Ubuntu
notify-osd package

notify-osd crashed with SIGSEGV in *INT_cairo_surface_destroy()

Bug #349133 reported by Sebastien Bacher
8
Affects Status Importance Assigned to Milestone
notify-osd (Ubuntu)
Fix Released
Medium
Mirco Müller

Bug Description

Binary package hint: notify-osd

using a 0.9.6 -O0 build

ProblemType: Crash
Architecture: i386
CrashCounter: 1
DistroRelease: Ubuntu 9.04
ExecutablePath: /usr/lib/notify-osd/notify-osd
Package: notify-osd 0.9.6-0ubuntu2
ProcCmdline: /usr/lib/notify-osd/notify-osd
ProcEnviron:
 PATH=(custom, user)
 LANG=fr_FR.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: notify-osd
StacktraceTop:
 *INT_cairo_surface_destroy (surface=0x9)
 _render_icon_indicator (self=0x94e7038, cr=0x94f70f8)
 expose_handler (window=0x94e7820, event=0xbfe86dd4,
 _gtk_marshal_BOOLEAN__BOXED (closure=0x9416758,
 IA__g_closure_invoke (closure=0x9416758,
Title: notify-osd crashed with SIGSEGV in *INT_cairo_surface_destroy()
Uname: Linux 2.6.28-11-generic i686
UserGroups: adm admin audio cdrom dialout dip floppy fuse kvm libvirtd lpadmin netdev plugdev powerdev sambashare scanner video

Related branches

lp:ubuntu/karmic/notify-osd
Revision history for this message
Sebastien Bacher (seb128) wrote :

valgrind debug log

"==31219== Invalid read of size 4
==31219== at 0x4617A7E: cairo_surface_destroy (cairo-surface.c:426)
==31219== by 0x8054181: _render_icon_indicator (bubble.c:820)
==31219== by 0x80566AC: expose_handler (bubble.c:1540)
==31219== by 0x420C315: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84)
==31219== by 0x46B0C7A: g_closure_invoke (gclosure.c:767)
==31219== by 0x46C6E0E: signal_emit_unlocked_R (gsignal.c:3244)
==31219== by 0x46C831E: g_signal_emit_valist (gsignal.c:2987)
==31219== by 0x46C8905: g_signal_emit (gsignal.c:3034)
==31219== by 0x43270AD: gtk_widget_event_internal (gtkwidget.c:4761)
==31219== by 0x420635C: gtk_main_do_event (gtkmain.c:1558)
==31219== by 0x44B8CB4: gdk_window_process_updates_internal (gdkwindow.c:2611)
==31219== by 0x44B92CE: gdk_window_process_all_updates (gdkwindow.c:2677)
==31219== Address 0x15 is not stack'd, malloc'd or (recently) free'd
==31219==
==31219== Process terminating with default action of signal 11 (SIGSEGV)
==31219== Access not within mapped region at address 0x15
==31219== at 0x4617A7E: cairo_surface_destroy (cairo-surface.c:426)
==31219== by 0x8054181: _render_icon_indicator (bubble.c:820)
==31219== by 0x80566AC: expose_handler (bubble.c:1540)
==31219== by 0x420C315: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84)
==31219== by 0x46B0C7A: g_closure_invoke (gclosure.c:767)
==31219== by 0x46C6E0E: signal_emit_unlocked_R (gsignal.c:3244)
==31219== by 0x46C831E: g_signal_emit_valist (gsignal.c:2987)
==31219== by 0x46C8905: g_signal_emit (gsignal.c:3034)
==31219== by 0x43270AD: gtk_widget_event_internal (gtkwidget.c:4761)
==31219== by 0x420635C: gtk_main_do_event (gtkmain.c:1558)
==31219== by 0x44B8CB4: gdk_window_process_updates_internal (gdkwindow.c:2611)
==31219== by 0x44B92CE: gdk_window_process_all_updates (gdkwindow.c:2677)"

the crash happens every time when using the keyboard to change the volume

Revision history for this message
Sebastien Bacher (seb128) wrote :

0xb7abea7e in *INT_cairo_surface_destroy (surface=0x9)
    at /build/buildd/cairo-1.8.6/src/cairo-surface.c:426
426 /build/buildd/cairo-1.8.6/src/cairo-surface.c: No such file or directory.
 in /build/buildd/cairo-1.8.6/src/cairo-surface.c
(gdb) bt
#0 0xb7abea7e in *INT_cairo_surface_destroy (surface=0x9)
    at /build/buildd/cairo-1.8.6/src/cairo-surface.c:426
#1 0x08054182 in _render_icon_indicator (self=0x88ce038, cr=0x88ddff8) at bubble.c:820
#2 0x080566ad in expose_handler (window=0x88ce820, event=0xbfae44d4, data=0x88ce038)
    at bubble.c:1540
#3 0xb7da0316 in _gtk_marshal_BOOLEAN__BOXED (closure=0x87fd758, return_value=0xbfae4290,
    n_param_values=2, param_values=0x881d990, invocation_hint=0xbfae427c, marshal_data=0x8056587)
    at /build/buildd/gtk+2.0-2.16.0/gtk/gtkmarshalers.c:84
#4 0xb7a17c7b in IA__g_closure_invoke (closure=0x87fd758, return_value=0xbfae4290,
    n_param_values=2, param_values=0x881d990, invocation_hint=0xbfae427c)
    at /build/buildd/glib2.0-2.20.0/gobject/gclosure.c:767
#5 0xb7a2de0f in signal_emit_unlocked_R (node=0x8803190, detail=0, instance=0x88ce820,
    emission_return=0xbfae43c8, instance_and_params=0x881d990)
    at /build/buildd/glib2.0-2.20.0/gobject/gsignal.c:3244
#6 0xb7a2f31f in IA__g_signal_emit_valist (instance=0x88ce820, signal_id=38, detail=0,
    var_args=0xbfae4420 "8D���D�� �\214\b&\023�� �\214\b��\177\b")
    at /build/buildd/glib2.0-2.20.0/gobject/gsignal.c:2987
#7 0xb7a2f906 in IA__g_signal_emit (instance=0x88ce820, signal_id=38, detail=0)
    at /build/buildd/glib2.0-2.20.0/gobject/gsignal.c:3034
#8 0xb7ebb0ae in gtk_widget_event_internal (widget=0x88ce820, event=0xbfae44d4)
    at /build/buildd/gtk+2.0-2.16.0/gtk/gtkwidget.c:4761
#9 0xb7d9a35d in IA__gtk_main_do_event (event=0xbfae44d4)
    at /build/buildd/gtk+2.0-2.16.0/gtk/gtkmain.c:1558
#10 0xb7c0ecb5 in gdk_window_process_updates_internal (window=0x87ea930)
    at /build/buildd/gtk+2.0-2.16.0/gdk/gdkwindow.c:2611
#11 0xb7c0f2cf in IA__gdk_window_process_all_updates ()
    at /build/buildd/gtk+2.0-2.16.0/gdk/gdkwindow.c:2677
#12 0xb7c0f2fb in gdk_window_update_idle (data=0x0)
---Type <return> to continue, or q <return> to quit---
    at /build/buildd/gtk+2.0-2.16.0/gdk/gdkwindow.c:2521
#13 0xb7bf285b in gdk_threads_dispatch (data=0x88f47c0) at /build/buildd/gtk+2.0-2.16.0/gdk/gdk.c:498
#14 0xb798db51 in g_idle_dispatch (source=0x88efb28, callback=0x9, user_data=0x88f47c0)
    at /build/buildd/glib2.0-2.20.0/glib/gmain.c:3922
#15 0xb798fa58 in IA__g_main_context_dispatch (context=0x87ec978)
    at /build/buildd/glib2.0-2.20.0/glib/gmain.c:1814
#16 0xb7992fbb in g_main_context_iterate (context=0x87ec978, block=1, dispatch=1, self=0x87bb3e8)
    at /build/buildd/glib2.0-2.20.0/glib/gmain.c:2448
#17 0xb799348a in IA__g_main_loop_run (loop=0x8829428)
    at /build/buildd/glib2.0-2.20.0/glib/gmain.c:2656
#18 0xb7d9a5c9 in IA__gtk_main () at /build/buildd/gtk+2.0-2.16.0/gtk/gtkmain.c:1205
#19 0x0805f879 in main (argc=1, argv=0xbfae47e4) at main.c:77

Changed in notify-osd (Ubuntu):
importance: Undecided → Medium
visibility: private → public
Revision history for this message
Sebastien Bacher (seb128) wrote :

the switch default case in _render_icon_indicator () does nothing but you still call cairo_surface_destroy () later on things which have not been initialized

David Barth (dbarth)
Changed in notify-osd:
assignee: nobody → macslow
status: New → Confirmed
Revision history for this message
Mirco Müller (macslow) wrote :

fixed in notify-osd trunk with revision 260

Changed in notify-osd (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Apport retracing service (apport) wrote : Symbolic stack trace

StacktraceTop:?? ()
bubble_hide (self=0xb79abff4) at bubble.c:2700
bubble_get_sender (self=0x94e7820) at bubble.c:2014
?? ()
?? ()

Revision history for this message
Apport retracing service (apport) wrote : Stack trace with source code
Revision history for this message
Apport retracing service (apport) wrote : Crash report cannot be processed

Thank you for your report!

However, processing it in order to get sufficient information for the
developers failed (it does not generate an useful symbolic stack trace). This
might be caused by some outdated packages which were installed on your system
at the time of the report:

libssl0.9.8: installed version 0.9.8g-15ubuntu1, latest version: 0.9.8g-15ubuntu3

Please upgrade your system to the latest package versions. If you still
encounter the crash, please file a new report.

Thank you for your understanding, and sorry for the inconvenience!

Changed in notify-osd:
status: Fix Committed → Invalid
Sebastien Bacher (seb128)
Changed in notify-osd (Ubuntu):
status: Invalid → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package notify-osd - 0.9.7-0ubuntu1

---------------
notify-osd (0.9.7-0ubuntu1) jaunty; urgency=low

  * New upstream version:
    - added and improved multihead support,
      notifications stick to panel whatever the monitor it is on (lp: #331369)
    - crashers fixes (lp: #331927, #349133)
    - enable the icon lookup fallback mechanism for fallback icons like
      notification-display-brightness-* (lp: #344385)
    - reworked parts of notify-osd in order to make it adapt dynamically to
      changes of font-face, font-size and dpi (lp: #339731)
    - ensure X errors will not kill notify-osd
    - use HTML- and markup-filter for title- and body-message-text also
      in fallback-dialog
  * debian/patches/correct_service_install.patch:
    - correctly install the dbus service
  * debian/rules:
    - use simple-patchsys rules

 -- Sebastien Bacher <email address hidden> Sat, 28 Mar 2009 12:45:12 +0100

Changed in notify-osd:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.