libc6 crash on certain UTF8 encoded filename

Versions of glib and libc:

tuppa@archammer:~$ dpkg -l libglib2.0-0 libc6
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii libc6 2.3.6-0ubuntu4 GNU C Library: Shared libraries and Timezone
ii libglib2.0-0 2.9.2-0ubuntu1 The GLib library of C routines

I don't have this problem with a directory and a file named in Korean, tested both bmp and nautilus.

beep-media-pla 0.9.7.1+cvs20050803-1ubuntu2
nautilus 2.13.3-0ubuntu5
libgtk2.0-0 2.8.10-1ubuntu1
libgnomeui-0 2.13.0-0ubuntu1
libgnomevfs2-0 2.13.3cvs20060111-0ubuntu1

What is your locale?

Traditional Chinese (UTF8) (set in gdm)

BTW, easytag has a similar bug as well. I've pasted a backtrace from gdb.

I've also done a regen of locales, but still no joy.

Program received signal SIGSEGV, Segmentation fault.
0xb76157df in wcscoll_l () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0 0xb76157df in wcscoll_l () from /lib/tls/i686/cmov/libc.so.6
#1 0xb7614d61 in wcscoll () from /lib/tls/i686/cmov/libc.so.6
#2 0xb78d3496 in g_utf8_collate () from /usr/lib/libglib-2.0.so.0
#3 0x0807befb in ?? ()
#4 0x0843ac48 in ?? ()
#5 0x0819a868 in ?? ()
#6 0xbff86308 in ?? ()
#7 0xb78b70e4 in g_free () from /usr/lib/libglib-2.0.so.0
#8 0x0807c8ac in ?? ()
#9 0x0843ce70 in ?? ()
#10 0x0843a928 in ?? ()
#11 0xbff86338 in ?? ()
#12 0x0843a928 in ?? ()
#13 0x08444ee0 in ?? ()
#14 0x0843dd78 in ?? ()
#15 0xbff86378 in ?? ()
#16 0x0807f9c1 in ?? ()
#17 0x08444ee0 in ?? ()
#18 0x0843dd78 in ?? ()
#19 0x0843a928 in ?? ()
#20 0xbff86368 in ?? ()
#21 0x080bcea0 in _IO_stdin_used ()
#22 0x0843cdd0 in ?? ()
#23 0x0843ce70 in ?? ()
#24 0x08435578 in ?? ()
#25 0x00000001 in ?? ()
#26 0x00000003 in ?? ()
#27 0x08435050 in ?? ()
#28 0x0843dd60 in ?? ()
#29 0x08435050 in ?? ()
#30 0x08435210 in ?? ()
#31 0xbff863e8 in ?? ()
#32 0x08071958 in ?? ()
#33 0x08435210 in ?? ()
#34 0x00000000 in ?? ()

Oops, I lied.

tuppa@archammer:~$ export|grep -i utf
declare -x GDM_LANG="en_AU.UTF-8"
declare -x LANG="en_AU.UTF-8"
declare -x LANGUAGE="en_AU.UTF-8"

Ok, did more poking around, it seems that the problem is not in glib, but in libc6.

As I went into the directory in question in bash, ls did not seem to have the problem. But once I attempt to use command line completion on one particular directory with an UTF8 encoded name, blammo.

The following is a backtrace from bash (using libc6-dbg):

Program received signal SIGSEGV, Segmentation fault.
0xb7e0383f in *__GI___strcoll_l (s1=0x1 <Address 0x1 out of bounds>,
    s2=0x81b7d68 "LOVE 05 \uffff\203\205\uffff\uffff\214\uffff\233\206", l=0x2e35cc)
    at strcoll_l.c:412
412 strcoll_l.c: No such file or directory.
        in strcoll_l.c
(gdb) bt
#0 0xb7e0383f in *__GI___strcoll_l (s1=0x1 <Address 0x1 out of bounds>,
    s2=0x81b7d68 "LOVE 05 \uffff\203\205\uffff\uffff\214\uffff\233\206", l=0x2e35cc)
    at strcoll_l.c:412
#1 0xb7dffeb6 in *__GI_strcoll (s1=0x2e35cc <Address 0x2e35cc out of bounds>,
    s2=0x2e35cc <Address 0x2e35cc out of bounds>) at strcoll.c:37
#2 0xb7dc3ab3 in msort_with_tmp (b=0x819e3cc, n=2, s=4,
    cmp=0x80c10f1 <_rl_qsort_string_compare>, t=0xbfe241b0 "4") at msort.c:56
#3 0xb7dc3c4c in *__GI_qsort (b=0x819e3cc, n=2, s=4,
    cmp=0x80c10f1 <_rl_qsort_string_compare>) at msort.c:102
#4 0x080b8ca0 in rl_filename_completion_function ()
#5 0x080b91ec in rl_complete_internal ()
#6 0x080b2fe2 in _rl_dispatch_subseq ()
#7 0x080b332e in _rl_dispatch ()
#8 0x080b33c6 in readline_internal_char ()
#9 0x080b350a in readline ()
#10 0x0805eae4 in yy_input_name ()
#11 0x08060cc1 in execute_prompt_command ()
#12 0x08061e01 in execute_prompt_command ()
#13 0x08064c92 in yyparse ()
#14 0x0805e564 in parse_command ()
#15 0x0805e602 in read_command ()
#16 0x0805e77f in reader_loop ()
#17 0x0805e314 in main ()

More of an administrative question, how do I reassign the source package of an existing bug?

Thanks for tracking that. We have some crashes with a such backtrace and I was suspecting glib or the libc. Could you provide an example to get that crash? Maybe a tar of a the directory with the issue or just the specific filename doing that? To reassign a package click on the line about the bug in the table of the top of the page, you get the settings page where you can change the source package

The filename in question is "LOVE 05 \uffff\203\205\uffff\uffff\214\uffff\233\206", as shown in the backtrace of bash.

I was able to reproduce the bug in beep-media-player by entering the directory with that filename inside the directory inside a GTK2 file dialog box. In the case of nautilus, simply entering that directory with the filename in question inside would be sufficient to crash nautilus.

With bash, if I attempt to do a command line completion on the filename e.g. typing "LOVE<tab>" would crash bash. Interesting thing is that ls is able to list the contents of the directory fine.

An ls of the directory in question:

tuppa@archammer:/opt/mp3/cantonese$ ls
LOVE 05 情歌集

Tested with the directory name, yes both bmp and nautilus crashed from second execution of them. (copied & pasted the name above)

One strange thing is that just after creation of the directory name both program were OK so took a screenshot as attached.

atie@matrix:~$ export|grep -i utf
declare -x LANG="en_US.UTF-8"

Crash easy to reproduce with that folder name, thank you

maybe same with #28669
https://launchpad.net/distros/ubuntu/+source/langpack-locales/+bug/28669

For the Chinese nick issue on https://launchpad.net/distros/ubuntu/+source/gaim/+bug/28734, workaround was LC_COLLATE="ko_KR.UTF-8" under en_US.UTF-8 locale.

I'm seeing this in Evolution when it starts in my Spam folder, export LC_COLLATE=C fixed it.

Bug in libc6, fixed upstream.

2.3.6-0ubuntu5