Ubuntu
maximus package

maximus crashed with SIGSEGV in free()

Bug #433710 reported by datakid
100
This bug affects 20 people
Affects Status Importance Assigned to Milestone
Maximus
Fix Released
Critical
Neil J. Patel
Maximus ubuntu-9.10
maximus (Ubuntu)
Fix Released
Medium
Unassigned
Karmic
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: maximus

I was reading a pdf in evince.

ProblemType: Crash
Architecture: i386
Date: Mon Sep 21 09:12:45 2009
DistroRelease: Ubuntu 9.10
ExecutablePath: /usr/bin/maximus
Package: maximus 0.4.11-0ubuntu1
ProcCmdline: maximus
ProcEnviron:
 LANG=en_AU.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-10.34-generic
SegvAnalysis:
 Segfault happened at: 0x375f78d <free+93>: cmpxchg %ecx,(%esi)
 PC (0x0375f78d) ok
 source "%ecx" ok
 destination "(%esi)" (0x118ae800) not located in a known VMA region (needed writable region)!
SegvReason: writing unknown VMA
Signal: 11
SourcePackage: maximus
StacktraceTop:
 free () from /lib/tls/i686/cmov/libc.so.6
 XFree () from /usr/lib/libX11.so.6
 ?? ()
 g_cclosure_marshal_VOID__OBJECT ()
 g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
Tags: ubuntu-unr
Title: maximus crashed with SIGSEGV in free()
Uname: Linux 2.6.31-10-generic i686
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Related branches

lp:ubuntu/karmic/maximus
Revision history for this message
datakid (datakid) wrote :
summary: - similar to 347382?
+ maximus crashed with SIGSEGV in free() (again!)
Revision history for this message
datakid (datakid) wrote :

happened to me twice in 10 minutes. Opening pdf in evince after clicking a .pdf link in firefox.

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt (retraced)

StacktraceTop:*__GI___libc_free (mem=0x49dbb3) at malloc.c:3714
XFree (data=0x49dbb3) at ../../src/XlibInt.c:3042
on_window_opened (screen=0x95e1c18, window=0x95fc8a8,
IA__g_cclosure_marshal_VOID__OBJECT (closure=0x9570098,
IA__g_closure_invoke (closure=0x9570098, return_value=0x0,

Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt (retraced)
Changed in maximus (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Paul Larson (pwlars)
visibility: private → public
summary: - maximus crashed with SIGSEGV in free() (again!)
+ maximus crashed with SIGSEGV in free()
Changed in maximus (Ubuntu):
status: New → Triaged
Neil J. Patel (njpatel)
Changed in maximus:
status: New → Triaged
assignee: nobody → Jason Smith (jassmith)
Revision history for this message
Vipo (vitus-piroutz-gmail) wrote :

crashed after closing openoffice writer

Revision history for this message
Neil J. Patel (njpatel) wrote :

In two locations, we were sending pointers references to XGetProperty without initially setting the pointers to NULL. This means that, if XGetProperty fails, those pointers could still be referencing a random area of memory, and at the end of the function, we would try and XFree them, which would cause Maximus to crash.

In trunk, I've fixed this and will make a release shortly.

Changed in maximus:
assignee: Jason Smith (jassmith) → Neil J. Patel (njpatel)
importance: Undecided → Critical
milestone: none → ubuntu-9.10
status: Triaged → Fix Committed
Neil J. Patel (njpatel)
Changed in maximus:
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package maximus - 0.4.14-0ubuntu1

---------------
maximus (0.4.14-0ubuntu1) karmic; urgency=low

  * New upstream release; fixes segfaults on free(), LP: #433710, and
    g_closure_invoke(), LP: #351527.

 -- Loic Minier <email address hidden> Fri, 02 Oct 2009 22:27:47 +0200

Changed in maximus (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.