Ubuntu
wv package

wvWare crashed with SIGSEGV in wvAssembleSimplePAP()

Bug #123913 reported by anish
74
This bug affects 7 people
Affects Status Importance Assigned to Milestone
wv (Ubuntu)
Invalid
Medium
Unassigned

Bug Description

Binary package hint: wv

I just found a crash report on logging in to gnome. Sorry I have no other information

ProblemType: Crash
Architecture: i386
Date: Thu Jun 28 15:28:19 2007
DistroRelease: Ubuntu 7.10
ExecutablePath: /usr/bin/wvWare
Package: wv 1.2.4-2
PackageArchitecture: i386
ProcCmdline: /usr/bin/wvWare --nographics /tmp/strigin8Ouat
ProcCwd: /home/anish
ProcEnviron:
 SHELL=/bin/bash
 PATH=/home/anish/bin:/usr/lib/kde4/bin/:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
 LANG=en_US.UTF-8
 LANGUAGE=en
Signal: 11
SourcePackage: wv
StacktraceTop:
 wvAssembleSimplePAP () from /usr/lib/libwv-1.2.so.3
 wvDecodeSimple () from /usr/lib/libwv-1.2.so.3
 wvHtml () from /usr/lib/libwv-1.2.so.3
 ?? ()
 ?? ()
Title: wvWare crashed with SIGSEGV in wvAssembleSimplePAP()
Uname: Linux ant 2.6.22-7-generic #1 SMP Mon Jun 25 17:33:14 GMT 2007 i686 GNU/Linux
UserGroups: admin audio avahi backup cdrom crontab dirmngr disk floppy fuse gdm haldaemon lp lpadmin netdev nvram plugdev powerdev root scanner shadow slocate staff sudo syslog tape users video voice www-data
SegvAnalysis:
 Segfault happened at: 0xb7ecbf72 <wvAssembleSimplePAP+1698>: movzwl (%eax),%ecx
 PC (0xb7ecbf72) ok
 source "(%eax)" (0x74786574) not located in a known VMA region (needed readable region)!
 destination "%ecx" ok
SegvReason: reading unknown VMA

See original description
Tags: apport-crash
Revision history for this message
anish (anishmuttreja) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Symbolic stack trace

StacktraceTop:wvAssembleSimplePAP (ver=WORD8, apap=0xbfc6660c, fc=3024, fkp=0xbfc64794, ps=0xbfc65f30) at pap.c:523
wvDecodeSimple (ps=0xbfc65f30, whichdoc=Dmain) at decode_simple.c:402
wvHtml (ps=0x74786574) at wvHtmlEngine.c:34
?? ()
?? ()

Revision history for this message
Apport retracing service (apport) wrote : Symbolic threaded stack trace
Revision history for this message
Apport retracing service (apport) wrote : Stack trace with source code
Siegfried Gevatter (rainct)
Changed in wv:
importance: Undecided → Medium
Revision history for this message
Jonathan Thomas (echidnaman) wrote :
Download full text (57.4 KiB)

Here's a better backtrace from the most recent report:

#0 0x00007fa825c0eca2 in wvAssembleSimplePAP (ver=WORD8,
    apap=0x7fff2e0915b0, fc=<value optimized out>, fkp=<value optimized out>,
    ps=0x7fff2e094850) at pap.c:523
 papx = (PAPX *) 0x1ecd5c0
 index = <value optimized out>
 upxf = {cbUPX = 48, upx = {chpx = {
      grpprl = 0x47201eb0000 <Address 0x47201eb0000 out of bounds>}, papx = {
      istd = 0, grpprl = 0x1ec1ed0 "\026$\001\n&\001\vF\005"},
    rgb = 0x47201eb0000 <Address 0x47201eb0000 out of bounds>}}
 ret = 1
 myListId = 5
 myLVLF = (LVLF *) 0x0
 myLVL = (LVL *) 0x1ebb9f8
 myLFO = <value optimized out>
 myStartAt = 33
 mygPAPX = (unsigned char *) 0x31 <Address 0x31 out of bounds>
 mygCHPX = (
    unsigned char *) 0x4a430a2a42010839 <Address 0x4a430a2a42010839 out of bounds>
 myNumberStr = (XCHAR *) 0x0
 myNumberStr_count = 0
 mygPAPX_count = 0
 mygCHPX_count = 32
 i = 32
 j = <value optimized out>
 k = <value optimized out>
 bLST_LVL_format = 1
#1 0x00007fa825c289cf in wvGetFullTableInit (ps=0x7fff2e094850,
    para_intervals=38, btePapx=0x1ebf2c0, posPapx=0x1ebf210) at table.c:122
 para_fkp = {rgfc = 0x1ebf500, rgbx = 0x1ec2820, grppapx = 0x1ecd560,
  crun = 13 '\r'}
 para_fcFirst = 13050
 para_fcLim = 13178
 apap = {istd = 0, jc = 0 '\0', fKeep = 0 '\0', fKeepFollow = 0 '\0',
  fPageBreakBefore = 0, fBrLnAbove = 0, fBrLnBelow = 0, fUnused = 0,
  pcVert = 0, pcHorz = 0, brcp = 0, brcl = 0, reserved1 = 0 '\0',
  ilvl = 1 '\001', fNoLnn = 0 '\0', ilfo = 5, nLvlAnm = 0 '\0',
  reserved2 = 0 '\0', fSideBySide = 0 '\0', reserved3 = 0 '\0',
  fNoAutoHyph = 1 '\001', fWidowControl = 1 '\001', dxaRight = 0,
  dxaLeft = 1080, dxaLeft1 = -360, lspd = {dyaLine = 240,
    fMultLinespace = 1}, dyaBefore = 0, dyaAfter = 0, phe = {var1 = {
      fSpare = 0, fUnk = 0, fDiffLines = 0, reserved1 = 0, clMac = 0,
      reserved2 = 0, dxaCol = 0, dymHeight = 0}, var2 = {fSpare = 0,
      fUnk = 0, dcpTtpNext = 0, dxaCol = 0, dymHeight = 0}}, fCrLf = 0 '\0',
  fUsePgsuSettings = 0 '\0', fAdjustRight = 0 '\0', reserved4 = 0 '\0',
  fKinsoku = 0 '\0', fWordWrap = 0 '\0', fOverflowPunct = 0 '\0',
  fTopLinePunct = 0 '\0', fAutoSpaceDE = 0 '\0', fAtuoSpaceDN = 0 '\0',
  wAlignFont = 0, fVertical = 0, fBackward = 0, fRotateFont = 0,
  reserved5 = 0, reserved6 = 0, fInTable = 1 '\001', fTtp = 0 '\0',
  wr = 0 '\0', fLocked = 0 '\0', ptap = {jc = 0, dxaGapHalf = 0,
    dyaRowHeight = 0, fCantSplit = 0 '\0', fTableHeader = 0 '\0', tlp = {
      itl = 0, fBorders = 0, fShading = 0, fFont = 0, fColor = 0,
      fBestFit = 0, fHdrRows = 0, fLastRow = 0, fHdrCols = 0, fLastCol = 0,
      unused = 0}, lwHTMLProps = 0, fCaFull = 0, fFirstRow = 0, fLastRow = 0,
    fOutline = 0, reserved = 0, itcMac = 0, dxaAdjust = 0, dxaScale = 0,
    dxsInch = 0, rgdxaCenter = {0 <repeats 65 times>}, rgdxaCenterPrint = {
      0 <repeats 65 times>}, rgtc = {{fFirstMerged = 0, fMerged = 0,
        fVertical = 0, fBackward = 0, fRotateFont = 0, fVertMerge = 0,
        fVertRestart = 0, vertAlign = 0, fUnused = 0, wUnused = 0, brcTop = {
          dptLineWidth = 0, brcType = 0, ico = 0,...

Changed in wv (Ubuntu):
status: New → Confirmed
Kees Cook (kees)
description: updated
Revision history for this message
dino99 (9d9) wrote :

That version has died long ago; no more supported

Changed in wv (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.