Menu

#338 rhythmbox crashed with SIGSEGV in free()

closed
Linus Walleij
None
5
2012-09-13
2010-05-05
quadrispro
No

Binary package hint: rhythmbox

Crashed when copying songs to Nokia 5800.

Description: Ubuntu lucid (development branch)
Release: 10.04

rhythmbox:
Installed: 0.12.8-0ubuntu2
Candidate: 0.12.8-0ubuntu2
Version table:
*** 0.12.8-0ubuntu2 0
500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages
100 /var/lib/dpkg/status

ProblemType: Crash
DistroRelease: Ubuntu 10.04
Package: rhythmbox 0.12.8-0ubuntu2
ProcVersionSignature: Ubuntu 2.6.32-21.31-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-21-generic i686
NonfreeKernelModules: nvidia
Architecture: i386
Date: Fri Apr 16 09:54:25 2010
ExecutablePath: /usr/bin/rhythmbox
ProcCmdline: /usr/bin/rhythmbox
ProcEnviron:
SHELL=/bin/bash
LANGUAGE=en_US:en
LANG=en_US.UTF-8
SegvAnalysis:
Segfault happened at: 0x376be81 <free+49>: mov 0x4(%edx),%eax
PC (0x0376be81) ok
source "0x4(%edx)" (0x00000020) not located in a known VMA region (needed readable region)!
destination "%eax" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: rhythmbox
StacktraceTop:
free () from /lib/tls/i686/cmov/libc.so.6
LIBMTP_destroy_album_t () from /usr/lib/libmtp.so.8
?? () from /lib/libglib-2.0.so.0
?? ()
?? ()
Title: rhythmbox crashed with SIGSEGV in free()
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

This bug was originally reported to Launchpad, you can find more useful information at the following URL:
https://bugs.launchpad.net/ubuntu/+source/libmtp/+bug/564455

Discussion

  • Linus Walleij

    Linus Walleij - 2010-05-22

    If you look at the code in libmtp you see:

    void LIBMTP_destroy_album_t(LIBMTP_album_t *album)
    {
    if (album == NULL) {
    return;
    }
    if (album->name != NULL)
    free(album->name);
    if (album->artist != NULL)
    free(album->artist);
    if (album->composer != NULL)
    free(album->composer);
    if (album->genre != NULL)
    free(album->genre);
    if (album->tracks != NULL)
    free(album->tracks);
    free(album);
    return;
    }

    The semantics is that all strings must be malloc()ed and
    owned by the struct, e.g. with strdup(). libmtp does nothing
    else, and has no chance of knowing if someone has assigned
    e.g. some const to one of these pointers.

    I suspect that rhythmbox is assigning const or internal allocations
    to one of these fields.

    The bug should go back to rhythmbox for now.

     

  • SourceForge Robot

    SourceForge Robot - 2010-06-06

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     

Anonymous
Anonymous

Add attachments
Cancel