Hi, I was able to obtain the following backtrace using a libtotem-plparser12 compiled with optimizations disabled:
#0 0xb7ea879f in lexer_get_token (tok=0x94a1fe78 "\r\n ", tok_size=65536) at xmllexer.c:154 #1 0xb7ea7c5b in xml_parser_get_node_internal (current_node=0x8a89590, root_names=0x94abffe4, rec=3, flags=3) at xmlparser.c:242 #2 0xb7ea7779 in xml_parser_get_node_internal (current_node=0x8a87cc0, root_names=0x94abffe4, rec=2, flags=3) at xmlparser.c:334 #3 0xb7ea7779 in xml_parser_get_node_internal (current_node=0x8a87c88, root_names=0x94abffe4, rec=1, flags=3) at xmlparser.c:334 #4 0xb7ea7779 in xml_parser_get_node_internal (current_node=0x895ed98, root_names=0x94abffe4, rec=0, flags=3) at xmlparser.c:334 #5 0xb7ea7cc9 in xml_parser_get_node (current_node=0x895ed98, flags=3) at xmlparser.c:628 #6 0xb7ea7cfb in xml_parser_build_tree_with_options (root_node=0x94ac00c4, flags=3) at xmlparser.c:636 #7 0xb7e9d2a0 in totem_pl_parser_parse_xml_relaxed (contents=0x8a9e818 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<rss xmlns:itunes=\"http://www.itunes.com/dtds/podcast-1.0.dtd\"; version=\"2.0\">\r\n\r\n <channel> \r\n <title>SALT - Seminars About Long Term Thinking</title>\r\n "..., size=53662) at totem-pl-parser.c:1682 #8 0xb7ea354a in totem_pl_parser_add_rss (parser=0xb4575250, file=0xb4362bc0, base_file=0x8747738, parse_data=0x94ac0214, data=0x88167e8) at totem-pl-parser-podcast.c:249 #9 0xb7e9df53 in totem_pl_parser_parse_internal (parser=0xb4575250, file=0xb4362bc0, base_file=0x8747738, parse_data=0x94ac0214) at totem-pl-parser.c:1865 #10 0xb7e9e7a6 in totem_pl_parser_parse_with_base (parser=0xb4575250, uri=0xb2fc7ef0 "http://longnow.org/projects/seminars/SALT.xml";, base=0x0, fallback=0) at totem-pl-parser.c:2048 #11 0xb7e9e9e1 in totem_pl_parser_parse (parser=0xb4575250, uri=0xb2fc7ef0 "http://longnow.org/projects/seminars/SALT.xml";, fallback=0) at totem-pl-parser.c:2130 #12 0xb7f1eedb in rb_podcast_parse_load_feed () from /usr/lib/librhythmbox-core.so.0 #13 0xb7f21054 in ?? () from /usr/lib/librhythmbox-core.so.0 #14 0xb73316bf in ?? () from /usr/lib/libglib-2.0.so.0 #15 0xb73d14b5 in start_thread () from /lib/i686/cmov/libpthread.so.0 #16 0xb723ba5e in clone () from /lib/i686/cmov/libc.so.6 Line 154 of xmllexer.c is c = lexbuf[lexbuf_pos]; Here are the values of the interesting variables: (gdb) p lexbuf $6 = 0xb3a7e008 <Address 0xb3a7e008 out of bounds> (gdb) p lexbuf_pos $7 = 1659 lexbuf is a private, global variable. If Rhythmbox is trying to parse multiple podcasts simultaneously, this would cause a race condition for this variable. Is totem-pl-parser supposed to be thread-safe? -- Matt Kraai http://ftbfs.org/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
