191920 – ksplashx crashes in updateSplashImage() with Default splash theme

Bug 191920 - ksplashx crashes in updateSplashImage() with Default splash theme

Summary: ksplashx crashes in updateSplashImage() with Default splash theme

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	ksplash
Classification:	Plasma
Component:	general (show other bugs)
Version:	unspecified
Platform:	Ubuntu Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Lubos Lunak

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-05-07 17:12 UTC by Jonathan Thomas
Modified:	2010-01-28 00:57 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Jonathan Thomas 2009-05-07 17:12:29 UTC

Version:            (using KDE 4.2.2)
OS:                Linux
Installed from:    Ubuntu Packages

Originally reported at https://launchpad.net/bugs/355843
The user reported a ksplashx crash that occurred with the default splash:

#0  0x08057603 in updateSplashImage (img=@0xbfddd87c, 
    x_pos=<value optimized out>, y_pos=<value optimized out>)
    at /build/buildd/kdebase-workspace-4.2.2/ksplash/ksplashx/splash.cpp:810
	x = 0
	d = (QRgb *) 0x565656
	y = 800
	pix = {hd = 3218987132, w = 1, h = -1075981048, d = 134582564, 
  optim = 3218987132, ximage = 0x0, orig = {data = 0x5a0}}
	gc = <value optimized out>
#1  0x0805ab2b in runSplash (them=0xbfdded77 "Default", t=false, p=4)
    at /build/buildd/kdebase-workspace-4.2.2/ksplash/ksplashx/splash.cpp:1017
	geom = {x1 = 0, y1 = 0, x2 = 1439, y2 = 899}
	img = {data = 0x917e000}
	i = 1
	screens = 1
	line = "BACKGROUND_IMAGE 0 0 background.png\000\000ï¿½026\t\fï¿½026\t\bï¿½026\t4ï¿½26\t\034ï¿½26\t\000ï¿½026\t\t\000\000\000\000\000\000\000\001\000\000\000 ï¿½ï¿½ï¿½ï¿½001\000\n\000\000\000\000\000ï¿½h\221\027\tQ\212Ñ·Xï¿½ï¿½(\000\000\0006\001É·\000ï¿½026\t(ï¿½026\t\000\000\000\0006\001É·\000ï¿½026\t.\233Þ·ï¿½ï¿½Þ·ï¿½204Þ·\032\204Þ·.\233Þ·(\000\000\000x\223\027\txqï¿½020\000\000\000\006\000\000\000YL\001\000\004\000\000\000p\223\027\t\002\000\000\000\211L\001\000\004\000\000\000"...
	y = 0
	screen_ref = "ï¿½ï¿½"
	window_ref = "ï¿½ï¿½t"
	number = 0
	x_rel = -1207650904
	buf = "background.png\000ï¿½ï¿½ï¿½ï¿½\021\000\000\000\001\000\000\000\000\000\000\000ï¿½Ý¿nï¿½ï¿½ï¿½ï¿½ï¿½\200ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½!\000\000\000ï¿½\rï¿½\000\000\000\000\000\000\000\000ï¿½ï¿½ï¿½Ý¿ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½\002\000\000\000\001\000\000\000Dï¿½ï¿½ï¿½ï¿½\000\000\000\000ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½\004ï¿½ï¿½ï¿½\004ï¿½\000\000\000\000@ï¿½ï¿½\024ï¿½\002", '\0' <repeats 19 times>, "\n\000\000\000?ï¿½ï¿½", '\0' <repeats 44 times>, " ï¿½rï¿½\002\000\000\000\001\000\000\000ï¿½ï¿½ï¿½ï¿½d\000\000\000\000\b\000\000\000ï¿½ï¿½ï¿½\000ï¿½...
	w = -1211207901
	y_rel = 0
	frames = -1210032140
	delay = -1211214460
	image_ref = "ï¿½ï¿½ï¿½"
	x = 0
	h = -1075978552
	repeat = 65
	items = <value optimized out>
	handled = <value optimized out>
	desc_w = 1600
	desc_h = 1200
	datafile = (FILE *) 0x9179450
	stat_buf = {st_dev = 2053, __pad1 = 0, __st_ino = 1069558, 
  st_mode = 33188, st_nlink = 1, st_uid = 0, st_gid = 0, st_rdev = 0, 
  __pad2 = 0, st_size = 965, st_blksize = 4096, st_blocks = 8, st_atim = {
    tv_sec = 1238945843, tv_nsec = 0}, st_mtim = {tv_sec = 1216151339, 
    tv_nsec = 0}, st_ctim = {tv_sec = 1238944868, tv_nsec = 0}, 
  st_ino = 1069558}
	ratiox = 1.1111111111111112
	ratioy = 1.3333333333333333
#2  0x0804a8e5 in main (argc=3, argv=)
    at /build/buildd/kdebase-workspace-4.2.2/ksplash/ksplashx/main.cpp:92
	test = 21
	print_pid = true
	theme = 0xbfdded77 "Default"
	parent_pipe = 4

Comment 1 Jonathan Thomas 2010-01-28 00:57:31 UTC

More recent backtraces reveal this to be the glibc crasher. (Or any other type of memory corruption)

#0  0x00b14422 in __kernel_vsyscall ()
No symbol table info available.
#1  0x003314d1 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
	resultvar = <value optimized out>
	pid = 4485108
	selftid = 2607
#2  0x00334932 in *__GI_abort () at abort.c:92
	act = {__sigaction_handler = {sa_handler = 0x446ff4, 
    sa_sigaction = 0x446ff4}, sa_mask = {__val = {3071280320, 3219211696, 
      381, 120, 3071279120, 4485108, 3071279120, 0, 4492906, 4294967224, 0, 
      8080, 3071279120, 4485108, 3071279120, 3071280320, 3219211756, 3631005, 
      4485108, 4485108, 4485108, 20, 3219211916, 3995420, 3071280696, 
      3071280696, 111, 16384, 4481088, 6, 0, 9}}, sa_flags = 22, 
  sa_restorer = 0x14}
	sigs = {__val = {32, 0 <repeats 31 times>}}
#3  0x00367ee5 in __libc_message (do_abort=2, 
    fmt=0x42b438 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
	ap = <value optimized out>
	fd = 7
	on_2 = <value optimized out>
	list = <value optimized out>
	nlist = <value optimized out>
	cp = <value optimized out>
	written = false
#4  0x00371ff1 in malloc_printerr (action=<value optimized out>, 
    str=0x6 <Address 0x6 out of bounds>, ptr=0x89dd718) at malloc.c:6217
	buf = "089dd718"
	cp = <value optimized out>
#5  0x003736f2 in _int_free (av=<value optimized out>, 
    p=<value optimized out>) at malloc.c:4750
	size = 19352
	nextchunk = (mchunkptr) 0xa2f
	nextsize = 14333992
	prevsize = <value optimized out>
	bck = <value optimized out>
	fwd = <value optimized out>
	errstr = 0x6 <Address 0x6 out of bounds>
	__PRETTY_FUNCTION__ = "_int_free"
#6  0x0037679d in *__GI___libc_free (mem=0x89dd718) at malloc.c:3716
	ar_ptr = (mstate) 0x4483a0
	p = (mchunkptr) 0x6
#7  0x007f6669 in _XDestroyImage (ximage=0x89d8b60) at ../../src/ImUtil.c:438
No locals.
#8  0x08057871 in doPaint (area=<value optimized out>)
    at ../../../ksplash/ksplashx/splash.cpp:547
	rect = {x1 = 528, y1 = 400, x2 = 605, y2 = 523}
	w = 78
	img = (XImage *) 0x89d8b60
	h = 124
	h_off = 0
	bg = (QRgb *) 0x89e6e38
	fg = (QRgb *) 0x88c31d0
	anim = (AnimData *) 0x88b6f00
	frame = <value optimized out>
	i = 1
	pixmap = 10485801
	gc = (GC) 0x88b7410
#9  0x0805a8df in runSplash (them=0xbfe15d5f "Default", t=false, p=4)
    at ../../../ksplash/ksplashx/splash.cpp:621
	line = "WAIT_STATE kded\000\0002 -50 LT 30 icon1_anim.png 85 1\000\000ngle adjusted by -195,-117\000\000oo\000\000\025\000\000\000\000\000°Ø\212\b\000\020\000\000\030O\025\000¼Wá¿¸k\213\b \000\000\000 ë\024\000|Ø\212\bÌè\212\bäè\212\bÿÿÿÿèVá¿°Ø\212\b~C7\000 \000\000\000øVá¿°Ø\212\b\000\000\000\000¡W\025\000\t", '\0' <repeats 11 times>, "ùB\025\000XØ\212\b\001\000\000\000°Ø\212\b%A\025\000°Ø\212\b\b"...
	y = 400
	screen_ref = "\000\000\001"
	window_ref = "CC"
	number = 1
	x_rel = -192
	buf = "kded\000_anim.png\000\000ØYá¿\000\000\000\000\031\000\000\0002\000\000\000\001\000\000\000ÐXá¿\001\000\000\000ôoD\000<Xá¿(K\210\000\bXá¿JA4\000<Xá¿(K\210\000\000\000\000\000\000\000\000\000\002\000\000\000¤Rá¿E7Ú\000\000\000\000\000x^t·\b\000\000\000\bZá¿>¯Ù\000\204^t·x^t·\b\000\000\000ÀSá¿\234Sá¿\020ht·", '\0' <repeats 24 times>, "ðYá¿ÿÿÿÿ", '\0' <repeats 24 times>, "ÀSá¿ Sá¿ô¯Ú\000@Sá¿\002\000\000\000$Sá¿", '\0' <repeats 12 times>, "`W"...
	w = 8
	y_rel = -50
	frames = 30
	delay = 85
	image_ref = "LT"
	x = 528
	h = 14300997
	repeat = 1
	items = <value optimized out>
	handled = <value optimized out>
	desc_h = 1200
	datafile = (FILE *) 0x88b6f90
	stat_buf = {st_dev = 2052, __pad1 = 0, __st_ino = 1767604, 
  st_mode = 33188, st_nlink = 1, st_uid = 0, st_gid = 0, st_rdev = 0, 
  __pad2 = 0, st_size = 965, st_blksize = 4096, st_blocks = 8, st_atim = {
    tv_sec = 1257794519, tv_nsec = 0}, st_mtim = {tv_sec = 1216151339, 
    tv_nsec = 0}, st_ctim = {tv_sec = 1256899786, tv_nsec = 0}, 
  st_ino = 1767604}
	ratioy = 1.3333333333333333
	desc_w = 1600
	ratiox = 1.1111111111111112
#10 0x0804a7f5 in main (argc=3, argv=0xbfe15bc4)
    at ../../../ksplash/ksplashx/main.cpp:92
	test = false
	print_pid = true
	theme = 0xbfe15d5f "Default"
	parent_pipe = 4