Binary package hint: abiword
Ubuntu 8.10 with abiword 2.6.4-4ubuntu4 on x86. Follow these steps to always create a core dump:
1. Start Abiword, and create an initial revision (Tools->Revisions->Mark Revisions as you type). Name this revision.
2. Make some changes, and then start a new revision (Tools->Revisions->Start new revision). Name this change.
3. Uncheck "Mark Revisions as you type" (Tools->Revisions->Mark Revisions as you type)
4. Press "Select Revision" ((Tools->Revisions->Select Revision)
5. Watch as Abiword dumps core.
Attached is the glibc printout from the invalid free()
'thread apply all bt' from the core dump:
Thread 2 (process 3800):
#0 0xb7ffa430 in __kernel_vsyscall ()
#1 0xb71fe3a2 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2 0xb73170bd in ?? () from /usr/lib/libgthread-2.0.so.0
#3 0xb7704269 in ?? () from /usr/lib/libglib-2.0.so.0
#4 0xb7704367 in g_async_queue_timed_pop () from /usr/lib/libglib-2.0.so.0
#5 0xb7756633 in ?? () from /usr/lib/libglib-2.0.so.0
#6 0xb775502f in ?? () from /usr/lib/libglib-2.0.so.0
#7 0xb71fa50f in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#8 0xb71777ee in clone () from /lib/tls/i686/cmov/libc.so.6
Thread 1 (process 3798):
#0 0xb7ffa430 in __kernel_vsyscall ()
#1 0xb70c1880 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0xb70c3248 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0xb70ff10d in ?? () from /lib/tls/i686/cmov/libc.so.6
#4 0xb71053f4 in ?? () from /lib/tls/i686/cmov/libc.so.6
#5 0xb7107456 in free () from /lib/tls/i686/cmov/libc.so.6
#6 0xb7732c06 in g_free () from /usr/lib/libglib-2.0.so.0
#7 0x083a8ae9 in AP_UnixDialog_ListRevisions::constructWindowContents ()
#8 0x083a8cf0 in AP_UnixDialog_ListRevisions::constructWindow ()
#9 0x083a8d6d in AP_UnixDialog_ListRevisions::runModal ()
#10 0x0816b054 in ap_EditMethods::revisionSetViewLevel ()
#11 0x08293664 in EV_Menu::invokeMenuMethod ()
#12 0x0829690a in EV_UnixMenu::menuEvent ()
#13 0xb77c63d4 in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0
#14 0xb77b8c4b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#15 0xb77cf095 in ?? () from /usr/lib/libgobject-2.0.so.0
#16 0xb77d07ac in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#17 0xb77d0c26 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#18 0xb7e3e477 in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0
#19 0xb7d30f70 in gtk_menu_shell_activate_item () from /usr/lib/libgtk-x11-2.0.so.0
#20 0xb7d32b4d in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#21 0xb7d294fb in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#22 0xb7d23036 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#23 0xb77b73c9 in ?? () from /usr/lib/libgobject-2.0.so.0
#24 0xb77b8c4b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#25 0xb77ced3d in ?? () from /usr/lib/libgobject-2.0.so.0
#26 0xb77d062b in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#27 0xb77d0c26 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#28 0xb7e3833e in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#29 0xb7d1bb4c in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
#30 0xb7d1cef7 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#31 0xb7a7750a in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#32 0xb772a6f8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#33 0xb772dda3 in ?? () from /usr/lib/libglib-2.0.so.0
#34 0xb772e2c2 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#35 0xb7d1d3a9 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#36 0x0814f715 in AP_UnixApp::main ()
#37 0x0814d10a in main ()
I can confirm this bug. I was able to reproduce it using Xubuntu 8.10 and AbiWord 2.6.4-4ubuntu4 on 64-bit system. The same behavior happens in Jaunty 9.04 development with AbiWord 2.6.4-5ubuntu1.
This has been reported upstream as http://
Please make comments there.
Thanks for helping improve Ubuntu.