Dear Maintainer,
I just tried to reproduce and collect some more information,
used a minimal buster amd64 qemu VM.
This issue seems to be more located in libt4k-common0.
It uses "rsvg_handle_get_desc(file_handle)" to retrieve
a char pointer to the description and tries to convert that
into an integer by sscanf [1].
Unfortunately seems librsvg-2.42 [2] the last release that
supported that way of operation.
librsvg removed that functionality in commit [3].
Therefore in current version just a null pointer [4] is returned
by rsvg_handle_get_desc that leads to the crash in load_svg_sprite:
(gdb) bt
#0 __rawmemchr_sse2 () at ../sysdeps/x86_64/multiarch/../rawmemchr.S:37
#1 0x00007febe0ac3342 in _IO_str_init_static_internal
(sf=sf@entry=0x7ffd7b8ad720, ptr=ptr@entry=0x0, size=size@entry=0,
pstart=pstart@entry=0x0) at strops.c:41
#2 0x00007febe0ab624d in _IO_vsscanf (string=0x0, format=0x7febe0c35c62 "%d",
args=args@entry=0x7ffd7b8ad850) at iovsscanf.c:40
#3 0x00007febe0ab03f4 in __sscanf (s=<optimized out>,
format=format@entry=0x7febe0c35c62 "%d") at sscanf.c:32
#4 0x00007febe0c2c3c9 in load_svg_sprite (file_name=<optimized out>,
width=width@entry=-1, height=height@entry=-1) at t4k_loaders.c:217
#5 0x00007febe0c2d52b in load_sprite (name=name@entry=0x55b6034762a1
"comets/comet", mode=mode@entry=4, w=w@entry=-1, h=h@entry=-1,
proportional=proportional@entry=false) at t4k_loaders.c:714
#6 0x00007febe0c2d978 in T4K_LoadScaledSprite (name=name@entry=0x55b6034762a1
"comets/comet", mode=mode@entry=4, width=width@entry=-1,
height=height@entry=-1) at t4k_loaders.c:651
#7 0x00007febe0c2d98c in T4K_LoadSprite (name=name@entry=0x55b6034762a1
"comets/comet", mode=mode@entry=4) at t4k_loaders.c:646
#8 0x000055b60345b961 in load_image_data () at fileops_media.c:213
#9 0x000055b603448962 in load_data_files () at setup.c:759
#10 0x000055b6034497c5 in setup (argc=1, argv=0x7ffd7b8ae758) at setup.c:139
#11 0x000055b603447be9 in main (argc=<optimized out>, argv=<optimized out>) at
tuxmath.c:40
Kind regards,
Bernhard
[1] https://github.com/tux4kids/t4kcommon/blob/master/src/t4k_loaders.c#L228
[2]
https://gitlab.gnome.org/GNOME/librsvg/blob/librsvg-2.42/librsvg/rsvg-handle.c#L772
[3]
https://gitlab.gnome.org/GNOME/librsvg/commit/1006c2001d4775b6d5b20d5f77c5aea9ac280fcb
[4]
https://gitlab.gnome.org/GNOME/librsvg/blob/master/librsvg/rsvg-handle.c#L1007
# buster amd64 qemu VM
apt update
apt dist-upgrade
apt install mc psmisc devscripts dpkg-dev systemd-coredump strace gdb
xserver-xorg lightdm openbox tuxmath tuxmath-dbgsym libt4k-common0-dbgsym
librsvg2-2-dbgsym
apt build-dep t4kcommon
systemctl start lightdm
mkdir libt4k-common0/orig -p
cd libt4k-common0/orig
apt source libt4k-common0
cd ../..
mkdir librsvg2-2/orig -p
cd librsvg2-2/orig
apt source librsvg2-2
cd ../..
export LANG=C
export DISPLAY=:0
tuxmath
root@debian:~# coredumpctl list
TIME PID UID GID SIG COREFILE EXE
Sun 2018-12-09 22:02:02 CET 8201 1000 1000 11 present
/usr/lib/tuxmath/tuxmath
root@debian:~# coredumpctl gdb 8201
PID: 8201 (tuxmath)
UID: 1000 (benutzer)
GID: 1000 (benutzer)
Signal: 11 (SEGV)
Timestamp: Sun 2018-12-09 22:02:02 CET (28s ago)
Command Line: tuxmath
Executable: /usr/lib/tuxmath/tuxmath
Control Group: /user.slice/user-1000.slice/session-5.scope
Unit: session-5.scope
Slice: user-1000.slice
Session: 5
Owner UID: 1000 (benutzer)
Boot ID: b8debb360de74c7698ecca6a9e56eac5
Machine ID: 32f43b50ac8c4b21941bc0b02f8e7811
Hostname: debian
Storage:
/var/lib/systemd/coredump/core.tuxmath.1000.b8debb360de74c7698ecca6a9e56eac5.8201.1544389322000000.lz4
Message: Process 8201 (tuxmath) of user 1000 dumped core.
Stack trace of thread 8201:
#0 0x00007febe0ad67af __rawmemchr_sse2 (libc.so.6)
#1 0x00007febe0ac3342 _IO_str_init_static_internal (libc.so.6)
#2 0x00007febe0ab624d _IO_vsscanf (libc.so.6)
#3 0x00007febe0ab03f4 __sscanf (libc.so.6)
#4 0x00007febe0c2c3c9 load_svg_sprite (libt4k_common.so.0)
#5 0x00007febe0c2d52b load_sprite (libt4k_common.so.0)
#6 0x000055b60345b961 n/a (tuxmath)
#7 0x000055b603448962 n/a (tuxmath)
#8 0x000055b6034497c5 n/a (tuxmath)
#9 0x000055b603447be9 main (tuxmath)
#10 0x00007febe0a67b17 __libc_start_main (libc.so.6)
#11 0x000055b603447c2a n/a (tuxmath)
GNU gdb (Debian 8.2-1) 8.2
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/lib/tuxmath/tuxmath...(no debugging symbols
found)...done.
[New LWP 8201]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `tuxmath'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __rawmemchr_sse2 () at ../sysdeps/x86_64/multiarch/../rawmemchr.S:37
37 ../sysdeps/x86_64/multiarch/../rawmemchr.S: Datei oder Verzeichnis
nicht gefunden.
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /home/benutzer/libt4k-common0/orig/t4kcommon-0.1.1/src
Source directories searched:
/home/benutzer/libt4k-common0/orig/t4kcommon-0.1.1/src:$cdir:$cwd
(gdb) bt
#0 __rawmemchr_sse2 () at ../sysdeps/x86_64/multiarch/../rawmemchr.S:37
#1 0x00007febe0ac3342 in _IO_str_init_static_internal
(sf=sf@entry=0x7ffd7b8ad720, ptr=ptr@entry=0x0, size=size@entry=0,
pstart=pstart@entry=0x0) at strops.c:41
#2 0x00007febe0ab624d in _IO_vsscanf (string=0x0, format=0x7febe0c35c62 "%d",
args=args@entry=0x7ffd7b8ad850) at iovsscanf.c:40
#3 0x00007febe0ab03f4 in __sscanf (s=<optimized out>, format=<optimized out>)
at sscanf.c:32
#4 0x00007febe0c2c3c9 in load_svg_sprite () from
/usr/lib/x86_64-linux-gnu/libt4k_common.so.0
#5 0x00007febe0c2d52b in load_sprite () from
/usr/lib/x86_64-linux-gnu/libt4k_common.so.0
#6 0x000055b60345b961 in ?? ()
#7 0x000055b603448962 in ?? ()
#8 0x000055b6034497c5 in ?? ()
#9 0x000055b603447be9 in main ()
# With debug symbols
(gdb) bt
#0 __rawmemchr_sse2 () at ../sysdeps/x86_64/multiarch/../rawmemchr.S:37
#1 0x00007febe0ac3342 in _IO_str_init_static_internal
(sf=sf@entry=0x7ffd7b8ad720, ptr=ptr@entry=0x0, size=size@entry=0,
pstart=pstart@entry=0x0) at strops.c:41
#2 0x00007febe0ab624d in _IO_vsscanf (string=0x0, format=0x7febe0c35c62 "%d",
args=args@entry=0x7ffd7b8ad850) at iovsscanf.c:40
#3 0x00007febe0ab03f4 in __sscanf (s=<optimized out>,
format=format@entry=0x7febe0c35c62 "%d") at sscanf.c:32
#4 0x00007febe0c2c3c9 in load_svg_sprite (file_name=<optimized out>,
width=width@entry=-1, height=height@entry=-1) at t4k_loaders.c:217
#5 0x00007febe0c2d52b in load_sprite (name=name@entry=0x55b6034762a1
"comets/comet", mode=mode@entry=4, w=w@entry=-1, h=h@entry=-1,
proportional=proportional@entry=false) at t4k_loaders.c:714
#6 0x00007febe0c2d978 in T4K_LoadScaledSprite (name=name@entry=0x55b6034762a1
"comets/comet", mode=mode@entry=4, width=width@entry=-1,
height=height@entry=-1) at t4k_loaders.c:651
#7 0x00007febe0c2d98c in T4K_LoadSprite (name=name@entry=0x55b6034762a1
"comets/comet", mode=mode@entry=4) at t4k_loaders.c:646
#8 0x000055b60345b961 in load_image_data () at fileops_media.c:213
#9 0x000055b603448962 in load_data_files () at setup.c:759
#10 0x000055b6034497c5 in setup (argc=1, argv=0x7ffd7b8ae758) at setup.c:139
#11 0x000055b603447be9 in main (argc=<optimized out>, argv=<optimized out>) at
tuxmath.c:40
######################
benutzer@debian:~$ gdb -q --args tuxmath
Reading symbols from tuxmath...Reading symbols from
/usr/lib/debug/.build-id/8c/79729822c3b1b16ff78c5f9a8e9272dc6475a0.debug...done.
done.
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /home/benutzer/libt4k-common0/orig/t4kcommon-0.1.1/src
Source directories searched:
/home/benutzer/libt4k-common0/orig/t4kcommon-0.1.1/src:$cdir:$cwd
(gdb) directory /home/benutzer/librsvg2-2/orig/librsvg-2.44.9/librsvg
Source directories searched:
/home/benutzer/librsvg2-2/orig/librsvg-2.44.9/librsvg:/home/benutzer/libt4k-common0/orig/t4kcommon-0.1.1/src:$cdir:$cwd
(gdb) b load_svg_sprite
Function "load_svg_sprite" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (load_svg_sprite) pending.
(gdb) b rsvg_handle_get_desc
Function "rsvg_handle_get_desc" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 2 (rsvg_handle_get_desc) pending.
(gdb) run
Starting program: /usr/games/tuxmath
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Initializing Tux4Kids-Common 0.1.1
ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4555:(_snd_config_evaluate) function snd_func_card_driver
returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4555:(_snd_config_evaluate) function snd_func_concat returned
error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4555:(_snd_config_evaluate) function snd_func_refer returned
error: No such file or directory
ALSA lib conf.c:5034:(snd_config_expand) Evaluate error: No such file or
directory
ALSA lib pcm.c:2565:(snd_pcm_open_noupdate) Unknown PCM default
Warning: I could not set up audio for 44100 Hz 16-bit stereo.
The Simple DirectMedia error that occured was:
No available audio device
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
Breakpoint 1, load_svg_sprite (file_name=0x7ffff7b11b20 <tmp_path>
"/usr/share/tuxmath/images/comets/comet.svg", width=width@entry=-1,
height=height@entry=-1) at t4k_loaders.c:195
warning: Source file is more recent than executable.
195 {
(gdb) cont
Continuing.
(process:21878): librsvg-WARNING **: 22:18:49.261: element id="#default" does
not exist
Breakpoint 2, rsvg_handle_get_desc (handle=handle@entry=0x555555c8b080) at
librsvg/rsvg-handle.c:997
warning: Source file is more recent than executable.
997 g_return_val_if_fail (handle, NULL);
(gdb) list 984,1000
984 /**
985 * rsvg_handle_get_desc:
986 * @handle: An #RsvgHandle
987 *
988 * Returns: (nullable): This function always returns NULL.
989 *
990 * Since: 2.4
991 *
992 * Deprecated: 2.36
993 */
994 const char *
995 rsvg_handle_get_desc (RsvgHandle * handle)
996 {
997 g_return_val_if_fail (handle, NULL);
998
999 return NULL;
1000 }
(gdb) print handle->priv->desc->str
There is no member named desc.
(gdb) print handle->priv
$1 = (RsvgHandlePrivate *) 0x555555c8b000
(gdb) print *handle->priv
$2 = {flags = RSVG_HANDLE_FLAGS_NONE, hstate = RSVG_HANDLE_STATE_CLOSED_OK,
load = 0x0, size_func = 0x0, user_data = 0x0, user_data_destroy = 0x0, tree =
0x555555c8dd30, defs = 0x555555c6a740, css_styles = 0x555555638c40, cancellable
= 0x0, dpi_x = 90, dpi_y = 90, base_uri = 0x555555c8a910
"file:///usr/share/tuxmath/images/comets/comet.svg", base_gfile =
0x5555556148a0, in_loop = 0, is_testing = 0, font_config_for_testing = 0x0,
font_map_for_testing = 0x0}
(gdb) bt
#0 rsvg_handle_get_desc (handle=handle@entry=0x555555c8b080) at
librsvg/rsvg-handle.c:997
#1 0x00007ffff78f63b1 in load_svg_sprite (file_name=<optimized out>,
width=width@entry=-1, height=height@entry=-1) at t4k_loaders.c:217
#2 0x00007ffff78f752b in load_sprite (name=name@entry=0x5555555892a1
"comets/comet", mode=mode@entry=4, w=w@entry=-1, h=h@entry=-1,
proportional=proportional@entry=false) at t4k_loaders.c:714
#3 0x00007ffff78f7978 in T4K_LoadScaledSprite (name=name@entry=0x5555555892a1
"comets/comet", mode=mode@entry=4, width=width@entry=-1,
height=height@entry=-1) at t4k_loaders.c:651
#4 0x00007ffff78f798c in T4K_LoadSprite (name=name@entry=0x5555555892a1
"comets/comet", mode=mode@entry=4) at t4k_loaders.c:646
#5 0x000055555556e961 in load_image_data () at fileops_media.c:213
#6 0x000055555555b962 in load_data_files () at setup.c:759
#7 0x000055555555c7c5 in setup (argc=1, argv=0x7fffffffe628) at setup.c:139
#8 0x000055555555abe9 in main (argc=<optimized out>, argv=<optimized out>) at
tuxmath.c:40
export LANG=C
export DISPLAY=:0
gdb -q --args tuxmath
set width 0
set pagination off
directory /home/benutzer/libt4k-common0/orig/t4kcommon-0.1.1/src
directory /home/benutzer/librsvg2-2/orig/librsvg-2.44.9/librsvg
b load_svg_sprite
y
b rsvg_handle_get_desc
y
run
https://gitlab.gnome.org/GNOME/librsvg/commit/1006c2001d4775b6d5b20d5f77c5aea9ac280fcb
https://gitlab.gnome.org/GNOME/librsvg/blob/librsvg-2.42/librsvg/rsvg-handle.c#L772
https://github.com/tux4kids/t4kcommon/blob/master/src/t4k_loaders.c#L228
https://gitlab.gnome.org/GNOME/librsvg/blob/master/librsvg/rsvg-handle.c#L1007
