! Please note that this is a snapshot of our old Bugzilla server, which is read only since May 29, 2020. Please go to gitlab.xfce.org for our new server !
Out of Bound when using input via Ibus-Unikey to search file
Status:
RESOLVED: DUPLICATE

Comments

Description Dinh Bao 2018-10-16 09:36:35 CEST
Out of Bound when using input via Ibus-Unikey to search file

VirtualBox POC: https://drive.google.com/open?id=1MMjgybKioy2evO8ywzderTT60MwjA11Z
Video POC: https://youtu.be/2Dw5Y3BMmgw
Core Dump: https://drive.google.com/open?id=1Vz3rezkQiOf_b-q6x3RZ7C4nSkje9GhU

Stack trace

gdb-peda$ run
Starting program: /tmp/thunar 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7fffed6c9700 (LWP 3439)]
[New Thread 0x7fffecec8700 (LWP 3440)]
[New Thread 0x7fffe7b8f700 (LWP 3441)]
[New Thread 0x7fffe738e700 (LWP 3442)]

(thunar:3438): Gdk-WARNING **: gdk_window_set_icon_list: icons too large
[Thread 0x7fffe738e700 (LWP 3442) exited]

Thread 1 "thunar" received signal SIGSEGV, Segmentation fault.
[----------------------------------registers-----------------------------------]
RAX: 0x7400000061 ('a')
RBX: 0x0 
RCX: 0x7fffffffce90 --> 0x5555558a41e0 --> 0x4 
RDX: 0x555555892490 --> 0x55555589b9a0 --> 0x55555589b800 --> 0x2 
RSI: 0x555555aebbf0 --> 0x555555aa0061 --> 0x0 
RDI: 0x5555559d13f0 --> 0x5555558a2740 --> 0x5555558a41e0 --> 0x4 
RBP: 0x555555aa19f0 --> 0x40000002 
RSP: 0x7fffffffccc8 --> 0x7ffff4e06c5d (<g_closure_invoke+413>:    mov    rax,QWORD PTR [rbp+0x0])
RIP: 0x7ffff79a1fb4 (mov    edi,DWORD PTR [rax+0x154])
R8 : 0x7fffffffce10 --> 0x135 
R9 : 0x0 
R10: 0x555555804758 --> 0x700070 ('p')
R11: 0x7fffffffd060 --> 0x3000000020 (' ')
R12: 0x2 
R13: 0x7fffffffce90 --> 0x5555558a41e0 --> 0x4 
R14: 0x7fffffffce10 --> 0x135 
R15: 0x7ffff6a32770 (<g_cclosure_marshal_VOID__STRING>:    cmp    edx,0x2)
EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x7ffff79a1fa1:    call   QWORD PTR [rip+0x229919]        # 0x7ffff7bcb8c0
   0x7ffff79a1fa7:    nop    WORD PTR [rax+rax*1+0x0]
   0x7ffff79a1fb0:    mov    rax,QWORD PTR [rsi+0x70]
=> 0x7ffff79a1fb4:    mov    edi,DWORD PTR [rax+0x154]
   0x7ffff79a1fba:    or     BYTE PTR [rax+0x148],0x2
   0x7ffff79a1fc1:    test   edi,edi
   0x7ffff79a1fc3:    jne    0x7ffff79a1fd0
   0x7ffff79a1fc5:    repz ret
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffccc8 --> 0x7ffff4e06c5d (<g_closure_invoke+413>:    mov    rax,QWORD PTR [rbp+0x0])
0008| 0x7fffffffccd0 --> 0x0 
0016| 0x7fffffffccd8 --> 0x0 
0024| 0x7fffffffcce0 --> 0x7fff40000002 
0032| 0x7fffffffcce8 --> 0x7ffff4b1b294 (<g_hash_table_lookup+52>:    mov    r8d,0x2)
0040| 0x7fffffffccf0 --> 0x1 
0048| 0x7fffffffccf8 --> 0x5555559d13f0 --> 0x5555558a2740 --> 0x5555558a41e0 --> 0x4 
0056| 0x7fffffffcd00 --> 0x7fffffffd2b4 --> 0x558f0d5000007fff 
[------------------------------------------------------------------------------] blue
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00007ffff79a1fb4 in ?? () from /usr/lib/libexo-1.so.0```

gdb-peda$ bt
#0  0x00007ffff79a1fb4 in  () at /usr/lib/libexo-1.so.0
#1  0x00007ffff4e06c5d in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#2  0x00007ffff4e1ab50 in  () at /usr/lib/libgobject-2.0.so.0
#3  0x00007ffff4e23806 in g_signal_emit_valist ()
    at /usr/lib/libgobject-2.0.so.0
#4  0x00007ffff4e24240 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#5  0x00007ffff69b94e0 in  () at /usr/lib/libgtk-x11-2.0.so.0
#6  0x00007ffff4e06c5d in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#7  0x00007ffff4e1ab50 in  () at /usr/lib/libgobject-2.0.so.0
#8  0x00007ffff4e23806 in g_signal_emit_valist ()
    at /usr/lib/libgobject-2.0.so.0
#9  0x00007ffff4e2471c in g_signal_emit_by_name ()
    at /usr/lib/libgobject-2.0.so.0
#10 0x00007ffff4e06c5d in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#11 0x00007ffff4e1ab50 in  () at /usr/lib/libgobject-2.0.so.0
#12 0x00007ffff4e23806 in g_signal_emit_valist ()
    at /usr/lib/libgobject-2.0.so.0
#13 0x00007ffff4e24240 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#14 0x00007ffff4e06c5d in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#15 0x00007ffff4e1ab50 in  () at /usr/lib/libgobject-2.0.so.0
#16 0x00007ffff4e23806 in g_signal_emit_valist ()
    at /usr/lib/libgobject-2.0.so.0
#17 0x00007ffff4e24240 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#18 0x00007fffe7bb9367 in  () at /usr/lib/libibus-1.0.so.5
#19 0x00007fffefe9a1c8 in ffi_call_unix64 () at /usr/lib/libffi.so.6
#20 0x00007fffefe99c2a in ffi_call () at /usr/lib/libffi.so.6
#21 0x00007ffff4e07483 in g_cclosure_marshal_generic ()
    at /usr/lib/libgobject-2.0.so.0
#22 0x00007ffff4e06c5d in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#23 0x00007ffff4e1a5aa in  () at /usr/lib/libgobject-2.0.so.0
#24 0x00007ffff4e23806 in g_signal_emit_valist ()
    at /usr/lib/libgobject-2.0.so.0
#25 0x00007ffff4e24240 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#26 0x00007ffff511d6e7 in  () at /usr/lib/libgio-2.0.so.0
#27 0x00007ffff510c119 in  () at /usr/lib/libgio-2.0.so.0
#28 0x00007ffff4b2ccd6 in g_main_context_dispatch ()
    at /usr/lib/libglib-2.0.so.0
#29 0x00007ffff4b2d0b1 in  () at /usr/lib/libglib-2.0.so.0
#30 0x00007ffff4b2d3e2 in g_main_loop_run () at /usr/lib/libglib-2.0.so.0
#31 0x00007ffff6a2cdf3 in gtk_main () at /usr/lib/libgtk-x11-2.0.so.0
#32 0x0000555555570f60 in  ()
#33 0x00007ffff452df4a in __libc_start_main () at /usr/lib/libc.so.6
#34 0x00005555555710ba in  ()
Comment 1 alexxcons editbugs 2018-10-16 21:16:24 CEST
Thanks for reporting !
You are lucky, I just fixed bug which seems to have the same backtrace ;)

If you can,  take a try for the patch from there:  Bug #14756

Or you can make use of the fresh released Exo 0.12.3

*** This bug has been marked as a duplicate of bug 14756 ***

Bug #14764

Reported by:
Dinh Bao
Reported on: 2018-10-16
Last modified on: 2018-10-16

People

Assignee:
Xfce Bug Triage
CC List:
3 users

Version

Version:
1.6.15

Attachments

Additional information