Bug 394890 – Segfault when running vte or gnome-terminal

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 394890 - (vtecrasher) Segfault when running vte or gnome-terminal

(vtecrasher)
Summary:	Segfault when running vte or gnome-terminal


Status:	RESOLVED FIXED

Product:	vte
Classification:	Core
Component:	general
Version:	0.15.x
Hardware:	Other All

Importance:	Normal critical
Target Milestone:	---
Assigned To:	VTE Maintainers
QA Contact:	VTE Maintainers

URL:
Whiteboard:

Duplicates:	395052 395204 395205 395207 395209 395214 395222 395247 395303 395349 395495 395496 395670 395682 395784 402720 433101 (view as bug list)
Depends on:
Blocks:

Reported:	2007-01-10 00:44 UTC by Colin Guthrie
Modified:	2007-04-24 23:46 UTC

See Also:
GNOME target:	---
GNOME version:	2.17/2.18

Attachments
Full output when building on x86_64 (197.83 KB, text/plain) 2007-01-10 01:36 UTC, Colin Guthrie	Details

Description Colin Guthrie 2007-01-10 00:44:06 UTC

Steps to reproduce:
1. Compile vte 0.15.1
2. Install
3. Run vte or gnome-terminal


Stack trace:
(gdb) bt

+ Trace 100881

#0 ??
#1 _vte_terminal_capability_strings
from /usr/lib64/libvte.so.9
#2 ??
#3 _vte_terminal_capability_strings
from /usr/lib64/libvte.so.9
#4 ??
#5 ??
#6 _vte_termcap_find_string_length
at vtetc.c line 267
#7 _vte_matcher_new
at matcher.c line 86
#8 vte_terminal_set_emulation
at vte.c line 6544
#9 vte_terminal_init
at vte.c line 6826
#10 g_type_create_instance
from /usr/lib64/libgobject-2.0.so.0
#11 g_object_set
from /usr/lib64/libgobject-2.0.so.0
#12 g_object_newv
from /usr/lib64/libgobject-2.0.so.0
#13 g_object_new_valist
from /usr/lib64/libgobject-2.0.so.0
#14 g_object_new
from /usr/lib64/libgobject-2.0.so.0
#15 vte_terminal_new
at vte.c line 1803
#16 main
at vteapp.c line 583
#17 __libc_start_main
from /lib64/libc.so.6
#18 _start
#19 ??
#20 ??



Other information:
Please note I am on x86_64.

See also: http://qa.mandriva.com/show_bug.cgi?id=28068

Comment 1 Allison Karlitskaya (desrt) 2007-01-10 01:09:51 UTC

suspicious return address.

i think i'm smashing the stack somewhere....

+ Trace 100884

#0 ??

Comment 2 Allison Karlitskaya (desrt) 2007-01-10 01:12:59 UTC

arg.  regression caused by my quick fix to bug 354061.

for "_vte_termcap_find_string_length" i changed the 'int' to a 'gssize' so that the function would match its prototype, but i forgot about this:

char *
_vte_termcap_find_string (VteTermcap *termcap,
                          const char *tname,
                          const char *cap)
{
  int length;

  return _vte_termcap_find_string_length (termcap, tname, cap, &length);
}


so the high 32bits of the length (all zeros) are being written over top of the low 32bits in the return address on the stack...

Comment 3 Allison Karlitskaya (desrt) 2007-01-10 01:20:19 UTC

please try SVN "trunk" (i think that's what they call it...)

2007-01-09  Ryan Lortie  <desrt@desrt.ca>

        Bug 394890 – Segfault when running vte or gnome-terminal

        * src/vtetc.c (_vte_termcap_find_string): change 'int' to 'gssize' to
        match previous fixup.  Hopefully that does it. :)

Comment 4 Allison Karlitskaya (desrt) 2007-01-10 01:21:50 UTC

also -- while compiling, if you could make note of any other warnings generated on a 64bit system that would be appreciated...

Comment 5 Colin Guthrie 2007-01-10 01:36:50 UTC

Created attachment 79916 [details]
Full output when building on x86_64

Here is the full output when building on x86_64. Knock yourself out :)

Comment 6 Colin Guthrie 2007-01-10 01:37:37 UTC

Confirming that your revision fixes the crash for me. 

Thanks for the quick response.

Comment 7 Behdad Esfahbod 2007-01-10 19:11:01 UTC

Thanks Ryan.  I'll wait until next week for the release.

Comment 8 Behdad Esfahbod 2007-01-10 23:13:39 UTC

*** Bug 395207 has been marked as a duplicate of this bug. ***

Comment 9 Behdad Esfahbod 2007-01-10 23:14:43 UTC

*** Bug 395205 has been marked as a duplicate of this bug. ***

Comment 10 Behdad Esfahbod 2007-01-10 23:15:09 UTC

*** Bug 395204 has been marked as a duplicate of this bug. ***

Comment 11 Behdad Esfahbod 2007-01-10 23:25:53 UTC

*** Bug 395214 has been marked as a duplicate of this bug. ***

Comment 12 Saikat Guha 2007-01-11 11:28:51 UTC

*** Bug 395303 has been marked as a duplicate of this bug. ***

Comment 13 Behdad Esfahbod 2007-01-11 22:10:22 UTC

*** Bug 395222 has been marked as a duplicate of this bug. ***

Comment 14 Behdad Esfahbod 2007-01-11 22:12:51 UTC

*** Bug 395349 has been marked as a duplicate of this bug. ***

Comment 15 Behdad Esfahbod 2007-01-11 22:14:16 UTC

*** Bug 395209 has been marked as a duplicate of this bug. ***

Comment 16 Behdad Esfahbod 2007-01-11 22:18:12 UTC

*** Bug 395247 has been marked as a duplicate of this bug. ***

Comment 17 Behdad Esfahbod 2007-01-11 22:20:47 UTC

*** Bug 395496 has been marked as a duplicate of this bug. ***

Comment 18 Behdad Esfahbod 2007-01-11 22:22:29 UTC

*** Bug 395495 has been marked as a duplicate of this bug. ***

Comment 19 Behdad Esfahbod 2007-01-12 07:55:53 UTC

*** Bug 395682 has been marked as a duplicate of this bug. ***

Comment 20 Behdad Esfahbod 2007-01-12 18:21:16 UTC

*** Bug 395052 has been marked as a duplicate of this bug. ***

Comment 21 Colin Guthrie 2007-01-12 22:16:44 UTC

I've quite clearly started an amazing trend!!!

Comment 22 Jens Granseuer 2007-01-13 13:13:14 UTC

*** Bug 395784 has been marked as a duplicate of this bug. ***

Comment 23 Teppo Turtiainen 2007-01-21 09:29:21 UTC

*** Bug 395670 has been marked as a duplicate of this bug. ***

Comment 24 Mariano Suárez-Alvarez 2007-01-31 05:20:58 UTC

*** Bug 402720 has been marked as a duplicate of this bug. ***

Comment 25 Diego Escalante Urrelo (not reading bugmail) 2007-04-24 23:46:33 UTC

*** Bug 433101 has been marked as a duplicate of this bug. ***