[Bug 1988440] Re: Regression in 22.04: segmentation fault when language is spanish

Marco Trevisan (Treviño) 1988440 at bugs.launchpad.net
Wed Jan 24 15:42:23 UTC 2024 

Tested on 22.04.

It took a while to get the test tool working, but.

With repo packages versions:

❯ apt-cache policy libxmlb2
libxmlb2:
  Installato: 0.3.6-2build1
  Candidato:  0.3.6-2build1
  Tabella versione:
     0.3.6-2ubuntu0.1 400
        400 http://archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages
 *** 0.3.6-2build1 500
        500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages
        100 /var/lib/dpkg/status


❯ LD_LIBRARY_PATH=/usr/lib/x86_64-linux-gnu/gnome-software valgrind --num-callers=25 ./test_xmlb 
==141088== Memcheck, a memory error detector
==141088== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==141088== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==141088== Command: ./test_xmlb
==141088== 
Loading test_files/xmls1
Loading test_files/xmls4
Loading test_files/xmls5
Loading test_files/yaml6
Loading2 test_files/metainfo1
Loading2 test_files/metainfo2
Loading2 test_files/appdata2

Loading3 test_files/hostfsapplications


Processing

Loaded and processed everything
==141088== Invalid free() / delete / delete[] / realloc()
==141088==    at 0x484B27F: free (vg_replace_malloc.c:872)
==141088==    by 0x4BFD03F: ptr_array_free (garray.c:1480)
==141088==    by 0x10BCCD: glib_autoptr_clear_GPtrArray (glib-autocleanups.h:59)
==141088==    by 0x10BCCD: glib_autoptr_cleanup_GPtrArray (glib-autocleanups.h:59)
==141088==    by 0x10BCCD: test (test_xmlb.c:34)
==141088==    by 0x10A87E: main (test_xmlb.c:116)
==141088==  Address 0x10c16c is in a r-- mapped file /tmp/test_libxmlb2/test_xmlb segment
==141088== 
==141088== Invalid free() / delete / delete[] / realloc()
==141088==    at 0x484B27F: free (vg_replace_malloc.c:872)
==141088==    by 0x4BFD03F: ptr_array_free (garray.c:1480)
==141088==    by 0x10BCD5: glib_autoptr_clear_GPtrArray (glib-autocleanups.h:59)
==141088==    by 0x10BCD5: glib_autoptr_cleanup_GPtrArray (glib-autocleanups.h:59)
==141088==    by 0x10BCD5: test (test_xmlb.c:33)
==141088==    by 0x10A87E: main (test_xmlb.c:116)
==141088==  Address 0x10c1b0 is in a r-- mapped file /tmp/test_libxmlb2/test_xmlb segment
==141088== 
==141088== Invalid free() / delete / delete[] / realloc()
==141088==    at 0x484B27F: free (vg_replace_malloc.c:872)
==141088==    by 0x10BCF7: g_autoptr_cleanup_generic_gfree (glib-autocleanups.h:28)
==141088==    by 0x10BCF7: test (test_xmlb.c:27)
==141088==    by 0x10A87E: main (test_xmlb.c:116)
==141088==  Address 0x10c239 is in a r-- mapped file /tmp/test_libxmlb2/test_xmlb segment
==141088== 
==141088== 
==141088== HEAP SUMMARY:
==141088==     in use at exit: 215,335 bytes in 2,898 blocks
==141088==   total heap usage: 269,683 allocs, 266,793 frees, 21,857,917 bytes allocated
==141088== 
==141088== LEAK SUMMARY:
==141088==    definitely lost: 0 bytes in 0 blocks
==141088==    indirectly lost: 0 bytes in 0 blocks
==141088==      possibly lost: 832 bytes in 2 blocks
==141088==    still reachable: 195,255 bytes in 2,693 blocks
==141088==         suppressed: 0 bytes in 0 blocks
==141088== Rerun with --leak-check=full to see details of leaked memory
==141088== 
==141088== For lists of detected and suppressed errors, rerun with: -s
==141088== ERROR SUMMARY: 8 errors from 3 contexts (suppressed: 0 from 0)

----

But installing the proposed version... I'm getting the same:

❯ apt-cache policy libxmlb2
libxmlb2:
  Installato: 0.3.6-2ubuntu0.1
  Candidato:  0.3.6-2ubuntu0.1
  Tabella versione:
 *** 0.3.6-2ubuntu0.1 400
        400 http://archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     0.3.6-2build1 500
        500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages

❯ LD_LIBRARY_PATH=/usr/lib/x86_64-linux-gnu/gnome-software valgrind --num-callers=25 ./test_xmlb
==141769== Memcheck, a memory error detector
==141769== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==141769== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==141769== Command: ./test_xmlb
==141769== 
Loading test_files/xmls1
Loading test_files/xmls4
Loading test_files/xmls5
Loading test_files/yaml6
Loading2 test_files/metainfo1
Loading2 test_files/metainfo2
Loading2 test_files/appdata2

Loading3 test_files/hostfsapplications


Processing

Loaded and processed everything
==141769== Invalid free() / delete / delete[] / realloc()
==141769==    at 0x484B27F: free (vg_replace_malloc.c:872)
==141769==    by 0x4BFD03F: ptr_array_free (garray.c:1480)
==141769==    by 0x10BCCD: glib_autoptr_clear_GPtrArray (glib-autocleanups.h:59)
==141769==    by 0x10BCCD: glib_autoptr_cleanup_GPtrArray (glib-autocleanups.h:59)
==141769==    by 0x10BCCD: test (test_xmlb.c:34)
==141769==    by 0x10A87E: main (test_xmlb.c:116)
==141769==  Address 0x10c16c is in a r-- mapped file /tmp/test_libxmlb2/test_xmlb segment
==141769== 
==141769== Invalid free() / delete / delete[] / realloc()
==141769==    at 0x484B27F: free (vg_replace_malloc.c:872)
==141769==    by 0x4BFD03F: ptr_array_free (garray.c:1480)
==141769==    by 0x10BCD5: glib_autoptr_clear_GPtrArray (glib-autocleanups.h:59)
==141769==    by 0x10BCD5: glib_autoptr_cleanup_GPtrArray (glib-autocleanups.h:59)
==141769==    by 0x10BCD5: test (test_xmlb.c:33)
==141769==    by 0x10A87E: main (test_xmlb.c:116)
==141769==  Address 0x10c1b0 is in a r-- mapped file /tmp/test_libxmlb2/test_xmlb segment
==141769== 
==141769== Invalid free() / delete / delete[] / realloc()
==141769==    at 0x484B27F: free (vg_replace_malloc.c:872)
==141769==    by 0x10BCF7: g_autoptr_cleanup_generic_gfree (glib-autocleanups.h:28)
==141769==    by 0x10BCF7: test (test_xmlb.c:27)
==141769==    by 0x10A87E: main (test_xmlb.c:116)
==141769==  Address 0x10c239 is in a r-- mapped file /tmp/test_libxmlb2/test_xmlb segment
==141769== 
==141769== 
==141769== HEAP SUMMARY:
==141769==     in use at exit: 215,335 bytes in 2,898 blocks
==141769==   total heap usage: 269,683 allocs, 266,793 frees, 21,857,917 bytes allocated
==141769== 
==141769== LEAK SUMMARY:
==141769==    definitely lost: 0 bytes in 0 blocks
==141769==    indirectly lost: 0 bytes in 0 blocks
==141769==      possibly lost: 832 bytes in 2 blocks
==141769==    still reachable: 195,255 bytes in 2,693 blocks
==141769==         suppressed: 0 bytes in 0 blocks
==141769== Rerun with --leak-check=full to see details of leaked memory
==141769== 
==141769== For lists of detected and suppressed errors, rerun with: -s
==141769== ERROR SUMMARY: 8 errors from 3 contexts (suppressed: 0 from 0)

** Tags removed: verification-needed-jammy
** Tags added: verification-failed-jammy

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libxmlb in Ubuntu.
Matching subscriptions: foundations-bugs-libxmlb
https://bugs.launchpad.net/bugs/1988440

Title:
  Regression in 22.04: segmentation fault when language is spanish

Status in snap-store-desktop:
  Fix Released
Status in libxmlb package in Ubuntu:
  Fix Released
Status in libxmlb source package in Bionic:
  Won't Fix
Status in libxmlb source package in Focal:
  Fix Committed
Status in libxmlb source package in Jammy:
  Fix Committed
Status in libxmlb source package in Kinetic:
  Won't Fix

Bug description:
  The discussion here describes the issue in full detail:
  https://forum.snapcraft.io/t/segment-fault-with-snap-store/31547

  The bug was caused by a double-free in libxmlb, triggered by some
  specific data combination.

  [Impact] This bug has been in the library since, at least, version
  0.1.8, the one used in Bionic. Although the patch attached here fixes
  the problem in the "snap-store" snap, the bug is still present in the
  libraries distributed as .deb in Ubuntu, and also in the GNOME-42
  extension snap. A patch has been sent both to the libxmlb repository
  (which has been accepted and merged) and to the Debian SALSA
  repository.

  [Test plan] To test this bug, just download the GIT repository
  https://github.com/sergio-costas/test_libxmlb2 and follow the
  instructions. If the bug is there, valgrind will show an access to an
  already freed memory block and six CRITICAL errors will be shown by
  GLib.

  [Where problems could occur] If another developer adds code that uses
  the 'xb_builder_xml_lang_prio_cb()' function and forgets to define a
  destruction function for the passed 'nodes_to_destroy' ptr_array,
  there would be a memory leak.

To manage notifications about this bug go to:
https://bugs.launchpad.net/snap-store-desktop/+bug/1988440/+subscriptions

More information about the foundations-bugs mailing list