[Bug 223606] New: LSB: test involving GtkTreeView crashes on memory corruption
https://bugzilla.novell.com/show_bug.cgi?id=223606 Summary: LSB: test involving GtkTreeView crashes on memory corruption Product: openSUSE 10.2 Version: RC 1 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: jdluhos@novell.com QAContact: qa@suse.de When running the LSB Gtk test suite, the test run crashed with the following error written on the console: (.:23407): Gtk-WARNING **: gtktreemodel.c:440: Invalid path 0:NULL:0 passed to gtk_tree_path_new_from_string . (.:23407): Gtk-WARNING **: gtktreemodel.c:440: Invalid path 0:q:0 passed to gtk_tree_path_new_from_string * (.:23407): Gtk-WARNING **: gtktreemodel.c:429: Negative numbers in path -5:-5:-5 passed to gtk_tree_path_new_from_string . (.:23407): Gtk-WARNING **: gtktreemodel.c:440: Invalid path 5.5.5 passed to gtk_tree_path_new_from_string . (.:23407): Gtk-WARNING **: gtktreemodel.c:440: Invalid path Text passed to gtk_tree_path_new_from_string . (.:23407): Gtk-WARNING **: gtktreemodel.c:440: Invalid path \u0008 passed to gtk_tree_path_new_from_string . (.:23407): Gtk-CRITICAL **: gtk_tree_path_new_from_string: assertion `*path != '\000'' failed % (.:23407): Gtk-WARNING **: gtktreemodel.c:440: Invalid path passed to gtk_tree_path_new_from_string . (.:23407): Gtk-WARNING **: gtktreemodel.c:440: Invalid path passed to gtk_tree_path_new_from_string . (.:23407): Gtk-CRITICAL **: gtk_tree_path_new_from_string: assertion `path != NULL' failed . (.:23407): Gtk-WARNING **: gtktreemodel.c:440: Invalid path G_MAXINT:G_MAXINT:G_MAXINT passed to gtk_tree_path_new_from_st ring #...*** glibc detected *** /opt/lsb/test/desktop/gtkvts/tet_tmp_dir/23204aa/tests/functions/GtkTreeModel/GtkTreeModel: fr ee(): invalid next size (fast): 0x0000000000556340 *** ======= Backtrace: ========= /lib64/libc.so.6[0x2b7e5b46e8fe] /lib64/libc.so.6(cfree+0x76)[0x2b7e5b46ff36] /opt/lsb/test/desktop/gtkvts/tet_tmp_dir/23204aa/tests/functions/GtkTreeModel/GtkTreeModel[0x406adc] /opt/lsb/test/desktop/gtkvts/tet_tmp_dir/23204aa/tests/functions/GtkTreeModel/GtkTreeModel(tet_invoketp+0x21)[0x424063] /opt/lsb/test/desktop/gtkvts/tet_tmp_dir/23204aa/tests/functions/GtkTreeModel/GtkTreeModel[0x4207d9] /opt/lsb/test/desktop/gtkvts/tet_tmp_dir/23204aa/tests/functions/GtkTreeModel/GtkTreeModel[0x4205c3] /opt/lsb/test/desktop/gtkvts/tet_tmp_dir/23204aa/tests/functions/GtkTreeModel/GtkTreeModel(tet_tcm_main+0x23c)[0x4204fc] /opt/lsb/test/desktop/gtkvts/tet_tmp_dir/23204aa/tests/functions/GtkTreeModel/GtkTreeModel(main+0x9)[0x422069] /lib64/libc.so.6(__libc_start_main+0xf4)[0x2b7e5b41fae4] /opt/lsb/test/desktop/gtkvts/tet_tmp_dir/23204aa/tests/functions/GtkTreeModel/GtkTreeModel[0x40541a] ======= Memory map: ======== 00400000-0042e000 r-xp 00000000 08:07 1345626 /opt/lsb/test/desktop/gtkvts/tet_tmp_dir/23204aa/ tests/functions/GtkTreeModel/GtkTreeModel 0052d000-00531000 rw-p 0002d000 08:07 1345626 /opt/lsb/test/desktop/gtkvts/tet_tmp_dir/23204aa/ tests/functions/GtkTreeModel/GtkTreeModel . . . etc. I am not sure if there is any info possible to deduce from this error message per se, but I'm trying to provide a test case. Anyway, it seems that there is a crashing bug somewhere in the GtkTreeModel :-( -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=223606 ------- Comment #1 from jdluhos@novell.com 2006-11-24 07:33 MST ------- For the record: the crashing test is GtkTreeModel.23. I will try to extract a test case from it. It does something like this (excerpt from the test code): --------------------------------------------------------------------- static void test_purpose_23() { #define N 117 GtkWidget* widget; GtkTreeViewColumn* new_column; GtkTreeViewColumn* column; gint i; gint n; bug_inf = NULL; test_passed_flag = 1; all_test_purp_num++; fprintf (stderr, mark_symbol (all_test_purp_num)); tet_printf("test case: %s, TP number: %d ", tet_pname, tet_thistest); widget = gtk_tree_view_new (); if (!widget) { TEST_FAIL (get_not_created_msg (), NULL); return; } if (!GTK_IS_TREE_VIEW (widget)) { TEST_FAIL (get_wrong_type_msg (), NULL); return; } for (i = 0; i < N; i++) { new_column = gtk_tree_view_column_new (); gtk_tree_view_column_set_min_width (new_column, 4917); n= gtk_tree_view_append_column (GTK_TREE_VIEW (widget), new_column); } column = gtk_tree_view_get_column (GTK_TREE_VIEW (widget), N-1); if (gtk_tree_view_column_get_min_width (column) != 4917) { TEST_FAIL("The column at the %i position differs from that was appended. Min width of this column = %i", N, gtk_tree_view_column_get_min_width (column)); } if (n != N) { TEST_FAIL("gtk_tree_view_append_column () return %i, should be %i.", n, N); } /******* VISUALISATION *******/ TEST_VISUALIZE (widget); /******* ------------- *******/ gtk_widget_destroy (gtk_widget_get_toplevel (widget)); #undef N test_passed (); double_bug = 0; } --------------------------------------------------------------------------- -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=223606 ------- Comment #2 from jdluhos@novell.com 2006-11-24 08:01 MST ------- Created an attachment (id=106862) --> (https://bugzilla.novell.com/attachment.cgi?id=106862&action=view) A test case. This is a test case extracted from the appropriate LSB test; it crashes in the same way as the test on SL10.2 RC1 x86_64. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=223606 jpr@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |federico@ximian.com ------- Comment #3 from jpr@novell.com 2006-12-15 06:53 MST ------- This particular case appears to crash because of the size of the ints in the indices. They take 10 chars to represent but gtk_tree_path_to_string only allocates for 8 chars per indice which has to include the ':' char as well as the trailing NULL. The indices values are equal to G_MAXINT though, so I think this is a gtk bug. The allocation in gtk_tree_path_to_string probably needs to be: g_new0 (gchar, path->depth * 11); The first indice doesn't include a ':' so it can account for the trailling NULL. Federico, sound right? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=223606 federico@ximian.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |federico@ximian.com Status|NEEDINFO |ASSIGNED Info Provider|federico@ximian.com | ------- Comment #4 from federico@ximian.com 2006-12-15 13:24 MST ------- This is correct; it's not allocating enough space. It would be nice to make gtk_tree_path_new_from_string() more paranoid as well; it uses a simple strtol() but: 1. It assigns the return value to an int, not a long. 2. It doesn't check for LONG_MIN or LONG_MAX and an errno of ERANGE. 3. After the check for longs, doesn't check for values larger than INT_MAX (tree paths use ints, not longs). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=223606 ------- Comment #5 from jdluhos@novell.com 2006-12-18 03:09 MST ------- So, if I understand correctly, it is more or less a Gtk bug? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=223606 ------- Comment #6 from federico@ximian.com 2006-12-18 09:49 MST ------- Yes, it's a GTK+ bug. I can take care of it later. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=223606 jpr@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team- |federico@novell.com |gnome@forge.provo.novell.com| Status|ASSIGNED |NEW -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=223606#c7 Federico Mena Quintero <federico@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |http://bugzilla.gnome.org/show_bug.cgi?id=491752 --- Comment #7 from Federico Mena Quintero <federico@novell.com> 2007-10-30 08:42:56 MST --- Filed upstream as http://bugzilla.gnome.org/show_bug.cgi?id=491752 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=223606#c8 Federico Mena Quintero <federico@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Component|GNOME |GNOME - Platform Keywords| |should_go_upstream OS/Version|Other |openSUSE 10.2 Product|openSUSE 10.2 |openSUSE 10.3 Resolution| |LATER Version|RC 1 |Final --- Comment #8 from Federico Mena Quintero <federico@novell.com> 2007-11-14 09:24:44 MST --- Moving to LATER; let upstream take care of this. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=223606 User gekker@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=223606#c9 Gary Ekker <gekker@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|GNOME - Platform |GNOME --- Comment #9 from Gary Ekker <gekker@novell.com> 2008-03-26 12:08:08 MST --- Changing to component GNOME. Sorry for the spam. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=223606 User jpr@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=223606#c10 JP Rosevear <jpr@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|LATER | --- Comment #10 from JP Rosevear <jpr@novell.com> 2008-08-13 13:36:46 MDT --- Re-opening to mark as upstream -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=223606 User federico@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=223606#c11 Federico Mena Quintero <federico@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |UPSTREAM --- Comment #11 from Federico Mena Quintero <federico@novell.com> 2008-08-18 10:14:28 MDT --- Closing as UPSTREAM. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com