55ab0d9e1ee0) at ././gio/gdbusprivate.c:247
        data = 0x55ab0d9e1ee0
#5  0x00007fddeef883d5 in g_thread_proxy (data=0x55ab0d88a5e0) at ././glib/gthread.c:784
        thread = 0x55ab0d88a5e0
#6  0x00007fddeff1d494 in start_thread (arg=0x7fddcffff700) at pthread_create.c:333
        __res = <optimized out>
        pd = 0x7fddcffff700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140590654158592, 7065098854155673712, 0, 140733176496799, 0, 140591199809600, -7081952167863000976, -7082022452149231504}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#7  0x00007fddefc5facf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Thread 2 (Thread 0x7fddd85d6700 (LWP 15727)):
#0  0x00007fddefc5667d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007fddeef609f6 in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x7fddd00008e0, timeout=<optimized out>, context=0x55ab0d9eb150) at ././glib/gmain.c:4228
        poll_func = 0x7fddeef70840 <g_poll>
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 2
        allocated_nfds = 2
        fds = 0x7fddd00008e0
#2  0x00007fddeef609f6 in g_main_context_iterate (context=context at entry=0x55ab0d9eb150, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ././glib/gmain.c:3924
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 2
        allocated_nfds = 2
        fds = 0x7fddd00008e0
#3  0x00007fddeef60b0c in g_main_context_iteration (context=0x55ab0d9eb150, may_block=may_block at entry=1) at ././glib/gmain.c:3990
        retval = <optimized out>
#4  0x00007fddeef60b51 in glib_worker_main (data=<optimized out>) at ././glib/gmain.c:5783
#5  0x00007fddeef883d5 in g_thread_proxy (data=0x55ab0d88a770) at ././glib/gthread.c:784
        thread = 0x55ab0d88a770
#6  0x00007fddeff1d494 in start_thread (arg=0x7fddd85d6700) at pthread_create.c:333
        __res = <optimized out>
        pd = 0x7fddd85d6700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140590794499840, 7065098854155673712, 0, 140733176496447, 0, 140591199809600, -7081922220666658704, -7082022452149231504}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#7  0x00007fddefc5facf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Thread 1 (Thread 0x7fddf07fc2c0 (LWP 15707)):
#0  0x00007fddefbf7676 in strlen () at ../sysdeps/x86_64/strlen.S:106
#1  0x000055ab0822d113 in Perl_newSVpv (my_perl=0x55ab0a366010, s=s at entry=0xd86f1a0 <error: Cannot access memory at address 0xd86f1a0>, len=len at entry=0) at sv.c:9231
        sv = 0x55ab0e52d5c8
#2  0x00007fdddca1069a in perl_unique_app_marshall_message_received (closure=0x55ab0d873240, return_value=0x7ffefefe42a0, n_param_values=<optimized out>, param_values=0x7ffefefe4300, invocant_hint=<optimized out>, marshal_data=<optimized out>) at xs/UniqueApp.xs:34
        app = <optimized out>
        command = <optimized out>
        command_name = 0xd86f1a0 <error: Cannot access memory at address 0xd86f1a0>
        pc = 0x55ab0d873240
        count = <optimized out>
        data = 0x0
        instance = <optimized out>
        sp = 0x55ab0c2d6c28
#6  0x00007fddef254fbf in <emit signal ??? on instance 0x55ab0d8682b0 [UniqueApp]> (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at ././gobject/gsignal.c:3447
        var_args = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffefefe45d0, reg_save_area = 0x7ffefefe4510}}
    #3  0x00007fddef239f75 in g_closure_invoke (closure=0x55ab0d873240, return_value=return_value at entry=0x7ffefefe42a0, n_param_values=4, param_values=param_values at entry=0x7ffefefe4300, invocation_hint=invocation_hint at entry=0x7ffefefe4280) at ././gobject/gclosure.c:804
                marshal = <optimized out>
                marshal_data = <optimized out>
                in_marshal = 0
                real_closure = 0x55ab0d873220
                __func__ = "g_closure_invoke"
    #4  0x00007fddef24bf82 in signal_emit_unlocked_R (node=node at entry=0x55ab0d86bf10, detail=detail at entry=0, instance=instance at entry=0x55ab0d8682b0, emission_return=emission_return at entry=0x7ffefefe4440, instance_and_params=instance_and_params at entry=0x7ffefefe4300) at ././gobject/gsignal.c:3635
                tmp = <optimized out>
                handler = 0x55ab0ab30240
                accumulator = 0x55ab0d860720
                emission = {next = 0x0, instance = 0x55ab0d8682b0, ihint = {signal_id = 167, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4}
                handler_list = 0x55ab0ab30240
                return_accu = 0x7ffefefe42a0
                accu = {g_type = 94193107413232, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                signal_id = 167
                max_sequential_handler_number = 70149
                return_value_altered = 0
    #5  0x00007fddef25467f in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args at entry=0x7ffefefe44f0) at ././gobject/gsignal.c:3401
                return_value = {g_type = 94193107413232, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                error = 0x0
                rtype = 94193107413232
                static_scope = 0
                instance_and_params = 0x7ffefefe4300
                signal_return_type = <optimized out>
                param_values = 0x7ffefefe4318
                i = <optimized out>
                n_params = <optimized out>
                __func__ = "g_signal_emit_valist"
#7  0x00007fdddc805ac6 in unique_app_emit_message_received () at /usr/lib/libunique-1.0.so.0
#8  0x00007fdddc808d3d in  () at /usr/lib/libunique-1.0.so.0
#9  0x00007fdddc808c06 in  () at /usr/lib/libunique-1.0.so.0
#10 0x00007fdde648cf78 in invoke_object_method (message=0x55ab0ab1e480, connection=0x55ab0ab1c630, method=0x7fdddca0bc90, object_info=0x7fdddca0bc60, object=<optimized out>) at dbus-gobject.c:1906
        had_error = <optimized out>
        value_array = 0x55ab0d8faf20
        gerror = 0x0
        closure = {ref_count = 0, meta_marshal_nouse = 0, n_guards = 0, n_fnotifiers = 0, n_inotifiers = 0, in_inotify = 0, floating = 0, derivative_flag = 0, in_marshal = 0, is_invalid = 0, marshal = 0x0, data = 0x0, notifiers = 0x0}
        out_param_pos = 1
        have_retval = 1
        send_reply = 1
        out_param_count = <optimized out>
        out_param_gvalue_pos = 0
        retval_signals_error = 1
        arg_metadata = 0x7fdddc80a3a8 ""
        is_async = <optimized out>
        out_param_values = 0x7fddc81898f0
        return_value = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
        out_param_gvalues = 0x55ab0e2e69a0
        reply = 0x0
        retval_is_synthetic = 1
        retval_is_constant = 0
        pspec = <optimized out>
        object = <optimized out>
        setter = <optimized out>
        getter = <optimized out>
        getall = <optimized out>
        s = <optimized out>
        requested_propname = 0x0
        wincaps_propiface = 0x0
        iter = {dummy1 = 0x0, dummy2 = 0x55ab0e05efc0, dummy3 = 235270320, dummy4 = 21931, dummy5 = -269415680, dummy6 = 32733, dummy7 = 0, dummy8 = 0, dummy9 = 464, dummy10 = 0, dummy11 = 239868832, pad1 = 21931, pad2 = 0x7fddefbf10c8 <_int_realloc+552>, pad3 = 0x16c}
        method = 0x7fdddca0bc90
        object_info = 0x7fdddca0bc60
        ret = <optimized out>
        o = <optimized out>
#11 0x00007fdde648cf78 in object_registration_message (connection=0x55ab0ab1c630, message=0x55ab0ab1e480, user_data=<optimized out>) at dbus-gobject.c:2168
        pspec = <optimized out>
        object = <optimized out>
        setter = <optimized out>
        getter = <optimized out>
        getall = <optimized out>
        s = <optimized out>
        requested_propname = 0x0
        wincaps_propiface = 0x0
        iter = {dummy1 = 0x0, dummy2 = 0x55ab0e05efc0, dummy3 = 235270320, dummy4 = 21931, dummy5 = -269415680, dummy6 = 32733, dummy7 = 0, dummy8 = 0, dummy9 = 464, dummy10 = 0, dummy11 = 239868832, pad1 = 21931, pad2 = 0x7fddefbf10c8 <_int_realloc+552>, pad3 = 0x16c}
        method = 0x7fdddca0bc90
        object_info = 0x7fdddca0bc60
        ret = <optimized out>
        o = <optimized out>
#12 0x00007fdde6254733 in  () at /lib/x86_64-linux-gnu/libdbus-1.so.3
#13 0x00007fdde6245d84 in dbus_connection_dispatch () at /lib/x86_64-linux-gnu/libdbus-1.so.3
#14 0x00007fdde648aa25 in message_queue_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at dbus-gmain.c:90
        connection = 0x55ab0ab1c630
#15 0x00007fddeef607f7 in g_main_dispatch (context=0x55ab0a5f1400) at ././glib/gmain.c:3203
        dispatch = 0x7fdde648aa10 <message_queue_dispatch>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x0
        callback = 0x0
        cb_funcs = <optimized out>
        cb_data = <optimized out>
        need_destroy = <optimized out>
        source = 0x55ab0d86d940
        current = 0x55ab0d8f6b30
        i = 0
#16 0x00007fddeef607f7 in g_main_context_dispatch (context=context at entry=0x55ab0a5f1400) at ././glib/gmain.c:3856
#17 0x00007fddeef60a60 in g_main_context_iterate (context=0x55ab0a5f1400, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ././glib/gmain.c:3929
        max_priority = 0
        timeout = 0
        some_ready = 1
        nfds = 6
        allocated_nfds = 6
        fds = <optimized out>
#18 0x00007fddeef60d82 in g_main_loop_run (loop=0x55ab0e046640) at ././glib/gmain.c:4125
        __func__ = "g_main_loop_run"
#19 0x00007fddea4933b7 in IA__gtk_main () at ./gtk/gtkmain.c:1268
        tmp_list = 0x0
        functions = 0x0
        init = <optimized out>
        loop = 0x55ab0e046640
#20 0x00007fddeaa4dde5 in XS_Gtk2_main (my_perl=<optimized out>, cv=0x55ab0a5195d0) at xs/Gtk2.c:579
        sp = <optimized out>
        ax = 1
        mark = <optimized out>
        items = <optimized out>
#21 0x000055ab08217240 in Perl_pp_entersub (my_perl=0x55ab0a366010) at pp_hot.c:3988
        markix = 0
        is_scalar = false
        sp = <optimized out>
        sv = 0x55ab0a5195d0
        gv = 0x55ab0821cc10 <Perl_sv_free2+96>
        cv = <optimized out>
        old_savestack_ix = <optimized out>
#22 0x000055ab0820f786 in Perl_runops_standard (my_perl=0x55ab0a366010) at run.c:41
        op = <optimized out>
#23 0x000055ab08195829 in S_run_body (oldscope=1, my_perl=0x55ab0a366010) at perl.c:2488
        oldscope = 1
        ret = <optimized out>
        cur_env = {je_prev = 0x55ab0a366390, je_buf = {{__jmpbuf = {0, -3937740709970845584, 94193063487984, 140733176500160, 0, 0, -7065664008017682320, -3937740593373388688}, __mask_was_saved = 0, __saved_mask = {__val = {0, 94193099104272, 140591199404544, 2156, 94193099104272, 148565664, 0, 94193064242913, 140591199404632, 94193099115928, 93458488360960, 94193063870808, 94193099104272, 5359924209285204224, 94193063487984, 0}}}}, je_ret = 0, je_mustcatch = false, je_old_delaymagic = 0}
#24 0x000055ab08195829 in perl_run (my_perl=0x55ab0a366010) at perl.c:2411
        oldscope = 1
        ret = <optimized out>
        cur_env = {je_prev = 0x55ab0a366390, je_buf = {{__jmpbuf = {0, -3937740709970845584, 94193063487984, 140733176500160, 0, 0, -7065664008017682320, -3937740593373388688}, __mask_was_saved = 0, __saved_mask = {__val = {0, 94193099104272, 140591199404544, 2156, 94193099104272, 148565664, 0, 94193064242913, 140591199404632, 94193099115928, 93458488360960, 94193063870808, 94193099104272, 5359924209285204224, 94193063487984, 0}}}}, je_ret = 0, je_mustcatch = false, je_old_delaymagic = 0}
#25 0x000055ab0816e9dd in main (argc=<optimized out>, argv=<optimized out>, env=<optimized out>) at perlmain.c:116
        exitstatus = <optimized out>
        i = <optimized out>