Crash in gepub_doc_new()
I'm using libgepub 0.7.0 on Arch Linux.
Here's a patch to fix the problem (for some reason I can't fork the project, yet my account is from 2018 and I've already contributed to several projects; I've also tried https://discourse.gnome.org/t/gitlab-will-not-allow-me-to-fork-gnome-calendar-repo/14093/12 without success)
0001-doc-Add-missing-sanity-check.patch
Clearly this check is missing since gepub_utils_get_element_by_tag()
can return NULL
, and this should fix a crash I had yesterday with Tumbler (Xfce's thumbnailer):
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f1180b70ed2 in gepub_doc_fill_toc (toc_id=0x7f11700086c0 "ncx", doc=0x7f1170283620) at ../libgepub/libgepub/gepub-doc.c:384
384 item = mapnode->children;
[Current thread is 1 (Thread 0x7f11781e46c0 (LWP 97937))]
(gdb) bt
#0 0x00007f1180b70ed2 in gepub_doc_fill_toc (toc_id=0x7f11700086c0 "ncx", doc=0x7f1170283620) at ../libgepub/libgepub/gepub-doc.c:384
#1 gepub_doc_fill_spine (doc=0x7f1170283620) at ../libgepub/libgepub/gepub-doc.c:328
#2 gepub_doc_initable_init (initable=<optimized out>, cancellable=<optimized out>, error=<optimized out>) at ../libgepub/libgepub/gepub-doc.c:240
#3 0x00007f11a0ab1447 in g_initable_new_valist
(object_type=<optimized out>, first_property_name=0x7f1180b73243 "path", var_args=var_args@entry=0x7f11781e3c70, cancellable=cancellable@entry=0x0, error=error@entry=0x7f11781e3d88)
at ../glib/gio/ginitable.c:250
#4 0x00007f11a0ab152e in g_initable_new (object_type=<optimized out>, cancellable=cancellable@entry=0x0, error=error@entry=0x7f11781e3d88, first_property_name=first_property_name@entry=0x7f1180b73243 "path")
at ../glib/gio/ginitable.c:164
#5 0x00007f1180b6f0c9 in gepub_doc_new (path=<optimized out>, error=error@entry=0x7f11781e3d88) at ../libgepub/libgepub/gepub-doc.c:263
#6 0x00007f1180b7a988 in gepub_thumbnailer_create (thumbnailer=0x55d0d22856e0, cancellable=<optimized out>, info=0x55d0d2760b70) at gepub-thumbnailer.c:163
#7 0x000055d0d1b01015 in tumbler_lifo_scheduler_thread (data=0x55d0d2767ef0, user_data=0x55d0d25c6370) at tumbler-lifo-scheduler.c:493
#8 0x00007f11a0908ca3 in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/glib/gthreadpool.c:350
#9 0x00007f11a0905cc5 in g_thread_proxy (data=0x7f1194007460) at ../glib/glib/gthread.c:831
#10 0x00007f11a071644b in () at /usr/lib/libc.so.6
#11 0x00007f11a0799e40 in () at /usr/lib/libc.so.6
However, this crash is not reproducible, and I had kept an old trace, unfortunately partial, which didn't lead to the same place, even though it started from the same point (gepub_doc_new()
):
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f1e269fc75d in reload_length_cb (widget=0x7f1e1800b200, allocation=<optimized out>, user_data=<optimized out>) at ../libgepub/gepub-widget.c:167
167 webkit_web_view_run_javascript (web_view,
[Current thread is 1 (Thread 0x7f1e1e788640 (LWP 26187))]
(gdb) bt
#0 0x00007f1e269fc75d in reload_length_cb (widget=0x7f1e1800b200, allocation=<optimized out>, user_data=<optimized out>) at ../libgepub/gepub-widget.c:167
#1 0x00005592236baa40 in ()
#2 0x00005592232d79a0 in ()
#3 0x00005592231d6640 in ()
#4 0x00005592236cd3c0 in ()
#5 0x00007f1e41a9349a in g_initable_new () at /usr/lib/libgio-2.0.so.0
#6 0x00007f1e269f9e85 in gepub_doc_new (path=<optimized out>, error=<optimized out>) at ../libgepub/gepub-doc.c:263
#7 0x00007f1e26a0592f in gepub_thumbnailer_create (thumbnailer=0x0, cancellable=<optimized out>, info=0x7f1e1e787d18) at gepub-thumbnailer.c:169
#8 0x0000559222baa11d in tumbler_lifo_scheduler_thread (data=0x5592236cd3c0, user_data=0x5592236960c0) at tumbler-lifo-scheduler.c:493
#9 0x00007f1e41919937 in () at /usr/lib/libglib-2.0.so.0
#10 0x00007f1e41916d51 in () at /usr/lib/libglib-2.0.so.0
#11 0x00007f1e416ae259 in start_thread () at /usr/lib/libpthread.so.0
#12 0x00007f1e417c65e3 in clone () at /usr/lib/libc.so.6
I don't think this trace dates from before 0.7.0, but I can't be completely sure. In any case, I wouldn't be surprised if there was another memory management issue upstream of these crashes.