After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 480876 - Yelp will crash when user does searching in yelp.
Yelp will crash when user does searching in yelp.
Status: RESOLVED DUPLICATE of bug 493751
Product: yelp
Classification: Applications
Component: General
2.20.x
Other opensolaris
: Normal critical
: ---
Assigned To: Yelp maintainers
Yelp maintainers
Depends on:
Blocks:
 
 
Reported: 2007-09-27 09:27 UTC by Tim Miao
Modified: 2007-11-07 19:27 UTC
See Also:
GNOME target: ---
GNOME version: 2.19/2.20

Attachments
Patch (374 bytes, patch)
2007-10-17 16:29 UTC, Matt Keenan (IRC:MattMan) 		none Details | Review

Description Tim Miao 2007-09-27 09:27:19 UTC 
Steps to reproduce:
1. Start yelp.
2. In searching field, type some key words and search.

Bug observations:
Yelp crashes.

Stack trace:
Distribution:                    Solaris Express Community Edition snv_73 X86
Gnome Release: 2.20.0 2007-09-24 (Sun Microsystems, Inc.)
BugBuddy Version: 2.20.0

X Vendor: Sun Microsystems, Inc.
X Vendor Release: 10300000
Selinux: No
Accessibility: Enabled
GTK+ Theme: nimbus
Icon Theme: nimbus

Memory status: size: 169574400 vsize: 169574400 resident: 59195392 share: 393216
 rss: 59195392 rss_rlim: 0
CPU usage: start_time: 0 rtime: 722 utime: 5580998 stime: 1641344 cutime:0 cstim
e: 0 timeout: 0 it_real_value: 0 frequency: 0

Backtrace was generated from '/usr/bin/yelp'

5779:   yelp
-----------------  lwp# 1 / thread# 1  --------------------
 d2b3fef5 waitid   (0, 1695, 80463a0, 3)
 d2b32866 waitpid  (1695, 8046504, 0) + 70
 d26b5962 g_spawn_sync (0, 8b24c98, 0, 4, 0, 0) + 346
 d26b5d16 g_spawn_command_line_sync (87466a0, 0, 0, 0, 8046580) + 5a
 cf751bff __1cNrun_bug_buddy6Fpkclp0_b_ (80b96d0, 1693, 0) + 8f
 cf751f70 __1cMcheck_if_gdb6Fpv_b_ (0) + 1d0
 cf75180b __1cUbugbuddy_segv_handle6Fi_v_ (6, 0, 80467b0) + bb
 d2b3e54f __sighndlr (6, 0, 80467b0, cf751750) + f
 d2b334fb call_user_handler (6, 0, 80467b0) + 2b8
 d2b33662 sigacthandler (6, 0, 80467b0) + c2
 --- called from signal handler with signal 6 (SIGABRT) ---
 d2b3fa85 _lwp_kill (1, 6) + 15
 d2af7392 raise    (6) + 22
 d2ad5474 abort    (0, f748a831, d271759c, 6c65682f, 72742f70, 61687361) + 64
 d268fa7c g_logv   (d2703b48, 4, d2703b24, 8046ef0) + 340
 d268faa5 g_log    (d2703b48, 4, d2703b24, d2703b18, f748a831) + 25
 d268e452 g_malloc (f748a831, 0, 87d6e50, 87d8298, 8b757d0, 807c360) + 56
 d26a3cb6 g_strndup (8b757d0, f748a830) + 2e
 0807c42b slow_search_process (87d6e50, 8c8e830) + cb
 ceb17204 rrn_for_each (807c360, 8c8e830) + 38
 0807c1fd slow_search_setup (885b880) + 7d
 d268ae9f g_idle_dispatch (89aaab0, 807c180, 885b880) + 1f
 d2687c3a g_main_dispatch (80d7388) + 1e2
 d2688d49 g_main_context_dispatch (80d7388) + 85
 d2689166 g_main_context_iterate (80d7388, 1, 1, 80b5bf0) + 3ce
 d2689768 g_main_loop_run (85e1210) + 1b8
 cfdeb222 gtk_main (8047344, 8047220, d2bfb7d8, 804720c, d2bd380d, d2bfdb38) + b
2
 0806e5a4 main     (1, 8047264, 804726c) + 520
 08062e42 _start   (1, 80473ac, 0, 80473b1, 80473d2, 8047406) + 7a
-----------------  lwp# 2 / thread# 2  --------------------
 d2b3f515 pollsys  (cc189c70, 1, 0, 0)
 d2af4b42 poll     (cc189c70, 1, ffffffff) + 52
 d2288bfa _pr_poll_with_poll (824e7e0, 1, ffffffff) + 39a
 d2288dc6 PR_Poll  (824e7e0, 1, ffffffff) + 16
 cd0866f6 __1cYnsSocketTransportServiceEPoll6MpI_i_ (824e2f8, cc189f74) + 11e
 cd087294 __1cYnsSocketTransportServiceDRun6M_I_ (824e2f8) + 68c
 d25c03dc __1cInsThreadEMain6Fpv_v_ (824da30) + 74
 d228ab0d _pt_root (824ea90) + d1
 d2b3e1f2 _thr_setup (cc070200) + 52
 d2b3e450 _lwp_start (cc070200, 0, 0, 0, 0, 0)
-----------------  lwp# 3 / thread# 3  --------------------
 d2b3e4a9 lwp_park (0, c879de58, 0)
 d2b385b6 cond_wait_queue (810811c, 810cc70, c879de58, 0) + 41
 d2b38944 cond_wait_common (810811c, 810cc70, c879de58) + 1e1
 d2b38b6a _cond_timedwait (810811c, 810cc70, c879ded8) + 4a
 d2b38bf9 cond_timedwait (810811c, 810cc70, c879ded8) + 27
 d2b38c36 pthread_cond_timedwait (810811c, 810cc70, c879ded8) + 21
 d22838da PR_WaitCondVar (8108118, 84ea4) + 24a
 d25c3663 __1cLTimerThreadDRun6M_I_ (810cba8) + eb
 d25c03dc __1cInsThreadEMain6Fpv_v_ (86e6320) + 74
 d228ab0d _pt_root (864a838) + d1
 d2b3e1f2 _thr_setup (cc070a00) + 52
 d2b3e450 _lwp_start (cc070a00, 0, 0, 0, 0, 0)
-----------------  lwp# 8 / thread# 8  --------------------
 d2b3e4a9 lwp_park (0, c7ffde68, 0)
 d2b385b6 cond_wait_queue (8a514c4, 873a7b0, c7ffde68, 0) + 41
 d2b38944 cond_wait_common (8a514c4, 873a7b0, c7ffde68) + 1e1
 d2b38b6a _cond_timedwait (8a514c4, 873a7b0, c7ffdee8) + 4a
 d2b38bf9 cond_timedwait (8a514c4, 873a7b0, c7ffdee8) + 27
 d2b38c36 pthread_cond_timedwait (8a514c4, 873a7b0, c7ffdee8) + 21
 d22838da PR_WaitCondVar (8a514c0, 5b8d80) + 24a
 cd057ff0 __1cOnsIOThreadPoolKThreadFunc6Fpv_v_ (873a778) + 74
 d228ab0d _pt_root (872e978) + d1
 d2b3e1f2 _thr_setup (cc071a00) + 52
 d2b3e450 _lwp_start (cc071a00, 0, 0, 0, 0, 0)
-----------------  lwp# 5 / thread# 5  --------------------
 d26a8c78 g_thread_create_proxy(), exit value = 0x00000000
        ** zombie (exited, not detached, not yet joined) **
-----------------  lwp# 6 / thread# 6  --------------------
 d26a8c78 g_thread_create_proxy(), exit value = 0x00000000
        ** zombie (exited, not detached, not yet joined) **
-----------------  lwp# 10 / thread# 10  --------------------
 d2b3e535 lwp_yield (cf863134, 0, c7efdf3c, cf851ec4, 885b880, 807b348) + 15
 d2b295c8 sched_yield (885b880, 807b348, 12c, 807b518, c7efdf64, 807b363) + 18
 cf851ec4 g_thread_yield_posix_impl (885b880, 84ff990, 84ff9e0, d22e4cc1, c7efdf
6c, 807b1f9) + 18
 0807b363 yelp_search_parser_process (885b880, 8861ce0) + d3
 0807b10a search_process (84ff990) + 76
 d26a8d92 g_thread_create_proxy (8146580) + 11a
 d2b3e1f2 _thr_setup (cc072200) + 52
 d2b3e450 _lwp_start (cc072200, 0, 0, 0, 0, 0)
-----------------  lwp# 9 / thread# 9  --------------------
 d2b3e4a9 lwp_park (0, c869de68, 0)
 d2b385b6 cond_wait_queue (8a514c4, 873a7b0, c869de68, 0) + 41
 d2b38944 cond_wait_common (8a514c4, 873a7b0, c869de68) + 1e1
 d2b38b6a _cond_timedwait (8a514c4, 873a7b0, c869dee8) + 4a
 d2b38bf9 cond_timedwait (8a514c4, 873a7b0, c869dee8) + 27
 d2b38c36 pthread_cond_timedwait (8a514c4, 873a7b0, c869dee8) + 21
 d22838da PR_WaitCondVar (8a514c0, 5b8d80) + 24a
 cd057ff0 __1cOnsIOThreadPoolKThreadFunc6Fpv_v_ (873a778) + 74
 d228ab0d _pt_root (8731ad8) + d1
 d2b3e1f2 _thr_setup (cc071200) + 52
 d2b3e450 _lwp_start (cc071200, 0, 0, 0, 0, 0)


----------- .xsession-errors (894 sec old) ---------------------
/etc/X11/gdm/Xsession: Beginning session setup...
/etc/X11/gdm/Xsession: Setup done, will execute: /usr/dt/config/Xsession.jds
--------------------------------------------------
Comment 1 Matt Keenan (IRC:MattMan) 2007-10-17 16:29:15 UTC 
Created attachment 97363 [details] [review]
Patch

This crash is being caused when a NULL pointer is being references within the 
function :
     yelp-search-parser.c:slow_search_process()

Specifically fname is NULL so as the reg->uri has not been set, resulting in
the g_strndup() later on via "ptr" causing a SEGV as "ptr" is NULL.

Why the uri is not being set is probably because of a package being installed
incorrectly onto the system and not running rarian-update properly. (a guess).

To solve this problem some validation  should be done on fname at the start
of the function.

This patch validates fname and if NULL or zero length simply returns FALSE.
Comment 2 Don Scorgie 2007-11-07 19:27:40 UTC 
Thanks for the bug report. This particular bug has already been reported into our bug tracking system, but please feel free to report any further bugs you find.

I've fixed this in SVN Head.  If we do a 2.20.2 release, it'll get back-ported.  Also, fix you're bad OMF files ;)

*** This bug has been marked as a duplicate of 493751 ***