After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 528639 - Segmentation fault in pango_layout_check_lines
Segmentation fault in pango_layout_check_lines
Status: RESOLVED FIXED
Product: swfdec-gnome
Classification: Deprecated
Component: player
HEAD
Other Linux
: Normal normal
: ---
Assigned To: pango-maint
pango-maint
Depends on:
Blocks:
 
 
Reported: 2008-04-17 19:17 UTC by Riccardo Magliocchetti
Modified: 2008-09-01 18:11 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Riccardo Magliocchetti 2008-04-17 19:17:31 UTC 
Version: 1.20.2 from debian sid

Howto reproduce:

You need swfdec git plus mozilla plugin installed: 
git clone git://anongit.freedesktop.org/git/swfdec/swfdec
git clone git://anongit.freedesktop.org/git/swfdec/swfdec-mozilla

1. Open your browser to: http://sports.espn.go.com/mlb/scoreboard

2. from https://bugs.freedesktop.org/show_bug.cgi?id=15495#c3:
"For each game, when it is active, there will be a 'gamecast' link that will pop
open the the flash animation/app. Unfortunately, they're not active when the
games aren't active, so best bet is between 7PM and 1AM, US Eastern."

3. A new window will be opened, just click swfdec start button and the browser will crash after a few seconds

Stacktrace:

SWFDEC: ERROR: swfdec_as_context.c(172): swfdec_as_context_abort: Runtime exceeded
SWFDEC: ERROR: swfdec_as_context.c(172): swfdec_as_context_abort: Runtime exceeded

Program received signal SIGSEGV, Segmentation fault.

+ Trace 195495

Thread 3070760736 (LWP 2542)

  • #0 pango_layout_check_lines
    at /tmp/buildd/pango1.0-1.20.2/pango/pango-layout.c line 3688
  • #1 pango_layout_get_line_count
    at /tmp/buildd/pango1.0-1.20.2/pango/pango-layout.c line 1280
  • #2 swfdec_text_field_movie_line_position
  • #3 swfdec_text_field_movie_render
    at swfdec_text_field_movie.c line 926
  • #4 swfdec_movie_render
  • #5 swfdec_movie_do_render
    at swfdec_movie.c line 1220
  • #6 swfdec_sprite_movie_render
    at swfdec_sprite_movie.c line 778
  • #7 swfdec_movie_render
    at swfdec_movie.c line 804
  • #8 swfdec_movie_do_render
    at swfdec_movie.c line 1220
  • #9 swfdec_sprite_movie_render
    at swfdec_sprite_movie.c line 778
  • #10 swfdec_movie_render
    at swfdec_movie.c line 804
  • #11 swfdec_movie_do_render
    at swfdec_movie.c line 1220
  • #12 swfdec_sprite_movie_render
    at swfdec_sprite_movie.c line 778
  • #13 swfdec_movie_render
    at swfdec_movie.c line 804
  • #14 swfdec_movie_do_render
    at swfdec_movie.c line 1220
  • #15 swfdec_sprite_movie_render
    at swfdec_sprite_movie.c line 778
  • #16 swfdec_movie_render
    at swfdec_movie.c line 804
  • #17 swfdec_movie_do_render
    at swfdec_movie.c line 1220
  • #18 swfdec_sprite_movie_render
    at swfdec_sprite_movie.c line 778
  • #19 swfdec_movie_render
    at swfdec_movie.c line 804
  • #20 swfdec_movie_do_render
    at swfdec_movie.c line 1220
  • #21 swfdec_sprite_movie_render
    at swfdec_sprite_movie.c line 778
  • #22 swfdec_movie_render
    at swfdec_movie.c line 804
  • #23 swfdec_player_render_with_renderer
    at swfdec_player.c line 2980
  • #24 swfdec_player_render
    at swfdec_player.c line 2920
  • #25 swfmoz_player_render
    at swfmoz_player.c line 637
  • #26 swfmoz_player_idle_redraw
    at swfmoz_player.c line 157 






Comment 1


Benjamin Otte (Company)





          2008-04-17 19:33:45 UTC
        



This is likely the same Flash that caused https://bugzilla.redhat.com/show_bug.cgi?id=441614 - and that was an invalid memory write in Swfdec.
If you want to be really sure, you should run the Flash in valgrind. Or you could update your 0.6 installation to Swfdec git (branch name is "0.6" surprisingly), it's supposed to be fixed there.







Comment 2


Riccardo Magliocchetti





          2008-04-17 19:50:12 UTC
        



Yes the flash is probably the same but the stacktraces seems quite different.
I'm using 'master' branch so latest 0.7 and the fixes should be there too or not?
I will try swfplay with valgrind and report back.






Comment 3


Riccardo Magliocchetti





          2008-04-17 21:47:46 UTC
        



Benjamin, I've been running this for more than an hour without getting any invalid memory write error:

/usr/bin/valgrind --leak-check=yes .libs/lt-swfplay http://assets.espn.go.com/swf/gamecast/GameCast_MLB_6.08.swf 2> foo.valgrind

I'm noticing that i don't get:

SWFDEC: ERROR: swfdec_as_context.c(172): swfdec_as_context_abort: Runtime
exceeded

but:

SWFDEC: ERROR: swfdec_as_interpret.c(2174): swfdec_action_get_time: FIXME: time overflow

So i'm not walking the right path to excercise the bug.






Comment 4


Riccardo Magliocchetti





          2008-09-01 18:11:21 UTC
        



I cannot reproduce this anymore, asked Company and he is fine with reassigning to swfdec-gnome and closing as fixed.