[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Blocage gnome suite à màj lenny

Le problème n'est pas isolé à Lenny (cf. #496178, #496190, #496311).
Il semble que la libxml2 ne soit pas le problème, mais qu'elle fasse
apparaitre d'autres bug dans la libsvg.

Une entrée a été ouverte dans le BTS (#496125) :

> Bug#496125: libxml2: security fix does double free / segfaults (breaks
> Gnome apps)
> Reported by: Christian Jaeger <christian@jaeger.mine.nu>
> Date: Fri, 22 Aug 2008 20:12:02 UTC
> Severity: grave
> Tags: confirmed
> Merged with 496178, 496190, 496311
> Bug#496178: debian lenny: after upgrade, gdm failed to start
> Bug#496190: gnome-panel: Memory corruption
> Bug#496311: gdmgreeter, gnome-panel, metacity .... segfault at c ip
> b74750a0 sp bfb43480 error 4 in libc-2.7.so
> Found in version 2.6.32.dfsg-2+lenny1

On pouvait lire sur la liste debian-bugs-rc :

On Sun, Aug 24, 2008 at 09:27:50AM +0200, Christian Jaeger wrote:
> Mike Hommey wrote:
> > Now, try changing your gnome theme and re-run galeon ; if i'm
> > correct, it shouldn't crash. Can you tell me what package this svg
> > file belongs to ?   
> Yes, the segfaults happen only in the "Gorilla" and "Wasp" themes
> (apps
> did start when running the Amaranth, Clearlooks, Crux, Glider, Glossy,
> Industrial, Lush, Mist, Nuvola, SphereCrystal themes).
> With Gorilla the svg file in question is
> /usr/share/icons/Gorilla/scalable/actions/gtk-jump-to-ltr.svg
> What this file does *not* share with the one from the Wasp theme, is
> that xmllint not even outputs a warning.
> Not sure what to conclude from this. Except that it might be a bug in
> one of these packages:
> $ dpkgS /usr/lib/librsvg-2.so.2
> librsvg2-2: /usr/lib/librsvg-2.so.2.22.2
> $ dpkgS /usr/lib/gtk-2.0/2.10.0/loaders/svg_loader.so
> librsvg2-common: /usr/lib/gtk-2.0/2.10.0/loaders/svg_loader.so

So... the culprit is just librsvg that creates xmlEntity objects not
through the API, but by malloc'ing a buffer of sizeof(xmlEntity).
This struct has gained a member in the security update, breaking rsvg's

A BinNMU of librsvg against libxml2-dev 2.6.32.dfsg-2+lenny1 should
solve the issue (and won't break compatibility with older libxml2, since
older libxml2 will be happy with a too big buffer)

I can confirm that installing a librsvg from lenny rebuilt against the
new libxml2-dev works.

# installing rebuilt librsvg2-2, librsvg2-bin, librsvg2-common,
# librsvg2-dev

eog, galeon and gnome-appearance-properties don't segfault anymore
(interestingly, now I also couldn't get galeon to segfault on quit
anymore on quit so far!).

>Take a look at the backtrace, it doesn't involve libxml2.

Yes sure. And that segfault happened with the *non*-problematic libxml2
version. I should have been a little more clear: my whole point there
was that *another* change than the one in libxml2 might have introduced
a problem, which is just exhibited by the new libxml2. As we don't know
whether it's libxml2's fault or the fault of another library, I have to
mention every other breakage, too.

Now you may be right and it's not "related" to libxml2 in the sense that
libxml2 might not be at fault for those issues, *but* those segfaults
might be very well related in the sense that they might lead us to the
very same cause leading to the segfaults we see inside libxml2. So your
conclusion to not further look at those crashes can't be definitive
(with our current knowledge).

I'm running etch and it seems like it is being affected by this bug
also. Just after updating libxml2 to 2.6.27.dfsg-3 I was unable to open
any files with eog, nor eog alone. No error messages when run from the
command line, no pop ups. Upon rebooting gdm started but when starting
gnome, it would hang for a little while at starting the window manager,
and then stop with the top and bottom panels drawn with nothing in them,
no menus, icons, or applets, just blank panels. No response from the

Downgrading from 2.6.27.dfsg-3 back to 2.6.27.dfsg-2 fixed the problem.

Stéphane Aulery                            Melius est parum cum justitia
<lkppo@free.fr>                        Quam multi fructus cum iniquitate
                                                             (Pr. XV, 8)

Reply to: