Package: tangogps
Version: 0.9.6-5
Severity: serious
Tags: patch
Hello,
tangogps segfaults when I try to load a log file.
I've recompiled it with "-O0 -g" to get a backtrace:
+++++++++++++++++++++++++++++++++++++++++++
/home/enrico/.tangogps/Maps/20090721_181312.log
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f3f79225780 (LWP 25051)]
0x00007f3f75c429bc in ?? () from /lib/libc.so.6
(gdb) where
#0 0x00007f3f75c429bc in ?? () from /lib/libc.so.6
#1 0x0000000000433597 in tracks_on_file_button_release_event (widget=0xb3ac90,
event=0xa868f0, user_data=0xae3990)
at tracks.c:146
#2 0x00007f3f78c88958 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#3 0x00007f3f76f7911d in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#4 0x00007f3f76f8cc2b in ?? () from /usr/lib/libgobject-2.0.so.0
#5 0x00007f3f76f8dead in g_signal_emit_valist () from
/usr/lib/libgobject-2.0.so.0
#6 0x00007f3f76f8e4f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#7 0x00007f3f78d9098e in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#8 0x00007f3f78c811f3 in gtk_propagate_event () from
/usr/lib/libgtk-x11-2.0.so.0
#9 0x00007f3f78c82313 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#10 0x00007f3f77ff5cbc in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#11 0x00007f3f76adef7a in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
#12 0x00007f3f76ae2640 in ?? () from /usr/lib/libglib-2.0.so.0
#13 0x00007f3f76ae2b0d in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#14 0x00007f3f78c82727 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#15 0x0000000000409780 in main (argc=1, argv=0x7fff813646e8) at main.c:62
(gdb)
The problem is here (src/tracks.c):
arr = g_strsplit(line, ",", 2);
lat_tmp = atof(arr[0]);
lon_tmp = atof(arr[1]);
g_strsplit returns a NULL-terminated array. If the string contains no
commas, arr[1] will be NULL. If the string is empty, arr[0] will also be
NULL. These should be checked.
In my case, the log file was truncated (maybe the openmoko ran out of
battery, whatever) and it ends with:
[...]
39.467490,-6.369044,438.5,0.9,192.5,1.6,2009-07-21T21:52:33Z
39.467490,-6.369044,438.5,0.9,192.5,1.6,2009-07-21T21:52:33Z
39.467468,-6.369055,438.4,2.1,206.1,1.6,2009-07-21T21:52:35Z
39.46746
The last line obviosuly trigger the issue.
The fix is just adding, after g_strsplit, something like this:
// Drop corrupted or incomplete lines
if (arr[0] == NULL || arr[1] == NULL) continue;
I made a patch and I have tested it. Please find it attached.
Ciao,
Enrico
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.29-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages tangogps depends on:
ii libatk1.0-0 1.26.0-1 The ATK accessibility toolkit
ii libc6 2.9-12 GNU C Library: Shared libraries
ii libcairo2 1.8.6-2+b1 The Cairo 2D vector graphics libra
ii libcurl3-gnutls 7.19.5-1 Multi-protocol file transfer libra
ii libexif12 0.6.17-1 library to parse EXIF files
ii libfontconfig1 2.6.0-4 generic font configuration library
ii libfreetype6 2.3.9-4.1 FreeType 2 font engine, shared lib
ii libgconf2-4 2.26.2-1 GNOME configuration database syste
ii libglib2.0-0 2.20.1-2 The GLib library of C routines
ii libgtk2.0-0 2.16.1-2 The GTK+ graphical user interface
ii libpango1.0-0 1.24.0-3+b1 Layout and rendering of internatio
ii libsqlite3-0 3.6.14.2-1 SQLite 3 shared library
Versions of packages tangogps recommends:
ii gpsd 2.39-2 GPS (Global Positioning System) da
Versions of packages tangogps suggests:
ii python 2.5.4-2 An interactive high-level object-o
-- no debconf information
diff -Naur tangogps-0.9.6.old/src/tracks.c tangogps-0.9.6/src/tracks.c
--- tangogps-0.9.6.old/src/tracks.c 2009-02-05 00:54:27.000000000 +0100
+++ tangogps-0.9.6/src/tracks.c 2009-07-23 16:37:37.000000000 +0200
@@ -139,7 +139,7 @@
trackpoint_t *tp = g_new0(trackpoint_t,1);
arr = g_strsplit(line, ",", 2);
-
+ if (arr[0] == NULL || arr[1] == NULL) continue;
lat_tmp = atof(arr[0]);
