[Bug 633863] New: valgrind crash with segfault

23 Aug 2010

      https://bugzilla.novell.com/show_bug.cgi?id=633863

https://bugzilla.novell.com/show_bug.cgi?id=633863#c0

           Summary: valgrind crash with segfault
    Classification: openSUSE
           Product: openSUSE 11.3
           Version: Final
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Critical
          Priority: P5 - None
         Component: X11 Applications
        AssignedTo: bnc-team-screening@forge.provo.novell.com
        ReportedBy: andrea@opensuse.org
         QAContact: qa@suse.de
          Found By: ---
           Blocker: ---

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.6
(KHTML, like Gecko) Chrome/6.0.495.0 Safari/534.6

when i try to run valgrind this die with segfault.

pasting gdb and valgrind output:

GDB

anubis@netbook-pc:~> gdb tilda
GNU gdb (GDB) SUSE (7.1-3.12)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i586-suse-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/tilda...Reading symbols from
/usr/lib/debug/usr/bin/tilda.debug...done.
done.
(gdb) r
Starting program: /usr/bin/tilda 
[Thread debugging using libthread_db enabled]
Detaching after fork from child process 5362.
Detaching after fork from child process 5363.
Detaching after fork from child process 5364.
[New Thread 0xb6da8b70 (LWP 5365)]

Program received signal SIGSEGV, Segmentation fault.
IA__gdk_x11_window_set_user_time (window=0x0, timestamp=0) at
gdkwindow-x11.c:3666
3666      if (GDK_WINDOW_DESTROYED (window) ||
(gdb) bt
#0  IA__gdk_x11_window_set_user_time (window=0x0, timestamp=0) at
gdkwindow-x11.c:3666
#1  0x080502ce in pull (tw=0x8068220, state=PULL_DOWN) at key_grabber.c:193
#2  0x080512e6 in main (argc=1, argv=0xbffff2b4) at tilda.c:619
(gdb) quit
A debugging session is active.

    Inferior 1 [process 5359] will be killed.

Quit anyway? (y or n) y

VALGRIND

valgrind -v tilda
==5405== Memcheck, a memory error detector
==5405== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==5405== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==5405== Command: tilda
==5405== 
--5405-- Valgrind options:
--5405--    -v
--5405-- Contents of /proc/version:
--5405--   Linux version 2.6.34-12-desktop (geeko@buildhost) (gcc version 4.5.0
20100604 [gcc-4_5-branch revision 160292] (SUSE Linux) ) #1 SMP PREEMPT
2010-06-29 02:39:08 +0200
--5405-- Arch and hwcaps: X86, x86-sse1-sse2
--5405-- Page sizes: currently 4096, max supported 4096
--5405-- Valgrind library directory: /usr/lib/valgrind
--5405-- Reading syms from /lib/ld-2.11.2.so (0x4000000)
--5405-- Reading debug info from /usr/lib/debug/lib/ld-2.11.2.so.debug ..
--5405-- Reading syms from /usr/bin/tilda (0x8048000)
--5405-- Reading debug info from /usr/lib/debug/usr/bin/tilda.debug ..
--5405-- Reading syms from /usr/lib/valgrind/memcheck-x86-linux (0x38000000)
--5405--    object doesn't have a symbol table
--5405--    object doesn't have a dynamic symbol table
--5405-- Reading suppressions file: /usr/lib/valgrind/default.supp
--5405-- REDIR: 0x4016f30 (index) redirected to 0x3803d653 (???)
--5405-- Reading syms from /usr/lib/valgrind/vgpreload_core-x86-linux.so
(0x4022000)
--5405--    object doesn't have a symbol table
--5405-- Reading syms from /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so
(0x4025000)
--5405--    object doesn't have a symbol table
==5405== WARNING: new redirection conflicts with existing -- ignoring it
--5405--     new: 0x04016f30 (index               ) R-> 0x04028990 index
--5405-- REDIR: 0x40170d0 (strlen) redirected to 0x4028c80 (strlen)
--5405-- Reading syms from /usr/lib/libgtk-x11-2.0.so.0.2000.1 (0x4046000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libgtk-x11-2.0.so.0.2000.1.debug ..
--5405-- Reading syms from /usr/lib/libgdk-x11-2.0.so.0.2000.1 (0x44aa000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libgdk-x11-2.0.so.0.2000.1.debug ..
--5405-- Reading syms from /usr/lib/libgdk_pixbuf-2.0.so.0.2000.1 (0x4555000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libgdk_pixbuf-2.0.so.0.2000.1.debug ..
--5405-- Reading syms from /usr/lib/libpango-1.0.so.0.2800.0 (0x4575000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libpango-1.0.so.0.2800.0.debug ..
--5405-- Reading syms from /usr/lib/libgobject-2.0.so.0.2400.1 (0x45c0000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libgobject-2.0.so.0.2400.1.debug ..
--5405-- Reading syms from /usr/lib/libgthread-2.0.so.0.2400.1 (0x4609000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libgthread-2.0.so.0.2400.1.debug ..
--5405-- Reading syms from /usr/lib/libglib-2.0.so.0.2400.1 (0x460f000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libglib-2.0.so.0.2400.1.debug ..
--5405-- Reading syms from /usr/lib/libglade-2.0.so.0.0.7 (0x46f5000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libglade-2.0.so.0.0.7.debug ..
--5405-- Reading syms from /usr/lib/libvte.so.9.13.1 (0x4711000)
--5405-- Reading debug info from /usr/lib/debug/usr/lib/libvte.so.9.13.1.debug
.
--5405-- Reading syms from /usr/lib/libX11.so.6.3.0 (0x47a8000)
--5405-- Reading debug info from /usr/lib/debug/usr/lib/libX11.so.6.3.0.debug
.
--5405-- Reading syms from /usr/lib/libconfuse.so.0.0.0 (0x48e3000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libconfuse.so.0.0.0.debug ..
--5405-- Reading syms from /lib/libpthread-2.11.2.so (0x48ef000)
--5405-- Reading debug info from /usr/lib/debug/lib/libpthread-2.11.2.so.debug
.
--5405-- Reading syms from /lib/libc-2.11.2.so (0x490a000)
--5405-- Reading debug info from /usr/lib/debug/lib/libc-2.11.2.so.debug ..
--5405-- Reading syms from /usr/lib/libpangocairo-1.0.so.0.2800.0 (0x4a76000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libpangocairo-1.0.so.0.2800.0.debug ..
--5405-- Reading syms from /usr/lib/libXfixes.so.3.1.0 (0x4a83000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libXfixes.so.3.1.0.debug ..
--5405-- Reading syms from /usr/lib/libatk-1.0.so.0.3009.1 (0x4a89000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libatk-1.0.so.0.3009.1.debug ..
--5405-- Reading syms from /usr/lib/libcairo.so.2.10800.10 (0x4aa8000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libcairo.so.2.10800.10.debug ..
--5405-- Reading syms from /usr/lib/libgio-2.0.so.0.2400.1 (0x4b33000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libgio-2.0.so.0.2400.1.debug ..
--5405-- Reading syms from /usr/lib/libpangoft2-1.0.so.0.2800.0 (0x4bed000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libpangoft2-1.0.so.0.2800.0.debug ..
--5405-- Reading syms from /usr/lib/libfontconfig.so.1.4.4 (0x4c22000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libfontconfig.so.1.4.4.debug ..
--5405-- Reading syms from /usr/lib/libgmodule-2.0.so.0.2400.1 (0x4c58000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libgmodule-2.0.so.0.2400.1.debug ..
--5405-- Reading syms from /lib/libm-2.11.2.so (0x4c5d000)
--5405-- Reading debug info from /usr/lib/debug/lib/libm-2.11.2.so.debug ..
--5405-- Reading syms from /usr/lib/libXext.so.6.4.0 (0x4c87000)
--5405-- Reading debug info from /usr/lib/debug/usr/lib/libXext.so.6.4.0.debug
.
--5405-- Reading syms from /usr/lib/libXrender.so.1.3.0 (0x4c99000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libXrender.so.1.3.0.debug ..
--5405-- Reading syms from /usr/lib/libXinerama.so.1.0.0 (0x4ca5000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libXinerama.so.1.0.0.debug ..
--5405-- Reading syms from /usr/lib/libXi.so.6.1.0 (0x4ca9000)
--5405-- Reading debug info from /usr/lib/debug/usr/lib/libXi.so.6.1.0.debug ..
--5405-- Reading syms from /usr/lib/libXrandr.so.2.2.0 (0x4cb9000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libXrandr.so.2.2.0.debug ..
--5405-- Reading syms from /usr/lib/libXcursor.so.1.0.2 (0x4cc2000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libXcursor.so.1.0.2.debug ..
--5405-- Reading syms from /usr/lib/libXcomposite.so.1.0.0 (0x4cce000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libXcomposite.so.1.0.0.debug ..
--5405-- Reading syms from /usr/lib/libXdamage.so.1.1.0 (0x4cd3000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libXdamage.so.1.1.0.debug ..
--5405-- Reading syms from /lib/librt-2.11.2.so (0x4cd7000)
--5405-- Reading debug info from /usr/lib/debug/lib/librt-2.11.2.so.debug ..
--5405-- Reading syms from /lib/libpcre.so.0.0.1 (0x4ce1000)
--5405-- Reading debug info from /usr/lib/debug/lib/libpcre.so.0.0.1.debug ..
--5405-- Reading syms from /usr/lib/libxml2.so.2.7.7 (0x4d10000)
--5405-- Reading debug info from /usr/lib/debug/usr/lib/libxml2.so.2.7.7.debug
.
--5405-- Reading syms from /lib/libncurses.so.5.7 (0x4e5e000)
--5405-- Reading debug info from /usr/lib/debug/lib/libncurses.so.5.7.debug ..
--5405-- Reading syms from /usr/lib/libxcb.so.1.1.0 (0x4eaa000)
--5405-- Reading debug info from /usr/lib/debug/usr/lib/libxcb.so.1.1.0.debug
.
--5405-- Reading syms from /lib/libdl-2.11.2.so (0x4eca000)
--5405-- Reading debug info from /usr/lib/debug/lib/libdl-2.11.2.so.debug ..
--5405-- Reading syms from /usr/lib/libfreetype.so.6.4.0 (0x4ecf000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libfreetype.so.6.4.0.debug ..
--5405-- Reading syms from /usr/lib/libpixman-1.so.0.18.0 (0x4f56000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libpixman-1.so.0.18.0.debug ..
--5405-- Reading syms from /usr/lib/libpng14.so.14.3.0 (0x4fc7000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libpng14.so.14.3.0.debug ..
--5405-- Reading syms from /usr/lib/libxcb-render-util.so.0.0.0 (0x4ff4000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libxcb-render-util.so.0.0.0.debug ..
--5405-- Reading syms from /usr/lib/libxcb-render.so.0.0.0 (0x4ff9000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/libxcb-render.so.0.0.0.debug ..
--5405-- Reading syms from /lib/libz.so.1.2.3 (0x5003000)
--5405-- Reading debug info from /usr/lib/debug/lib/libz.so.1.2.3.debug ..
--5405-- Reading syms from /lib/libresolv-2.11.2.so (0x5017000)
--5405-- Reading debug info from /usr/lib/debug/lib/libresolv-2.11.2.so.debug
.
--5405-- Reading syms from /lib/libselinux.so.1 (0x502e000)
--5405-- Reading debug info from /usr/lib/debug/lib/libselinux.so.1.debug ..
--5405-- Reading syms from /lib/libexpat.so.1.5.2 (0x504e000)
--5405-- Reading debug info from /usr/lib/debug/lib/libexpat.so.1.5.2.debug ..
--5405-- Reading syms from /usr/lib/libXau.so.6.0.0 (0x5078000)
--5405-- Reading debug info from /usr/lib/debug/usr/lib/libXau.so.6.0.0.debug
.
--5405-- REDIR: 0x497fd70 (index) redirected to 0x4028910 (index)
--5405-- REDIR: 0x4981980 (memchr) redirected to 0x4029060 (memchr)
--5405-- REDIR: 0x4980820 (rindex) redirected to 0x4028870 (rindex)
--5405-- REDIR: 0x497c5c0 (malloc) redirected to 0x4028585 (malloc)
--5405-- REDIR: 0x49823b0 (memcpy) redirected to 0x40290a0 (memcpy)
--5405-- REDIR: 0x497ca70 (free) redirected to 0x4027911 (free)
--5405-- REDIR: 0x4980470 (strlen) redirected to 0x4028c60 (strlen)
--5405-- REDIR: 0x4980650 (strncmp) redirected to 0x4028ef0 (strncmp)
--5405-- REDIR: 0x4981e80 (memset) redirected to 0x4029c20 (memset)
--5405-- REDIR: 0x497d5b0 (calloc) redirected to 0x4027007 (calloc)
--5405-- REDIR: 0x497df50 (posix_memalign) redirected to 0x4026f78
(posix_memalign)
--5405-- REDIR: 0x4982080 (stpcpy) redirected to 0x40299b0 (stpcpy)
--5405-- REDIR: 0x497cb50 (realloc) redirected to 0x4028634 (realloc)
--5405-- REDIR: 0x4984cf0 (strchrnul) redirected to 0x4029db0 (strchrnul)
--5405-- REDIR: 0x4981ee0 (mempcpy) redirected to 0x4029ed0 (mempcpy)
--5405-- REDIR: 0x497fee0 (strcmp) redirected to 0x4028f70 (strcmp)
--5405-- REDIR: 0x4980520 (strnlen) redirected to 0x4028c30 (strnlen)
--5405-- REDIR: 0x497ff50 (strcpy) redirected to 0x4028cc0 (strcpy)
--5405-- REDIR: 0x4984c20 (rawmemchr) redirected to 0x4029de0 (rawmemchr)
--5405-- REDIR: 0x4980770 (strncpy) redirected to 0x4028d90 (strncpy)
--5405-- Reading syms from /usr/lib/gconv/ISO8859-1.so (0x4040000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/gconv/ISO8859-1.so.debug ..
--5405-- REDIR: 0x4017770 (stpcpy) redirected to 0x4029a80 (stpcpy)
--5405-- REDIR: 0x4981e10 (memmove) redirected to 0x4029c90 (memmove)
--5405-- REDIR: 0x497fbc0 (strcat) redirected to 0x4028a50 (strcat)
--5405-- REDIR: 0x49f1780 (__strcpy_chk) redirected to 0x4029e00 (__strcpy_chk)
--5405-- REDIR: 0x49823a0 (__memcpy_chk) redirected to 0x402a090 (__memcpy_chk)
--5405-- Reading syms from /usr/lib/gtk-2.0/2.10.0/engines/libclearlooks.so
(0x5619000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/gtk-2.0/2.10.0/engines/libclearlooks.so.debug ..
--5405-- Reading syms from
/usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so (0x5655000)
--5405-- Reading debug info from
/usr/lib/debug/usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so.debug ..
--5405-- memcheck GC: 1024 nodes, 1024 survivors (100.0%)
--5405-- memcheck GC: increase table size to 2048
==5405== Warning: ignored attempt to set SIGKILL handler in sigaction();
==5405==          the SIGKILL signal is uncatchable
==5405== Invalid read of size 1
==5405==    at 0x45146C3: gdk_x11_window_set_user_time (gdkwindow-x11.c:3666)
==5405==    by 0x80502CD: pull (key_grabber.c:193)
==5405==    by 0x80512E5: main (tilda.c:619)
==5405==  Address 0x50 is not stack'd, malloc'd or (recently) free'd
==5405== 
==5405== 
==5405== Process terminating with default action of signal 11 (SIGSEGV)
==5405==  Access not within mapped region at address 0x50
==5405==    at 0x45146C3: gdk_x11_window_set_user_time (gdkwindow-x11.c:3666)
==5405==    by 0x80502CD: pull (key_grabber.c:193)
==5405==    by 0x80512E5: main (tilda.c:619)
==5405==  If you believe this happened as a result of a stack
==5405==  overflow in your program's main thread (unlikely but
==5405==  possible), you can try to increase the size of the
==5405==  main thread stack using the --main-stacksize= flag.
==5405==  The main thread stack size used in this run was 8388608.
--5405-- Discarding syms at 0x40403b0-0x4040f28 in /usr/lib/gconv/ISO8859-1.so
due to munmap()
==5405== 
==5405== HEAP SUMMARY:
==5405==     in use at exit: 464,773 bytes in 5,354 blocks
==5405==   total heap usage: 14,001 allocs, 8,647 frees, 1,022,842 bytes
allocated
==5405== 
==5405== Searching for pointers to 5,354 not-freed blocks
==5405== Checked 9,141,308 bytes
==5405== 
==5405== LEAK SUMMARY:
==5405==    definitely lost: 32 bytes in 1 blocks
==5405==    indirectly lost: 0 bytes in 0 blocks
==5405==      possibly lost: 263,197 bytes in 2,152 blocks
==5405==    still reachable: 201,544 bytes in 3,201 blocks
==5405==         suppressed: 0 bytes in 0 blocks
==5405== Rerun with --leak-check=full to see details of leaked memory
==5405== 
==5405== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 3 from 3)
==5405== 
==5405== 1 errors in context 1 of 1:
==5405== Invalid read of size 1
==5405==    at 0x45146C3: gdk_x11_window_set_user_time (gdkwindow-x11.c:3666)
==5405==    by 0x80502CD: pull (key_grabber.c:193)
==5405==    by 0x80512E5: main (tilda.c:619)
==5405==  Address 0x50 is not stack'd, malloc'd or (recently) free'd
==5405== 
--5405-- 
--5405-- used_suppression:      3 dl-hack3-cond-1
==5405== 
==5405== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 3 from 3)
Killed

Reproducible: Always

-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug 633863] New: valgrind crash with segfault

bugzilla_noreply＠novell.com