GNOME Bugzilla – Bug 330782
gnome-dictionary crashes when looking up "game"
Last modified: 2007-09-04 14:40:53 UTC
That bug has been opened on https://launchpad.net/distros/ubuntu/+source/gnome-utils/+bug/31077 "gnome-dictionary crashes when looking up the word game. stacktrace: martin@mubuntu-laptop:~$ gdb gnome-dictionary GNU gdb 6.4-debian Copyright 2005 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". (gdb) handle SIG33 pass nostop noprint Signal Stop Print Pass to program Description SIG33 No No Yes Real-time event 33 (gdb) run Starting program: /usr/bin/gnome-dictionary [Thread debugging using libthread_db enabled] [New Thread 923200320 (LWP 25678)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 923200320 (LWP 25678)] 0x37fb5c8e in gdict_client_context_parse_line (context=0x80e3a68, buffer=0x81c9478 "595 Moby Thesaurus words for ") at gdict-client-context.c:1494 1494 p = g_utf8_next_char (p); (gdb) thread apply all bt
+ Trace 66088
Thread 1 (Thread 923200320 (LWP 25678))
confirmed with HEAD.
fixed in both the HEAD and gnome-2-14 branches. 2006-02-11 Emmanuele Bassi <ebassi@cvs.gnome.org> * libgdict/gdict-client-context.c (gdict_client_context_io_watch_cb), (gdict_client_context_parse_line): make the dictionary response code parsing a bit more robust; add a bunch of debug messages (closes bug #330782).
Still happening with 2.14.0, distro comment: "Mine also crashes repeatedly whenever trying to look up the word "pride" ... > Brach, what version of the package do you use? It's supposed to be fixed with dapper ... Sebastien, I'm on dapper flight 5 i386. It crashes before and after the dist-upgrade to gnome 2.14 + most recent updates. By package do you mean I guess you mean for gnome-utils which is 2.14.0-0ubuntu1 better yet here's my gnome-dictionary bug report :) ..." Debug backtrace on that example: Program received signal SIGSEGV, Segmentation fault.
+ Trace 67032
Thread NaN (LWP 4035)
aknowledging this bug - it's a problem reguarding the moby thesaurus dictionary: it replies with a numeric code similar to the DICT protocol status codes; thus, the state machine goes blam! as it doesn't know in which state it's in.
Created attachment 62110 [details] [review] proposed patch more robust parsing and checking response code
(reviewing the patch of comment #5) the patch fixes *this* bug, but using a "whitelist" for valid status codes is a bit dangerous: there are other possible status codes that could break the parser. at this point, the "is_valid_code" should do a preliminary parsing of the response if it is a status line (that is, it begins with three numbers in a row), depending on the status code: if the parsing fails, then the status returned is 0, and the state machine will assume that the line is data.
I've implemented a small whitelisting code as explained on comment #6 the get_status_code() function checks against the previously set status code that the new possible status code is consistent to what we should expect from the server; if not, the line is assumed to contain data (status_code = 0). the attached patch is what is going to be committed; I'd like other to test it, and if it works, I'm going to put it into 2.15.1 and possibly backport it to the gnome-2-14 branch
Created attachment 63686 [details] [review] DICT Status whitelisting The DICT status whitelisting patch
*** Bug 335778 has been marked as a duplicate of this bug. ***
*** Bug 335360 has been marked as a duplicate of this bug. ***
*** Bug 338966 has been marked as a duplicate of this bug. ***
Fixed in HEAD. 2006-04-22 Emmanuele Bassi <ebassi@cvs.gnome.org> * libgdict/gdict-client-context.c (get_status_code): Implement the status whitelisting: check the possible new status against the expected status codes before changing status; this should prevent moby-thes to screw up with the state machine we use to parse the status line (closes bug #330782 and dupes).
I'm sorry for no response. I came back to GNOME-2.14 environment at last and your patch works fine. Thanks!
The patch has been backported to Ubuntu but it still crash on some words as pointed by https://launchpad.net/distros/ubuntu/+source/gnome-utils/+bug/43128 "gnome-dictionary: Reproducible crash on "relation" 1. Search for "relation" 2. gnome-dictionary crashes" That backtrace is from 2.14.0 with the fix from that bug backported: "Program received signal SIGSEGV, Segmentation fault.
+ Trace 68039
Thread NaN (LWP 5667)
Should the bug be reopened or should I open a different one about it?
thanks sebastien, it's a simple two-liners in libgdict/gdict-client-context.c at line 1646: + if (!g_unichar_isspace (line[3])) + return 0; DICT status line format mandates a space after the numeric code. I'd really like the dictionaries *not* to use pre-formatted text: it makes parsing an awful lot more complicated. anyway, it's fixed in HEAD now.
The patch works fine, thank you for the quick fix, I've backported that to the dapper package
*** Bug 349654 has been marked as a duplicate of this bug. ***
*** Bug 346061 has been marked as a duplicate of this bug. ***
*** Bug 369760 has been marked as a duplicate of this bug. ***
*** Bug 425635 has been marked as a duplicate of this bug. ***
*** Bug 373080 has been marked as a duplicate of this bug. ***