Ubuntu
w3m package

w3m crashed with SIGSEGV in memmove()

Bug #286488 reported by Bastian Doetsch
28
This bug affects 1 person
Affects Status Importance Assigned to Milestone
w3m (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: w3m

I think this is triggered by trackerd

ProblemType: Crash
Architecture: i386
CrashCounter: 1
DistroRelease: Ubuntu 8.10
ExecutablePath: /usr/bin/w3m
Package: w3m 0.5.2-2build1
ProcAttrCurrent: unconfined
ProcCmdline: w3m -o indent_incr=0 -o multicol=false -o no_cache=true -o use_cookie=false -o display_charset=utf8 -o system_charset=utf8 -o follow_locale=false -o use_language_tag=true -o ucs_conv=true -T text/html -dump /home/username/testrepos/mozilla/layout/generic/crashtests/323386-1.html
ProcEnviron:
 PATH=/home/username/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:~/bin
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: w3m
StacktraceTop:
 memmove () from /lib/tls/i686/cmov/libc.so.6
 ?? ()
 ?? ()
 ?? ()
 ?? ()
Title: w3m crashed with SIGSEGV in memmove()
Uname: Linux 2.6.27-7-generic i686
UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin plugdev video

Tags: apport-crash
Revision history for this message
Bastian Doetsch (bastian-doetsch) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Symbolic stack trace

StacktraceTop:memmove () from /lib/tls/i686/cmov/libc.so.6
Strgrow (x=0x8c430f0) at /usr/include/bits/string3.h:93
process_n_textarea () at file.c:3939
HTMLtagproc1 (tag=0x8c4ff78, h_env=0xbfcfaad8) at file.c:4959
HTMLlineproc0 (line=0x80bc95b "", h_env=0xbfcfaad8, internal=1) at file.c:6246

Revision history for this message
Apport retracing service (apport) wrote : Symbolic threaded stack trace
Changed in w3m:
importance: Undecided → Medium
Revision history for this message
Dominique Meeùs (dominiquem) wrote :

I never used w3m in my life. I wonder why it was running.

Revision history for this message
Dominique Meeùs (dominiquem) wrote :

Idem today

Revision history for this message
Michael Jones (jonesmz) wrote :

I've got to tell you that until the crash report told me that w3m crashed... I didn't realize I had ever run it either.
If you know why it might have been running, that would be pretty sweet.

Revision history for this message
Tuomas Heino (iheino+ub) wrote :

Looks like the textarea to be sent was quite big, maybe there is (or was, is this still relevant?) a bug related to handling huge textareas?

Related snippet from the retraced backtrace:

#1 0x080a7c8b in Strgrow (x=0x8c430f0) at /usr/include/bits/string3.h:93
 old = 0x9405000 "<pre_int>[<input_alt hseq=\"1\" fid=\"0\" type=textarea name=\"\" size=381762666 rows=1 top_margin=0 textareanumber=0><u>", ' ' <repeats 85 times>...
 newlen = 55576780
#2 0x0805c1ad in process_n_textarea () at file.c:3939
 tmp = (Str) 0x8c430f0
 i = 46313869

Revision history for this message
Tatsuya Kinoshita (tats-debian) wrote :

On April 12, 2011, [Bug 286488],
iheino+ub (at cc.hut.fi) wrote:

> Looks like the textarea to be sent was quite big, maybe there is (or
> was, is this still relevant?) a bug related to handling huge textareas?
[...]
> /home/username/testrepos/mozilla/layout/generic/crashtests/323386-1.html

Probably, this bug was fixed in w3m 0.5.2-9, with the patch
provided in <http://bugs.debian.org/492290>.

Thanks,
--
Tatsuya Kinoshita

Tatsuya Kinoshita (tats-debian)
Changed in w3m (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.