[Tuxpaint-devel] Segfault in tuxpaint-config

[Pere P. i C. <pe...@fo...>]

Hi all!

Go to Data, check Use alternative data directori, click on Browse, click
on Cancel.

I get a segfault with current cvs, here is the output of valgrind.



pere@hola:~$ LC_ALL=C LANGUAGE=C valgrind --leak-check=full
tuxpaint-config
==32311== Memcheck, a memory error detector.
==32311== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et
al.
==32311== Using LibVEX rev 1732, a library for dynamic binary
translation.
==32311== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==32311== Using valgrind-3.2.3-Debian, a dynamic binary instrumentation
framework.
==32311== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et
al.
==32311== For more details, rerun with: -v
==32311== 
==32311== Conditional jump or move depends on uninitialised value(s)
==32311==    at 0x400A65C: (within /lib/ld-2.7.so)
==32311==    by 0x4003125: (within /lib/ld-2.7.so)
==32311==    by 0x40138EC: (within /lib/ld-2.7.so)
==32311==    by 0x4000C3D: (within /lib/ld-2.7.so)
==32311==    by 0x4000816: (within /lib/ld-2.7.so)
==32311== 
==32311== Conditional jump or move depends on uninitialised value(s)
==32311==    at 0x400A692: (within /lib/ld-2.7.so)
==32311==    by 0x4003125: (within /lib/ld-2.7.so)
==32311==    by 0x40138EC: (within /lib/ld-2.7.so)
==32311==    by 0x4000C3D: (within /lib/ld-2.7.so)
==32311==    by 0x4000816: (within /lib/ld-2.7.so)
==32311== 
==32311== Conditional jump or move depends on uninitialised value(s)
==32311==    at 0x400B19D: (within /lib/ld-2.7.so)
==32311==    by 0x4003125: (within /lib/ld-2.7.so)
==32311==    by 0x40138EC: (within /lib/ld-2.7.so)
==32311==    by 0x4000C3D: (within /lib/ld-2.7.so)
==32311==    by 0x4000816: (within /lib/ld-2.7.so)
==32311== 
==32311== Conditional jump or move depends on uninitialised value(s)
==32311==    at 0x400A542: (within /lib/ld-2.7.so)
==32311==    by 0x4003383: (within /lib/ld-2.7.so)
==32311==    by 0x40138EC: (within /lib/ld-2.7.so)
==32311==    by 0x4000C3D: (within /lib/ld-2.7.so)
==32311==    by 0x4000816: (within /lib/ld-2.7.so)
==32311== 
==32311== Conditional jump or move depends on uninitialised value(s)
==32311==    at 0x400A54A: (within /lib/ld-2.7.so)
==32311==    by 0x4003383: (within /lib/ld-2.7.so)
==32311==    by 0x40138EC: (within /lib/ld-2.7.so)
==32311==    by 0x4000C3D: (within /lib/ld-2.7.so)
==32311==    by 0x4000816: (within /lib/ld-2.7.so)
==32311== 
==32311== Conditional jump or move depends on uninitialised value(s)
==32311==    at 0x400A692: (within /lib/ld-2.7.so)
==32311==    by 0x4003383: (within /lib/ld-2.7.so)
==32311==    by 0x40138EC: (within /lib/ld-2.7.so)
==32311==    by 0x4000C3D: (within /lib/ld-2.7.so)
==32311==    by 0x4000816: (within /lib/ld-2.7.so)
==32311== 
==32311== Invalid read of size 4
==32311==    at 0x4015220: (within /lib/ld-2.7.so)
==32311==    by 0x4005C69: (within /lib/ld-2.7.so)
==32311==    by 0x4007A97: (within /lib/ld-2.7.so)
==32311==    by 0x4011543: (within /lib/ld-2.7.so)
==32311==    by 0x400D5D5: (within /lib/ld-2.7.so)
==32311==    by 0x4010F5D: (within /lib/ld-2.7.so)
==32311==    by 0x4547C1B: (within /lib/libdl-2.7.so)
==32311==    by 0x400D5D5: (within /lib/ld-2.7.so)
==32311==    by 0x45480CB: (within /lib/libdl-2.7.so)
==32311==    by 0x4547B4B: dlopen (in /lib/libdl-2.7.so)
==32311==    by 0x43A1B88: (within /usr/lib/libX11.so.6.2.0)
==32311==    by 0x43A204F: XCreateGlyphCursor
(in /usr/lib/libX11.so.6.2.0)
==32311==  Address 0x46E0A48 is 24 bytes inside a block of size 25
alloc'd
==32311==    at 0x4022765: malloc (vg_replace_malloc.c:149)
==32311==    by 0x4008031: (within /lib/ld-2.7.so)
==32311==    by 0x4011543: (within /lib/ld-2.7.so)
==32311==    by 0x400D5D5: (within /lib/ld-2.7.so)
==32311==    by 0x4010F5D: (within /lib/ld-2.7.so)
==32311==    by 0x4547C1B: (within /lib/libdl-2.7.so)
==32311==    by 0x400D5D5: (within /lib/ld-2.7.so)
==32311==    by 0x45480CB: (within /lib/libdl-2.7.so)
==32311==    by 0x4547B4B: dlopen (in /lib/libdl-2.7.so)
==32311==    by 0x43A1B88: (within /usr/lib/libX11.so.6.2.0)
==32311==    by 0x43A204F: XCreateGlyphCursor
(in /usr/lib/libX11.so.6.2.0)
==32311==    by 0x43A23EC: XCreateFontCursor
(in /usr/lib/libX11.so.6.2.0)
==32311== 
==32311== Conditional jump or move depends on uninitialised value(s)
==32311==    at 0x400A65C: (within /lib/ld-2.7.so)
==32311==    by 0x401167A: (within /lib/ld-2.7.so)
==32311==    by 0x400D5D5: (within /lib/ld-2.7.so)
==32311==    by 0x4010F5D: (within /lib/ld-2.7.so)
==32311==    by 0x4547C1B: (within /lib/libdl-2.7.so)
==32311==    by 0x400D5D5: (within /lib/ld-2.7.so)
==32311==    by 0x45480CB: (within /lib/libdl-2.7.so)
==32311==    by 0x4547B4B: dlopen (in /lib/libdl-2.7.so)
==32311==    by 0x43A1B88: (within /usr/lib/libX11.so.6.2.0)
==32311==    by 0x43A204F: XCreateGlyphCursor
(in /usr/lib/libX11.so.6.2.0)
==32311==    by 0x43A23EC: XCreateFontCursor
(in /usr/lib/libX11.so.6.2.0)
==32311==    by 0x40C31A7: Fl_Window::cursor(Fl_Cursor, Fl_Color,
Fl_Color) (in /usr/lib/libfltk.so.1.1)
==32311== 
==32311== Conditional jump or move depends on uninitialised value(s)
==32311==    at 0x400A692: (within /lib/ld-2.7.so)
==32311==    by 0x401167A: (within /lib/ld-2.7.so)
==32311==    by 0x400D5D5: (within /lib/ld-2.7.so)
==32311==    by 0x4010F5D: (within /lib/ld-2.7.so)
==32311==    by 0x4547C1B: (within /lib/libdl-2.7.so)
==32311==    by 0x400D5D5: (within /lib/ld-2.7.so)
==32311==    by 0x45480CB: (within /lib/libdl-2.7.so)
==32311==    by 0x4547B4B: dlopen (in /lib/libdl-2.7.so)
==32311==    by 0x43A1B88: (within /usr/lib/libX11.so.6.2.0)
==32311==    by 0x43A204F: XCreateGlyphCursor
(in /usr/lib/libX11.so.6.2.0)
==32311==    by 0x43A23EC: XCreateFontCursor
(in /usr/lib/libX11.so.6.2.0)
==32311==    by 0x40C31A7: Fl_Window::cursor(Fl_Cursor, Fl_Color,
Fl_Color) (in /usr/lib/libfltk.so.1.1)

####################################################################
Here I clicked on Browse->Cancel
####################################################################

==32311== 
==32311== Invalid read of size 1
==32311==    at 0x804A559: cb_BUTTON_browsealternatedatadir(Fl_Button*,
void*) (in /usr/local/bin/tuxpaint-config)
==32311==    by 0x40720C6: Fl_Widget::do_callback()
(in /usr/lib/libfltk.so.1.1)
==32311==    by 0x40727D7: Fl_Button::handle(int)
(in /usr/lib/libfltk.so.1.1)
==32311==    by 0x406AD27: (within /usr/lib/libfltk.so.1.1)
==32311==    by 0x406BF48: Fl::handle(int, Fl_Window*)
(in /usr/lib/libfltk.so.1.1)
==32311==    by 0x40BC9DB: fl_handle(_XEvent const&)
(in /usr/lib/libfltk.so.1.1)
==32311==    by 0x40BDCDD: (within /usr/lib/libfltk.so.1.1)
==32311==    by 0x40BE0A8: fl_wait(double) (in /usr/lib/libfltk.so.1.1)
==32311==    by 0x406CA37: Fl::wait(double) (in /usr/lib/libfltk.so.1.1)
==32311==    by 0x406CB93: Fl::run() (in /usr/lib/libfltk.so.1.1)
==32311==    by 0x8049D55: main (in /usr/local/bin/tuxpaint-config)
==32311==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==32311== 
==32311== Process terminating with default action of signal 11 (SIGSEGV)
==32311==  Access not within mapped region at address 0x0
==32311==    at 0x804A559: cb_BUTTON_browsealternatedatadir(Fl_Button*,
void*) (in /usr/local/bin/tuxpaint-config)
==32311==    by 0x40720C6: Fl_Widget::do_callback()
(in /usr/lib/libfltk.so.1.1)
==32311==    by 0x40727D7: Fl_Button::handle(int)
(in /usr/lib/libfltk.so.1.1)
==32311==    by 0x406AD27: (within /usr/lib/libfltk.so.1.1)
==32311==    by 0x406BF48: Fl::handle(int, Fl_Window*)
(in /usr/lib/libfltk.so.1.1)
==32311==    by 0x40BC9DB: fl_handle(_XEvent const&)
(in /usr/lib/libfltk.so.1.1)
==32311==    by 0x40BDCDD: (within /usr/lib/libfltk.so.1.1)
==32311==    by 0x40BE0A8: fl_wait(double) (in /usr/lib/libfltk.so.1.1)
==32311==    by 0x406CA37: Fl::wait(double) (in /usr/lib/libfltk.so.1.1)
==32311==    by 0x406CB93: Fl::run() (in /usr/lib/libfltk.so.1.1)
==32311==    by 0x8049D55: main (in /usr/local/bin/tuxpaint-config)
==32311== 
==32311== ERROR SUMMARY: 57 errors from 10 contexts (suppressed: 0 from
0)
==32311== malloc/free: in use at exit: 217,635 bytes in 3,700 blocks.
==32311== malloc/free: 19,172 allocs, 15,472 frees, 1,895,463 bytes
allocated.
==32311== For counts of detected errors, rerun with: -v
==32311== searching for pointers to 3,700 not-freed blocks.
==32311== checked 472,428 bytes.
==32311== 
==32311== 
==32311== 47 bytes in 3 blocks are definitely lost in loss record 52 of
303
==32311==    at 0x4022765: malloc (vg_replace_malloc.c:149)
==32311==    by 0x4375267: FcStrCopy
(in /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x4378714: (within /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x4507395: (within /usr/lib/libexpat.so.1.0.0)
==32311==    by 0x450801C: (within /usr/lib/libexpat.so.1.0.0)
==32311==    by 0x450901D: (within /usr/lib/libexpat.so.1.0.0)
==32311==    by 0x4509F64: (within /usr/lib/libexpat.so.1.0.0)
==32311==    by 0x450174A: XML_ParseBuffer
(in /usr/lib/libexpat.so.1.0.0)
==32311==    by 0x4377895: FcConfigParseAndLoad
(in /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x4377B86: FcConfigParseAndLoad
(in /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x4377C87: (within /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x4377F46: (within /usr/lib/libfontconfig.so.1.2.0)
==32311== 
==32311== 
==32311== 692 (512 direct, 180 indirect) bytes in 4 blocks are
definitely lost in loss record 260 of 303
==32311==    at 0x4022765: malloc (vg_replace_malloc.c:149)
==32311==    by 0x4372BF0: (within /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x43734CC: (within /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x43735DE: (within /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x43783F2: (within /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x4507395: (within /usr/lib/libexpat.so.1.0.0)
==32311==    by 0x450801C: (within /usr/lib/libexpat.so.1.0.0)
==32311==    by 0x450901D: (within /usr/lib/libexpat.so.1.0.0)
==32311==    by 0x4509F64: (within /usr/lib/libexpat.so.1.0.0)
==32311==    by 0x450174A: XML_ParseBuffer
(in /usr/lib/libexpat.so.1.0.0)
==32311==    by 0x4377895: FcConfigParseAndLoad
(in /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x4377B86: FcConfigParseAndLoad
(in /usr/lib/libfontconfig.so.1.2.0)
==32311== 
==32311== 
==32311== 5,560 (1,920 direct, 3,640 indirect) bytes in 5 blocks are
definitely lost in loss record 290 of 303
==32311==    at 0x4022862: realloc (vg_replace_malloc.c:306)
==32311==    by 0x4372B73: (within /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x43734CC: (within /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x4373ADB: (within /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x4370265: FcFontRenderPrepare
(in /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x4370487: FcFontSetMatch
(in /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x4370699: FcFontMatch
(in /usr/lib/libfontconfig.so.1.2.0)
==32311==    by 0x435481D: XftFontMatch (in /usr/lib/libXft.so.2.1.2)
==32311==    by 0x40C8981: (within /usr/lib/libfltk.so.1.1)
==32311==    by 0x40C8AC1: Fl_FontSize::Fl_FontSize(char const*)
(in /usr/lib/libfltk.so.1.1)
==32311==    by 0x40C8C44: fl_font(int, int)
(in /usr/lib/libfltk.so.1.1)
==32311==    by 0x40AC5DA: Fl_Text_Display::measure_vline(int)
(in /usr/lib/libfltk.so.1.1)
==32311== 
==32311== LEAK SUMMARY:
==32311==    definitely lost: 2,479 bytes in 12 blocks.
==32311==    indirectly lost: 3,820 bytes in 189 blocks.
==32311==      possibly lost: 0 bytes in 0 blocks.
==32311==    still reachable: 211,336 bytes in 3,499 blocks.
==32311==         suppressed: 0 bytes in 0 blocks.
==32311== Reachable blocks (those to which a pointer was found) are not
shown.
==32311== To see them, rerun with: --leak-check=full
--show-reachable=yes
Violació de segment