After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 402443 - gnome-panel crash, looks like a librsvg bug
gnome-panel crash, looks like a librsvg bug
Status: RESOLVED INCOMPLETE
Product: libxml2
Classification: Platform
Component: general
2.6.27
Other Linux
: Normal critical
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
Depends on:
Blocks:
 
 
Reported: 2007-01-30 14:38 UTC by Sebastien Bacher
Modified: 2007-07-01 14:18 UTC
See Also:
GNOME target: ---
GNOME version: 2.17/2.18


Description Sebastien Bacher 2007-01-30 14:38:40 UTC 
That bug has been opened on https://launchpad.net/ubuntu/+source/gnome-panel/+bug/82202

"Was installing ubuntustudiolauncher via aptitude
...
librsvg2-2 2.16.0-0ubuntu2
..."

Debug backtrace for the crash:

+ Trace 106537

  • #0 _int_malloc
    from /lib/tls/i686/cmov/libc.so.6
  • #0 _int_malloc
    from /lib/tls/i686/cmov/libc.so.6
  • #1 malloc
    from /lib/tls/i686/cmov/libc.so.6
  • #2 xmlStrndup__internal_alias
    at xmlstring.c line 45
  • #3 xmlParseAttValueInternal
    at parser.c line 7719
  • #4 xmlParseAttribute__internal_alias
    at parser.c line 7053
  • #5 xmlParseStartTag__internal_alias
    at parser.c line 7155
  • #6 xmlParseChunk__internal_alias
    at parser.c line 9858
  • #7 rsvg_handle_write_impl
    at rsvg-base.c line 1020
  • #8 gdk_pixbuf__svg_image_load_increment
    at io-svg.c line 129
  • #9 IA__gdk_pixbuf_loader_write
    at gdk-pixbuf-loader.c line 466
  • #10 icon_info_ensure_scale_and_pixbuf
    at gtkicontheme.c line 2547
  • #11 IA__gtk_icon_info_load_icon
    at gtkicontheme.c line 2714
  • #12 IA__gtk_icon_theme_load_icon
    at gtkicontheme.c line 1394
  • #13 get_cached_icon
    at gtkrecentmanager.c line 1981
  • #14 IA__gtk_recent_info_get_icon
    at gtkrecentmanager.c line 2012
  • #15 idle_populate_func
    at gtkrecentchoosermenu.c line 955
  • #16 g_idle_dispatch
    at gmain.c line 3928
  • #17 IA__g_main_context_dispatch
    at gmain.c line 2045
  • #18 g_main_context_iterate
    at gmain.c line 2677
  • #19 IA__g_main_loop_run
    at gmain.c line 2881
  • #20 IA__gtk_main
    at gtkmain.c line 1171
  • #21 main 






Comment 1


Dominic Lachowicz





          2007-01-30 14:43:20 UTC
        



Looks like a libxml2 bug to me.






Comment 2


William M. Brack





          2007-01-31 19:09:03 UTC
        



Looking at the applicable libxml2 source modules, I fail to see how you reach the conclusion that it "Looks like a libxml2 bug".  From the above trace, routine xmlParseAttValueInternal is trying to create a copy of a (good) string, calls xmlStrndup with a valid pointer and a requested length of 4 (all within memory limits), then crashes within the libc memory allocation routines.  To me, this would likely indicate that memory corruption has occurred, not that libxml2 has a problem. Please explain further what you think needs to be fixed within libxml2.






Comment 3


Dominic Lachowicz





          2007-01-31 19:13:05 UTC
        



I'm just passing the buck. It doesn't scream "this is a librsvg bug" either, but libxml2 is the last call above libc that has valid data.






Comment 4


Sebastien Bacher





          2007-01-31 20:59:00 UTC
        



I've asked to the submitter if he can try to get a valgrind log for the problem






Comment 5


Richard Eames





          2007-02-04 00:14:46 UTC
        



I've added the valgrind log to the post at launchpad. 

(http://librarian.launchpad.net/6172026/valgrind-logs-aptitude.tar.gz)






Comment 6


Pedro Villavicencio





          2007-07-01 14:18:53 UTC
        



Closing this bug report as no further information has been provided. Please feel free to reopen this bug if you can provide the information asked for.
Thanks!