After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 304334 - Start Gnibbles on Fedora Core 4 Test 3 x86_64
Start Gnibbles on Fedora Core 4 Test 3 x86_64
Status: RESOLVED FIXED
Product: gnome-games-superseded
Classification: Deprecated
Component: gnibbles
2.10.x
Other other
: Normal normal
: ---
Assigned To: GNOME Games maintainers
GNOME Games maintainers
: 303974 304724 305235 305880 306594 306976 308114 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2005-05-16 10:19 UTC by Joerg Skottke
Modified: 2005-06-17 19:27 UTC
See Also:
GNOME target: ---
GNOME version: 2.9/2.10


Attachments
Gnibbles bug fix. (1.44 KB, patch)
2005-05-19 17:49 UTC, Richard Hoelscher
none Details | Review

Description Joerg Skottke 2005-05-16 10:19:44 UTC
Distribution: Fedora Core release 3.92 (Pre-FC4)
Package: gnome-games
Severity: normal
Version: GNOME2.10.0 2.10.0
Gnome-Distributor: Red Hat, Inc
Synopsis: Start Gnibbles on Fedora Core 4 Test 3 x86_64
Bugzilla-Product: gnome-games
Bugzilla-Component: gnibbles
Bugzilla-Version: 2.10.0
BugBuddy-GnomeVersion: 2.0 (2.10.0)
Description:
Description of the crash:


Steps to reproduce the crash:
1. 
2. 
3. 

Expected Results:


How often does this happen?


Additional Information:



Debugging Information:

Backtrace was generated from '/usr/bin/gnibbles'




------- Bug moved to this database by unknown@bugzilla.gnome.org 2005-05-16 10:19 UTC -------


Unknown version 2.10.0 in product gnome-games.  Setting version to "2.10.x".

Comment 1 Richard Hoelscher 2005-05-16 12:21:36 UTC
Thanks for taking the time to report this bug. If you have time and can still
reproduce the bug, please read http://bugzilla.gnome.org/bug-HOWTO.html and add
a description of how to reproduce this bug.

You'll also need to add a stack trace; please see
http://live.gnome.org/GettingTraces for more information about how to do so.

(Second report of this, a duplicate of Bug #303974... I'll try to download
FC4test3 and reproduce it.)
Comment 2 Richard Hoelscher 2005-05-18 22:21:09 UTC
I grabbed the gnome-games x86 rpm (FC4 test 3) and installed it on my laptop
(FC4 test2), running it in GDB brings the junk below.. The crash happens when
you click "Game->New Game". 

This does not happen on my gnibbles from CVS.

------------------------------
*** buffer overflow detected ***: /usr/bin/gnibbles terminated
(no debugging symbols found)
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x7fbcc5]
/usr/bin/gnibbles(gnibbles_load_level+0xa6)[0x8050538]
/usr/bin/gnibbles[0x8054cc4]
/usr/lib/libgobject-2.0.so.0(g_cclosure_marshal_VOID__VOID+0x47)[0xc9a6f7]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x10a)[0xc8f172]
/usr/lib/libgobject-2.0.so.0[0xc9e9bb]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x6ae)[0xca0107]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0xca047b]
/usr/lib/libgtk-x11-2.0.so.0(gtk_widget_activate+0x8a)[0x4e8c5dd]
/usr/lib/libgtk-x11-2.0.so.0(gtk_menu_shell_activate_item+0xc5)[0x4dbebcf]
/usr/lib/libgtk-x11-2.0.so.0[0x4dbee85]
/usr/lib/libgtk-x11-2.0.so.0[0x4db6340]
/usr/lib/libgtk-x11-2.0.so.0[0x4db0e72]
/usr/lib/libgobject-2.0.so.0[0xc8ec86]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x10a)[0xc8f172]
/usr/lib/libgobject-2.0.so.0[0xc9eb47]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x422)[0xc9fe7b]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0xca047b]
/usr/lib/libgtk-x11-2.0.so.0[0x4e8c7e3]
/usr/lib/libgtk-x11-2.0.so.0(gtk_propagate_event+0xc1)[0x4daf5d7]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main_do_event+0x329)[0x4dafa14]
/usr/lib/libgdk-x11-2.0.so.0[0x18bce4]
/usr/lib/libglib-2.0.so.0(g_main_context_dispatch+0x1dc)[0xc2a46e]
/usr/lib/libglib-2.0.so.0[0xc2d476]
/usr/lib/libglib-2.0.so.0(g_main_loop_run+0x1a1)[0xc2d763]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xb4)[0x4daecd5]
/usr/bin/gnibbles(main+0x5bf)[0x8055483]
/lib/libc.so.6(__libc_start_main+0xc6)[0x732de6]
/usr/bin/gnibbles[0x804e931]
======= Memory map: ========
00101000-00131000 r-xp 00000000 03:03 730869     /usr/lib/libpango-1.0.so.0.800.1
00131000-00137000 rwxp 00030000 03:03 730869     /usr/lib/libpango-1.0.so.0.800.1
00137000-00138000 r-xp 00000000 03:03 856866    
/usr/X11R6/lib/X11/locale/lib/common/xlcUTF8Load.so.2
00138000-00139000 rwxp 00000000 03:03 856866    
/usr/X11R6/lib/X11/locale/lib/common/xlcUTF8Load.so.2
00139000-0014c000 r-xp 00000000 03:03 730764    
/usr/lib/libgdk_pixbuf-2.0.so.0.600.4
0014c000-0014e000 rwxp 00012000 03:03 730764    
/usr/lib/libgdk_pixbuf-2.0.so.0.600.4
00150000-001c1000 r-xp 00000000 03:03 731081     /usr/lib/libgdk-x11-2.0.so.0.600.4
001c1000-001c8000 rwxp 00071000 03:03 731081     /usr/lib/libgdk-x11-2.0.so.0.600.4
001ca000-0020e000 r-xp 00000000 03:03 731445     /usr/lib/libORBit-2.so.0.0.0
0020e000-0021b000 rwxp 00043000 03:03 731445     /usr/lib/libORBit-2.so.0.0.0
0021d000-0022e000 r-xp 00000000 03:03 731523    
/usr/lib/libbonobo-activation.so.4.0.0
0022e000-00231000 rwxp 00010000 03:03 731523    
/usr/lib/libbonobo-activation.so.4.0.0
00233000-00248000 r-xp 00000000 03:03 731556     /usr/lib/libhowl.so.0.0.0
00248000-0024a000 rwxp 00014000 03:03 731556     /usr/lib/libhowl.so.0.0.0
0024a000-0035c000 rwxp 0024a000 00:00 0
0035e000-00370000 r-xp 00000000 03:03 731560     /usr/lib/libgnome-2.so.0.900.1
00370000-00371000 rwxp 00012000 03:03 731560     /usr/lib/libgnome-2.so.0.900.1
00373000-0037b000 r-xp 00000000 03:03 731594     /usr/lib/libgnome-keyring.so.0.0.1
0037b000-0037c000 rwxp 00007000 03:03 731594     /usr/lib/libgnome-keyring.so.0.0.1
0037c000-00385000 r-xp 00000000 03:03 393257     /lib/libnss_files-2.3.4.so
00385000-00386000 r-xp 00008000 03:03 393257     /lib/libnss_files-2.3.4.so
00386000-00387000 rwxp 00009000 03:03 393257     /lib/libnss_files-2.3.4.so
00387000-00388000 r-xp 00000000 03:03 786873     /usr/lib/gconv/ISO8859-1.so
00388000-0038a000 rwxp 00000000 03:03 786873     /usr/lib/gconv/ISO8859-1.so
0038f000-00486000 r-xp 00000000 03:03 393273     /lib/libcrypto.so.0.9.7f
00486000-00498000 rwxp 000f7000 03:03 393273     /lib/libcrypto.so.0.9.7f
00498000-0049b000 rwxp 00498000 00:00 0
0049d000-004b3000 r-xp 00000000 03:03 727570     /usr/lib/libgssapi_krb5.so.2.2
004b3000-004b4000 rwxp 00016000 03:03 727570     /usr/lib/libgssapi_krb5.so.2.2
004b6000-004eb000 r-xp 00000000 03:03 393275     /lib/libssl.so.0.9.7f
004eb000-004ee000 rwxp 00035000 03:03 393275     /lib/libssl.so.0.9.7f
004f0000-00516000 r-xp 00000000 03:03 731202    
/usr/lib/libgnomecanvas-2.so.0.1000.0
00516000-00519000 rwxp 00025000 03:03 731202    
/usr/lib/libgnomecanvas-2.so.0.1000.0
0051b000-00625000 r-xp 00000000 03:03 731547     /usr/lib/libxml2.so.2.6.19
00625000-0062d000 rwxp 00109000 03:03 731547     /usr/lib/libxml2.so.2.6.19
0062d000-0062e000 rwxp 0062d000 00:00 0
00630000-006d0000 r-xp 00000000 03:03 393315     /lib/libasound.so.2.0.0
006d0000-006de000 rwxp 0009f000 03:03 393315     /lib/libasound.so.2.0.0
006e0000-006e8000 r-xp 00000000 03:03 729142     /usr/lib/libesd.so.0.2.35
006e8000-006e9000 rwxp 00008000 03:03 729142     /
Program received signal SIGABRT, Aborted.
[Switching to Thread -1208436256 (LWP 3506)]
0x007017e2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2

(thread apply all bt)

Thread 1 (Thread -1208436256 (LWP 3506))

  • #0 _dl_sysinfo_int80
    from /lib/ld-linux.so.2
  • #1 raise
    from /lib/libc.so.6
  • #2 abort
    from /lib/libc.so.6
  • #3 __libc_message
    from /lib/libc.so.6
  • #4 __chk_fail
    from /lib/libc.so.6
  • #5 gnibbles_load_level
  • #6 end_game
  • #7 g_cclosure_marshal_VOID__VOID
    from /usr/lib/libgobject-2.0.so.0
  • #8 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #9 g_signal_connect_closure_by_id
    from /usr/lib/libgobject-2.0.so.0
  • #10 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #11 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #12 gtk_widget_activate
    from /usr/lib/libgtk-x11-2.0.so.0
  • #13 gtk_menu_shell_activate_item
    from /usr/lib/libgtk-x11-2.0.so.0
  • #14 gtk_menu_shell_activate_item
    from /usr/lib/libgtk-x11-2.0.so.0
  • #15 gtk_menu_reorder_child
    from /usr/lib/libgtk-x11-2.0.so.0
  • #16 gtk_marshal_VOID__UINT_STRING
    from /usr/lib/libgtk-x11-2.0.so.0
  • #17 g_cclosure_new_swap
    from /usr/lib/libgobject-2.0.so.0
  • #18 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #19 g_signal_connect_closure_by_id
    from /usr/lib/libgobject-2.0.so.0
  • #20 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #21 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #22 gtk_widget_activate
    from /usr/lib/libgtk-x11-2.0.so.0
  • #23 gtk_propagate_event
    from /usr/lib/libgtk-x11-2.0.so.0
  • #24 gtk_main_do_event
    from /usr/lib/libgtk-x11-2.0.so.0
  • #25 gdk_screen_get_setting
    from /usr/lib/libgdk-x11-2.0.so.0
  • #26 g_main_context_dispatch
    from /usr/lib/libglib-2.0.so.0
  • #27 g_main_context_check
    from /usr/lib/libglib-2.0.so.0
  • #28 g_main_loop_run
    from /usr/lib/libglib-2.0.so.0
  • #29 gtk_main
    from /usr/lib/libgtk-x11-2.0.so.0
  • #30 main

Comment 3 Richard Hoelscher 2005-05-18 22:22:07 UTC
*** Bug 303974 has been marked as a duplicate of this bug. ***
Comment 4 Richard Hoelscher 2005-05-19 17:16:22 UTC
*** Bug 304724 has been marked as a duplicate of this bug. ***
Comment 5 Richard Hoelscher 2005-05-19 17:49:24 UTC
Created attachment 46647 [details] [review]
Gnibbles bug fix.

Built from Fedora's source RPMs, and one result of whatever mojo they do in
there is apparently the fgets refuses to read into a buffer that is smaller
than the limit specified. Easy to fix, and there are more new bugs of this sort
on other products in Fedora.

It also looks like the size of tmparray was one byte too short.... honestly,
looking at the code several times over, I don't yet know why. :)
Comment 6 Richard Hoelscher 2005-05-19 19:54:43 UTC
fgets() is probably tying to append a NULL character to the end of the string,
after the newline, but we've allocated just enough space (and set a limit for)
92 characters and a newline. I'm not sure what's supposed to happen in this
particular situation, but it's not working.

We should probably should move over to something like g_file_get_contents()
during this cycle.
Comment 7 Callum McKenzie 2005-05-19 22:58:50 UTC
The fix is absolutely correct. The limit given to fgets should _never_ have been
greater than the buffer size. Probably the only thing that stopped this bug
appearing before was the gap provided by word alignment. This needs to be
applied to both 2.10 and 2.11 branches.

Using g_file_get_contents() won't improve anything really. It will just use more
memory (since we would store the entire file) for no real gain in portability
(the core stdio functions are a lot more portable than glib). Neither of these
is really an issue here, but it saves mucking around with tested code.

Comment 8 Richard Hoelscher 2005-05-20 02:47:35 UTC
The fix has been committed to CVS HEAD and the gnome-2-10 branch.
Comment 9 Richard Hoelscher 2005-05-20 03:49:56 UTC
FWIW, sending this downstream too...:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158269
Comment 10 Richard Hoelscher 2005-05-23 20:44:42 UTC
*** Bug 305235 has been marked as a duplicate of this bug. ***
Comment 11 Richard Hoelscher 2005-05-30 00:21:02 UTC
*** Bug 305880 has been marked as a duplicate of this bug. ***
Comment 12 Richard Hoelscher 2005-06-06 01:17:28 UTC
*** Bug 306594 has been marked as a duplicate of this bug. ***
Comment 13 Richard Hoelscher 2005-06-09 07:23:36 UTC
*** Bug 306976 has been marked as a duplicate of this bug. ***
Comment 14 Richard Hoelscher 2005-06-17 19:27:46 UTC
*** Bug 308114 has been marked as a duplicate of this bug. ***