GNOME Bugzilla – Bug 116942
Nautilus crashes while navigating around pixmap directories
Last modified: 2004-12-22 21:47:04 UTC
Description of Problem: I was navigating around the different directories below /usr/share/pixmaps and specifically tried to enter the /usr/share/pixmaps/nautilus/industrial directory when this crash occurred. Steps to reproduce the problem: 1. Browse around looking at pixmaps under the /usr/share pixmaps directory 2. Go to /usr/share/pixmaps/nautilus 3. Double click the industrial folder icon Actual Results: Crash Expected Results: See the industrial folder How often does this happen? First time, just thought I'd report it Additional Information: I'm working with a RedHat 9 system, on which I later installed XD2, on which I later installed GNOME2.3 using jhbuild. 'nautilus --version' reports 2.3.6. Debugging Information: Backtrace was generated from '/opt/gnome2/bin/nautilus' [New Thread 1088028000 (LWP 15811)] [New Thread 1133735216 (LWP 15817)] [New Thread 1125342512 (LWP 15816)] [New Thread 1116949808 (LWP 15815)] [New Thread 1099455792 (LWP 15814)] 0xffffe002 in ?? ()
+ Trace 38505
Thread 1 (Thread 1088028000 (LWP 15811))
Update: I just tried it again and immediately received the same crash with the same stack trace. Sorry if the stack trace looks a little funny. I can't mail directly and thus I had to save the report and then cut and paste it into bugzilla.
This is an svg problem. Can you try to locate the svg that gives this problem? Just copy all the svgs in that directory to somewhere else and selectively move away files to another directory until you only have the svg that makes nautilus crash left. Then upload the svg here.
Created attachment 18462 [details] trash-empty.svg file (with wrong mime type associated)
I attached an svg which seems to cause this crash (though I did see nautilus render it at least once correctly, so this doesn't seem to be 100% reproducible; it seems to be more than 50% of the time, though). I didn't know what the mime type for svgs is, so I just chose binary. Also, this stack trace looks like the one in bug 116824, submitted by Luis Villa. Are they the same? Both these bugs also look similar to bug 96296, although there's no way this crash could have been caused by a mixture of Gnome 1.4 and Gnome 2.x libraries. One more thing--while trying to duplicate this bug, I got the crash in bug 117909. The stack trace doesn't look related to me, but I thought I'd mention it.
This is weird. I played around with gdb a little to get some more information. The line at art_render_gradient.c:378 should be totally innocuous so I don't see how it's causing this crash. Here's the info I was looking at: (gdb) frame
+ Trace 38881
gradient = (const ArtGradientLinear *) 0x824ee40 i = 1077383751 width = 48 len = 137583144 offset = 0 d_offset = 0 offset_fraction = 0 next_stop = 0 ix = 2 color1 = "\000\200\000" color2 = "\b\000\000" n_stops = 2 extra_stops = 652835029 stops = (ArtGradientStop *) 0x8354510 tmp_stops = (ArtGradientStop *) 0xa9fbe76e bufp = ( art_u8 *) 0x82e8ce0 "@$\023B@$\023BÈv¾\237*3+@\e/ݤ\214ôC@K7\211A\032¨+@ÀÊ¡E¶\eD@¾\237\032/Ý´.@Ä °Âò1ñC@\"ÛÂù~F\0012@\006\201\225C\207zC@é&1\bL35@ãÂ¥\233DÙºB@\030\004V\016\001¨8@ºI\f\002Ë´A@\225C\213lç\026<@ê&1\210¿k@@E¶óý\2007?@" spread = ART_GRADIENT_PAD (gdb) list 373 len = MAX (len, 0); 374 len = MIN (len, width); 375 } 376 else 377 { 378 len = width; 379 } 380 #ifdef DEBUG_SPEW 381 printf ("len: %d\n", len); 382 #endif (gdb)
George commited some fixes to this code for librsvg 2.3.14 - George, is this one fixed?
this should be fixed in libart 2.3.14