#94 Crash caused by empty track name(?)

closed-fixed
nobody
Interface (19)
5
2013-04-20
2013-03-17
No

Steps to reproduce:
0. Open gpx with several tracks
1. Click twice on track name -> rename mode
2. Press delete, enter -> name is empty now
3. Click on empty track name -> rename mode again
4. Click on other track (e.g. below)

Actual results:
core dump

Expected results:
no crash, kept the empty name

Version: viking-1.4-1.fc18.x86_64

Additional information:
bt from gdb:
Program received signal SIGSEGV, Segmentation fault.
__strcmp_ssse3 () at ../sysdeps/x86_64/strcmp.S:213
213 movlpd (%rsi), %xmm2
(gdb) bt
#0 __strcmp_ssse3 () at ../sysdeps/x86_64/strcmp.S:213
#1 0x0000000000425dc3 in trw_layer_sublayer_rename_request (l=0xc2a020 [VikTrwLayer], newname=0xaee8c0 "", vlp=0xa699a0, subtype=<optimized out>, sublayer=<optimized out>, iter=0x7fffffffc920) at viktrwlayer.c:5918
#2 0x000000000042ddba in layers_item_edited (vlp=0xa699a0 [VikLayersPanel], iter=0x7fffffffc920, new_text=0xaee8c0 "") at viklayerspanel.c:287
#3 0x0000003b0460f910 in g_closure_invoke (closure=0xa8b5c0, return_value=return_value@entry=0x0, n_param_values=3, param_values=param_values@entry=0x7fffffffc5d0, invocation_hint=invocation_hint@entry=0x7fffffffc570) at gclosure.c:777
#4 0x0000003b04620d08 in signal_emit_unlocked_R (node=node@entry=0xa80870, detail=detail@entry=0, instance=instance@entry=0xa86010, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=
0x7fffffffc5d0) at gsignal.c:3551
#5 0x0000003b04628c8d in g_signal_emit_valist (instance=0xa86010, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fffffffc848) at gsignal.c:3300
#6 0x0000003b04628de2 in g_signal_emit (instance=<optimized out>, signal_id=signal_id@entry=162, detail=detail@entry=0) at gsignal.c:3356
#7 0x000000000041605e in vik_treeview_edited_cb (cell=<optimized out>, path_str=<optimized out>, new_name=0xaee8c0 "", vt=0xa86010 [VikTreeview]) at viktreeview.c:107
#8 0x0000003b0460f910 in g_closure_invoke (closure=0xa81be0, return_value=return_value@entry=0x0, n_param_values=3, param_values=param_values@entry=0x7fffffffcb30, invocation_hint=invocation_hint@entry=0x7fffffffcad0) at gclosure.c:777
#9 0x0000003b04620d08 in signal_emit_unlocked_R (node=node@entry=0x997880, detail=detail@entry=0, instance=instance@entry=0xa5f980, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=
0x7fffffffcb30) at gsignal.c:3551
#10 0x0000003b04628c8d in g_signal_emit_valist (instance=0xa5f980, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fffffffcda8) at gsignal.c:3300
#11 0x0000003b04628de2 in g_signal_emit (instance=instance@entry=0xa5f980, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3356
#12 0x00000037178a2b77 in gtk_cell_renderer_text_editing_done (entry=0x120b2b0, data=0xa5f980) at gtkcellrenderertext.c:1740
#13 0x0000003b0460f910 in g_closure_invoke (closure=0x12393c0, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7fffffffd080, invocation_hint=invocation_hint@entry=0x7fffffffd020)
at gclosure.c:777
#14 0x0000003b04620d08 in signal_emit_unlocked_R (node=node@entry=0x11c1fd0, detail=detail@entry=0, instance=instance@entry=0x120b2b0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=
0x7fffffffd080) at gsignal.c:3551
#15 0x0000003b04628c8d in g_signal_emit_valist (instance=instance@entry=0x120b2b0, signal_id=signal_id@entry=261, detail=detail@entry=0, var_args=var_args@entry=0x7fffffffd318) at gsignal.c:3300
#16 0x0000003b046292f0 in g_signal_emit_by_name (instance=0x120b2b0, detailed_signal=detailed_signal@entry=0x3717b13cd4 "editing-done") at gsignal.c:3393
#17 0x00000037178994ca in IA__gtk_cell_editable_editing_done (cell_editable=<optimized out>) at gtkcelleditable.c:124
#18 0x0000003717a53611 in gtk_tree_view_stop_editing (tree_view=tree_view@entry=0xa86010 [VikTreeview], cancel_editing=cancel_editing@entry=0) at gtktreeview.c:14926
#19 0x0000003717a65ed2 in gtk_tree_view_button_press (widget=widget@entry=0xa86010 [VikTreeview], event=0xc28d80) at gtktreeview.c:2564
#20 0x000000371794dfac in _gtk_marshal_BOOLEAN__BOXED (closure=0x9847f0, return_value=0x7fffffffd6c0, n_param_values=<optimized out>, param_values=0x7fffffffd770, invocation_hint=<optimized out>, marshal_data=<optimized out>)
at gtkmarshalers.c:86
#21 0x0000003b0460f910 in g_closure_invoke (closure=closure@entry=0x9847f0, return_value=return_value@entry=0x7fffffffd6c0, n_param_values=2, param_values=param_values@entry=0x7fffffffd770, invocation_hint=invocation_hint@entry=
0x7fffffffd710) at gclosure.c:777
#22 0x0000003b04620a80 in signal_emit_unlocked_R (node=node@entry=0x984840, detail=detail@entry=0, instance=instance@entry=0xa86010, emission_return=emission_return@entry=0x7fffffffd840, instance_and_params=instance_and_params@entry=
0x7fffffffd770) at gsignal.c:3589
#23 0x0000003b046288c7 in g_signal_emit_valist (instance=0xa86010, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fffffffd9c8) at gsignal.c:3310
#24 0x0000003b04628de2 in g_signal_emit (instance=instance@entry=0xa86010, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3356
#25 0x0000003717a81b5e in gtk_widget_event_internal (widget=widget@entry=0xa86010 [VikTreeview], event=event@entry=0xc28d80) at gtkwidget.c:5017
#26 0x0000003717a81ed9 in IA__gtk_widget_event (widget=widget@entry=0xa86010 [VikTreeview], event=event@entry=0xc28d80) at gtkwidget.c:4814
#27 0x000000371794bd34 in IA__gtk_propagate_event (widget=0xa86010 [VikTreeview], event=0xc28d80) at gtkmain.c:2490
#28 0x000000371794c0b3 in IA__gtk_main_do_event (event=0xc28d80) at gtkmain.c:1685
#29 0x0000003fed461f0c in gdk_event_dispatch (source=source@entry=0x9663a0, callback=<optimized out>, user_data=<optimized out>) at gdkevents-x11.c:2403
#30 0x0000003b03e47a55 in g_main_dispatch (context=0x966490) at gmain.c:2715
#31 g_main_context_dispatch (context=context@entry=0x966490) at gmain.c:3219
#32 0x0000003b03e47d88 in g_main_context_iterate (context=0x966490, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3290
#33 0x0000003b03e48182 in g_main_loop_run (loop=0xc04a80) at gmain.c:3484
#34 0x000000371794b077 in IA__gtk_main () at gtkmain.c:1257
#35 0x0000000000411b0d in main (argc=2, argv=0x7fffffffddf8) at main.c:207

Discussion

  • Rob Norris

    Rob Norris - 2013-03-17
    • status: open --> open-accepted
     
  • Rob Norris

    Rob Norris - 2013-03-17

    Thanks for the detailed report.

    There are two issues here:

    1. Stupid strcmp() segfaults when passed in NULL.
    Unfortunately the internal track name converts a blank name "" into a null.
    Thus on the second rename it tries to compare the old name with the new name.
    Since the old name is NULL it crashes.

    2. Doesn't make much sense to allow blank names anyway.

    The master code base will be fixed very soon.

     
  • Rob Norris

    Rob Norris - 2013-03-18
    • status: open-accepted --> pending-fixed
     
  • Rob Norris

    Rob Norris - 2013-03-18

    Fixed applied to git master code

     
  • Lukas Zachar

    Lukas Zachar - 2013-03-18

    Thank you for the fix.
    I compiled the master and tried it -> it is no longer possible to create empty name and I didn't manage to crash the program :)

     
  • Lukas Zachar

    Lukas Zachar - 2013-03-18
    • status: pending-fixed --> open-fixed
     
  • Rob Norris

    Rob Norris - 2013-04-20
    • status: open-fixed --> closed-fixed
     
  • Rob Norris

    Rob Norris - 2013-04-20

    Included in Viking 1.4.1

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks