[Bug 831620] New: /usr/lib64/mozc/mozc_renderer crashed only once with Segmentation fault in ___vsnprintf_chk (s=0x0, maxlen=<optimized out>, flags=1, slen=<optimized out>, format=0x7f8405c30cc5 "%s%s", args=args@entry=0x7f83fc8c5f58) at vsnprintf_chk.c:55 .
https://bugzilla.novell.com/show_bug.cgi?id=831620 https://bugzilla.novell.com/show_bug.cgi?id=831620#c0 Summary: /usr/lib64/mozc/mozc_renderer crashed only once with Segmentation fault in ___vsnprintf_chk (s=0x0, maxlen=<optimized out>, flags=1, slen=<optimized out>, format=0x7f8405c30cc5 "%s%s", args=args@entry=0x7f83fc8c5f58) at vsnprintf_chk.c:55 . Classification: openSUSE Product: openSUSE Factory Version: 13.1 Milestone 3 Platform: x86-64 OS/Version: SUSE Other Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: bkbin005@rinku.zaq.ne.jp QAContact: qa-bugs@suse.de Found By: --- Blocker: --- Created an attachment (id=549732) --> (http://bugzilla.novell.com/attachment.cgi?id=549732) GDB backtrace file User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36 I am testing openSUSE 13.1 Milestone 3 x86_64 with KDE desktop in VirtualBox 4.2.16 r86992 on Windows 7 SP1 64 bit . Host information: https://dl.dropboxusercontent.com/u/86335040/DxDiag17.txt . /usr/lib64/mozc/mozc_renderer crashed only once with Segmentation fault in ___vsnprintf_chk (s=0x0, maxlen=<optimized out>, flags=1, slen=<optimized out>, format=0x7f8405c30cc5 "%s%s", args=args@entry=0x7f83fc8c5f58) at vsnprintf_chk.c:55 .
rpm -qf /usr/lib64/mozc/mozc_renderer ibus-mozc-candidate-window-1.10.1390.102-2.3.x86_64 rpm -qa mozc mozc-1.10.1390.102-2.3.x86_64 rpm -qa ibus ibus-1.5.2-1.1.x86_64
I attached GDB backtrace file . Reproducible: Couldn't Reproduce Steps to Reproduce: 1. Use IBus and mozc in Japanese mode . Actual Results: /usr/lib64/mozc/mozc_renderer crashed only once with Segmentation fault in ___vsnprintf_chk (s=0x0, maxlen=<optimized out>, flags=1, slen=<optimized out>, format=0x7f8405c30cc5 "%s%s", args=args@entry=0x7f83fc8c5f58) at vsnprintf_chk.c:55 . Expected Results: The mozc_renderer should not crash with SIGSEGV . -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831620 https://bugzilla.novell.com/show_bug.cgi?id=831620#c Ye Yuan <yyuan@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |yyuan@suse.com AssignedTo|bnc-team-screening@forge.pr |coolo@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831620 https://bugzilla.novell.com/show_bug.cgi?id=831620#c Stephan Kulow <coolo@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|coolo@suse.com |ftake@geeko.jp -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831620 https://bugzilla.novell.com/show_bug.cgi?id=831620#c1 Fuminobu Takeyama <ftake@geeko.jp> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ftake@geeko.jp Component|Other |Sound AssignedTo|ftake@geeko.jp |tiwai@suse.com --- Comment #1 from Fuminobu Takeyama <ftake@geeko.jp> 2013-09-27 17:21:03 UTC --- As far as I understand from the stack trace, the segmentation fault is caused by pulse audio not by Mozc. I need pulse audio maintainers' help. #0 ___vsnprintf_chk #2 0x00007f8405c3027b in snprintf (__fmt=0x7f8405c30cc5 "%s%s", __n=<optimized out>, __s=<optimized out>) at /usr/include/bits/stdio2.h:64 No locals. #3 XauFileName () at AuFileName.c:83 slashDotXauthority = 0x7f8405c30cca "/.Xauthority" name = 0x7fffd72e8e4a "/home/mitsutoshi" bsize = 29 atexit_registered = 1 size = 29 #4 XauGetBestAuthByAddr at AuGetBest.c:74 #5 0x00007f840844ef62 in get_authptr at xcb_auth.c:164 // snip #9 0x00007f8401ce229a in pa_client_conf_from_x11 at pulse/client-conf-x11.c:53 #10 0x00007f840211fc05 in pa_context_new_with_proplist ( // snip #16 pa_mainloop_dispatch (m=m@entry=0x11195a0) at pulse/mainloop.c:904 // snip #21 0x00007f840c265e0b in start_thread (arg=0x7f83fc8c7700) #22 0x00007f840bf9506d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831620 https://bugzilla.novell.com/show_bug.cgi?id=831620#c2 --- Comment #2 from Fuminobu Takeyama <ftake@geeko.jp> 2013-09-27 18:26:13 UTC --- problem with libXau? "___vsnprintf_chk (s=0x0 /*snip*/)" means "buf == 0". At least "bsize = 0;" is missing in AuFileName.c before "return NULL", and so buf might be NULL if malloc failed in previous time.
size = strlen (name) + strlen(&slashDotXauthority[1]) + 2; if (size > bsize) { buf = malloc (size); if (!buf) return NULL; /* snip */ }
Its code was also changed recently. - strcpy (buf, name); - strcat (buf, slashDotXauthority + (name[1] == '\0' ? 1 : 0)); + snprintf (buf, bsize, "%s%s", name, + slashDotXauthority + (name[1] == '\0' ? 1 : 0)); http://cgit.freedesktop.org/xorg/lib/libXau/commit/AuFileName.c?id=704beb717... According to the stack trace: slashDotXauthority = 0x7f8405c30cca "/.Xauthority" name = 0x7fffd72e8e4a "/home/mitsutoshi" bsize = 29 atexit_registered = 1 size = 29 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831620 https://bugzilla.novell.com/show_bug.cgi?id=831620#c3 Fuminobu Takeyama <ftake@geeko.jp> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Sound |X.Org AssignedTo|tiwai@suse.com |bnc-team-xorg-bugs@forge.pr | |ovo.novell.com Summary|/usr/lib64/mozc/mozc_render |mozc_renderer crashed only |er crashed only once with |once with Segmentation |Segmentation fault in |fault caused by XauFileName |___vsnprintf_chk (s=0x0, |that pulse audio calls |maxlen=<optimized out>, | |flags=1, | |slen=<optimized out>, | |format=0x7f8405c30cc5 | |"%s%s", | |args=args@entry=0x7f83fc8c5 | |f58) at vsnprintf_chk.c:55 | |. | QAContact|qa-bugs@suse.de |xorg-maintainer-bugs@forge. | |provo.novell.com --- Comment #3 from Fuminobu Takeyama <ftake@geeko.jp> 2013-09-29 13:50:46 UTC --- I reported to the upstream: https://bugs.freedesktop.org/show_bug.cgi?id=69929 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831620 https://bugzilla.novell.com/show_bug.cgi?id=831620#c4 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED AssignedTo|bnc-team-xorg-bugs@forge.pr |xorg-maintainer-bugs@forge. |ovo.novell.com |provo.novell.com --- Comment #4 from Stefan Dirsch <sndirsch@suse.com> 2013-09-30 10:21:30 UTC --- Thanks. Fixed via SR#201452 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831620 https://bugzilla.novell.com/show_bug.cgi?id=831620#c5 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #5 from Stefan Dirsch <sndirsch@suse.com> 2013-09-30 10:21:49 UTC --- Closing as such. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831620 https://bugzilla.novell.com/show_bug.cgi?id=831620#c6 --- Comment #6 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-09-30 13:00:22 CEST --- This is an autogenerated message for OBS integration: This bug (831620) was mentioned in https://build.opensuse.org/request/show/201452 Factory / libXau -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com