Pan crashes when loading a nzb file (attached)
Submitted by Dominique Dumont
Assigned to pan..@..e.bugs
Link to original bug (#788986)
Description
Hello
A Debian user reports a crash when loading the attached nzb file:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857625
This report contains a stack trace.
Note that the groups used in that nzb file are not common. The server news.gmane.org must be configured in pan for the crash to happen. Otherwise, the nzb content is ignored.
Here's the backtrace obtained on my system (Debian/unstable amd64. pan 0.142):
Core was generated by `pan'. Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: Aucun fichier ou dossier de ce type.
[Current thread is 1 (Thread 0x7f551a23e700 (LWP 5444))]
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007f552a7b642a in __GI_abort () at abort.c:89
#2 0x00007f552a7f2c00 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7f552a8e7d78 "*** Error in `%s': %s: 0x%s ***\n")
at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007f552a7f8fc6 in malloc_printerr (action=3, str=0x7f552a8e7e18 "free(): invalid next size (normal)", ptr=<optimized out>, ar_ptr=<optimized out>)
at malloc.c:5049
#4 0x00007f552a7f980e in _int_free (av=0x7f54dc000020, p=0x7f54dc006840, have_lock=0) at malloc.c:3905
#5 0x0000564ecdf16334 in UUCleanUp () at uulib.c:1266
#6 0x0000564ecdee2a14 in pan::Decoder::do_work (this=0x7ffc3e43aef8) at decoder.cc:223
#7 0x0000564ecdf133ba in pan::WorkerPool::Worker::worker_thread_func (g=0x7ffc3e43aef8, unused=<optimized out>) at worker-pool.cc:74
#8 0x00007f552ccfdfc0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#9 0x00007f552ccfd5f5 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#10 0x00007f552a56c494 in start_thread (arg=0x7f551a23e700) at pthread_create.c:333
#11 0x00007f552a86aabf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
(gdb) bt full
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
set = {__val = {0, 3415250668475330418, 7380959312252661606, 3774691833598142313, 7018352466620408418, 7003721055805126200, 3834870498024829491,
3762306054006977840, 3975945545056346926, 3472330516813199114, 7365405400577892661, 3487533442528326965, 2338262304746909744, 3472328296227680304,
4044286557173592096, 2314885638596472881}}
pid = <optimized out>
tid = <optimized out>
#1 0x00007f552a7b642a in __GI_abort () at abort.c:89
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0x2035383230313820, sa_sigaction = 0x2035383230313820}, sa_mask = {__val = {2314885530818453536,
2314885530818453536, 8241998737839235104, 7363215414792381231, 7594879246295920239, 3834078638457958247, 3630235977205756518, 3703429152829433138,
7363442780929601845, 3329345833768137267, 736106977664655715, 7219323194874095159, 3847823598856188001, 3472386793682252341, 3467898350948458544,
140003487500224}}, sa_flags = 79, sa_restorer = 0x7f551a23c7c0}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007f552a7f2c00 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7f552a8e7d78 "*** Error in `%s': %s: 0x%s ***\n")
at ../sysdeps/posix/libc_fatal.c:175
ap = {{gp_offset = 40, fp_offset = 32597, overflow_arg_area = 0x7f551a23c7d0, reg_save_area = 0x7f551a23c760}}
fd = 12
on_2 = <optimized out>
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
written = <optimized out>
#3 0x00007f552a7f8fc6 in malloc_printerr (action=3, str=0x7f552a8e7e18 "free(): invalid next size (normal)", ptr=<optimized out>, ar_ptr=<optimized out>)
at malloc.c:5049
buf = "00007f54dc006850"
cp = <optimized out>
ar_ptr = <optimized out>
ptr = <optimized out>
str = 0x7f552a8e7e18 "free(): invalid next size (normal)"
action = 3
#4 0x00007f552a7f980e in _int_free (av=0x7f54dc000020, p=0x7f54dc006840, have_lock=0) at malloc.c:3905
size = <optimized out>
fb = <optimized out>
nextchunk = <optimized out>
nextsize = <optimized out>
nextinuse = <optimized out>
prevsize = <optimized out>
bck = <optimized out>
fwd = <optimized out>
errstr = <optimized out>
locked = <optimized out>
__func__ = "_int_free"
#5 0x0000564ecdf16334 in UUCleanUp () at uulib.c:1266
iter = <optimized out>
ptr = <optimized out>
liter = <optimized out>
fiter = <optimized out>
aiter = 0x564ece1f4500 <toallocate+224>
#6 0x0000564ecdee2a14 in pan::Decoder::do_work (this=0x7ffc3e43aef8) at decoder.cc:223
res = <optimized out>
buf = "« /home/domi/tmp/signature.asc » enregistré", '\000' <repeats 3696 times>...
#7 0x0000564ecdf133ba in pan::WorkerPool::Worker::worker_thread_func (g=0x7ffc3e43aef8, unused=<optimized out>) at worker-pool.cc:74
No locals.
#8 0x00007f552ccfdfc0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#9 0x00007f552ccfd5f5 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#10 0x00007f552a56c494 in start_thread (arg=0x7f551a23e700) at pthread_create.c:333
__res = <optimized out>
pd = 0x7f551a23e700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140003487508224, -3324934865259029041, 0, 140721353107087, 0, 140003841151040, 3418585182832991695,
3418550935789936079}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#11 0x00007f552a86aabf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
No locals.
All the best