GNOME Bugzilla – Bug 614205
gedit crashes when I save a PHP file
Last modified: 2010-03-29 20:01:15 UTC
gedit 2.29.9 (on Gnome 2.29.92 and Ubuntu 10.04 Beta 1) always crashes when I try to save (Ctrl+s) a specific PHP file. So I just have to open the PHP file, modify a line and do "Ctrl+s". Then gedit crashes. Here's the backtrace: GNU gdb (GDB) 7.1-ubuntu Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/bin/gedit...Reading symbols from /usr/lib/debug/usr/bin/gedit...done. done. (gdb) handle SIG33 pass nostop noprint Signal Stop Print Pass to program Description SIG33 No No Yes Real-time event 33 (gdb) set pagination 0 (gdb) run Starting program: /usr/bin/gedit [Thread debugging using libthread_db enabled] [New Thread 0xb705cb70 (LWP 17523)] [New Thread 0xb680cb70 (LWP 17542)] sys:1: Warning: g_object_ref: assertion `G_IS_OBJECT (object)' failed Program received signal SIGSEGV, Segmentation fault. 0x0068286f in IA__g_cancellable_is_cancelled (cancellable=0x8d91aa8) at /build/buildd/glib2.0-2.23.6/gio/gcancellable.c:411 411 /build/buildd/glib2.0-2.23.6/gio/gcancellable.c: Aucun fichier ou dossier de ce type. in /build/buildd/glib2.0-2.23.6/gio/gcancellable.c (gdb) backtrace full
+ Trace 221139
Thread 1 (Thread 0xb7fdd750 (LWP 17519))
A debugging session is active. Inferior 1 [process 17519] will be killed. Quit anyway? (y or n)
Usual set of questions: - does this happen with just this file? - is this file special in some way (e.g. encoding)? - can you attach the file or is it private? - do you have plugins active? does it happen if you deactivate them all? - can you reproduce under valgrind and attach the file? (see http://live.gnome.org/Valgrind)
(In reply to comment #1) > - does this happen with just this file? I'm not sure. Since I updated to gedit 2.29.9, I experienced many gedit crashes, but I don't know if they are all related to this file. At least, I finally noticed that I can always reproduce the crash with this file. > - is this file special in some way (e.g. encoding)? No. I was modifying this file several times a week before my update to gedit 2.29.9, and I never had any crashes. > - can you attach the file or is it private? Attached. Not all "Ctrl+s" make gedit to crash, but to always reproduce the bug, go to the line 1921, find the only function of the line: superRawurlencode ($urlCat) and remove the space between the name of the function and the parentheses enclosing the argument, so: superRawurlencode($urlCat) Then do "Ctrl+s". The crash will occur, and a file ".goutputstream-[A-Z0-9]{6}" will be created in the same folder. > - do you have plugins active? does it happen if you deactivate them all? I deactivated all plugins, and gedit still crashes. > - can you reproduce under valgrind and attach the file? (see > http://live.gnome.org/Valgrind) Attached.
Created attachment 157385 [details] File making gedit to crash
Created attachment 157386 [details] Log file when the crash is reproduced under valgrind
Created attachment 157397 [details] [review] patch Thanks for the detailed bugreport! This patch should fix the issue: we were hitting a buffer overflow in an uncommon codepath (the file had to have utf8 in strategic positions)
This problem has been fixed in the development version. The fix will be available in the next major software release. Thank you for your bug report.