Bug#471381: twinkle: segfault when closing log window

Mon Mar 17 20:55:36 UTC 2008

Package: twinkle
Version: 1:1.1-2+b2
Severity: important

Twinkle crashed when I pressed the Close button of the log window. I
had just done "Select All" and "Copy" from the context menu of the log
window.

The console output was as follows:

*** glibc detected *** twinkle: corrupted double-linked list: 0x0000000000df0e10 ***
======= Backtrace: =========
/lib/libc.so.6[0x2ac1c2d48603]
/lib/libc.so.6[0x2ac1c2d4a8c2]
/lib/libc.so.6(__libc_malloc+0x90)[0x2ac1c2d4c300]
/usr/lib/libqt-mt.so.3(_ZN11QTextEngineC1ERK7QStringP12QFontPrivate+0xdf)[0x2ac1c189924f]
/usr/lib/libqt-mt.so.3(_ZN8QPainter8drawTextEiiRK7QStringiiNS_13TextDirectionE+0x1a9)[0x2ac1c178a349]
/usr/lib/libqt-mt.so.3(_ZN14QTextParagraph10drawStringER8QPainterRK7QStringiiiiiiibiP15QTextStringCharRK11QColorGroupb+0x225)[0x2ac1c18647f5]
/usr/lib/libqt-mt.so.3(_ZN14QTextParagraph5paintER8QPainterRK11QColorGroupP11QTextCursorbiiii+0x40c)[0x2ac1c186b65c]
/usr/lib/libqt-mt.so.3(_ZN13QTextDocument13drawParagraphEP8QPainterP14QTextParagraphiiiiRP7QPixmapRK11QColorGroupbP11QTextCursorb+0x1cc)[0x2ac1c186c39c]
/usr/lib/libqt-mt.so.3(_ZN13QTextDocument4drawEP8QPainteriiiiRK11QColorGroupbbP11QTextCursorb+0x25d)[0x2ac1c186ccfd]
/usr/lib/libqt-mt.so.3(_ZN9QTextEdit13paintDocumentEbP8QPainteriiii+0x16c)[0x2ac1c1946dfc]
/usr/lib/libqt-mt.so.3(_ZN9QTextEdit12drawContentsEP8QPainteriiii+0x8e)[0x2ac1c195a98e]
/usr/lib/libqt-mt.so.3(_ZN11QScrollView18viewportPaintEventEP11QPaintEvent+0x2f7)[0x2ac1c190d967]
/usr/lib/libqt-mt.so.3(_ZN11QScrollView11eventFilterEP7QObjectP6QEvent+0x203)[0x2ac1c190ecd3]
/usr/lib/libqt-mt.so.3(_ZN9QTextEdit11eventFilterEP7QObjectP6QEvent+0x55)[0x2ac1c1958335]
/usr/lib/libqt-mt.so.3(_ZN7QObject16activate_filtersEP6QEvent+0x52)[0x2ac1c1816a22]
/usr/lib/libqt-mt.so.3(_ZN7QObject5eventEP6QEvent+0x27)[0x2ac1c1816a77]
/usr/lib/libqt-mt.so.3(_ZN7QWidget5eventEP6QEvent+0x23)[0x2ac1c1847ea3]
/usr/lib/libqt-mt.so.3(_ZN12QApplication14internalNotifyEP7QObjectP6QEvent+0xd3)[0x2ac1c17c19a3]
/usr/lib/libqt-mt.so.3(_ZN12QApplication6notifyEP7QObjectP6QEvent+0x5e)[0x2ac1c17c267e]
/usr/lib/libkdecore.so.4(_ZN12KApplication6notifyEP7QObjectP6QEvent+0x19d)[0x2ac1bfc45ead]
/usr/lib/libqt-mt.so.3(_ZN9QETWidget19translatePaintEventEPK7_XEvent+0x29c)[0x2ac1c175ed4c]
/usr/lib/libqt-mt.so.3(_ZN12QApplication15x11ProcessEventEP7_XEvent+0xc40)[0x2ac1c1768d70]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop13processEventsEj+0x569)[0x2ac1c1777aa9]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop9enterLoopEv+0x41)[0x2ac1c17d6051]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop4execEv+0x22)[0x2ac1c17d5f02]
twinkle[0x435d84]
twinkle[0x42a1e9]
/lib/libc.so.6(__libc_start_main+0xf4)[0x2ac1c2cf41c4]
twinkle(_ZN13QListViewItem10insertItemEPS_+0xf1)[0x424699]
======= Memory map: ========
00400000-007b4000 r-xp 00000000 fe:04 12638838                           /usr/bin/twinkle
009b3000-009b7000 rw-p 003b3000 fe:04 12638838                           /usr/bin/twinkle
009b7000-01139000 rw-p 009b7000 00:00 0                                  [heap]
40000000-40001000 ---p 40000000 00:00 0
40001000-40801000 rw-p 40001000 00:00 0
40801000-40802000 ---p 40801000 00:00 0
40802000-41002000 rw-p 40802000 00:00 0
41002000-41003000 ---p 41002000 00:00 0
41003000-41803000 rw-p 41003000 00:00 0
41803000-41804000 ---p 41803000 00:00 0
41804000-42004000 rw-p 41804000 00:00 0
42004000-42005000 ---p 42004000 00:00 0
42005000-42805000 rw-p 42005000 00:00 0
42805000-42806000 ---p 42805000 00:00 0
42806000-43006000 rw-p 42806000 00:00 0
43006000-43007000 ---p 43006000 00:00 0
43007000-43807000 rw-p 43007000 00:00 0
43807000-43808000 ---p 43807000 00:00 0
43808000-44008000 rw-p 43808000 00:00 0
44008000-44009000 ---p 44008000 00:00 0
44009000-44809000 rw-p 44009000 00:00 0
44809000-4480a000 ---p 44809000 00:00 0
4480a000-4500a000 rw-p 4480a000 00:00 0
4500a000-4500b000 ---p 4500a000 00:00 0
4500b000-4580b000 rw-p 4500b000 00:00 0
4580b000-4580c000 ---p 4580b000 00:00 0
4580c000-4600c000 rw-p 4580c000 00:00 0
4600c000-4600d000 ---p 4600c000 00:00 0
4600d000-4680d000 rw-p 4600d000 00:00 0
4680d000-4680e000 ---p 4680d000 00:00 0
4680e000-4700e000 rw-p 4680e000 00:00 0
2aaaaaaab000-2aaaaabe5000 r--p 00000000 fe:04 8484257                    /usr/lib/locale/locale-archive
2aaaaabe5000-2aaaaabeb000 r--s 00000000 fe:11 1316103                    /var/cache/fontconfig/93a0224a97eefd14bf0431950c6b7984-x86-64.cache-2
2aaaaabeb000-2aaaaabff000 r--s 00000000 fe:11 1316104                    /var/cache/fontconfig/865f88548240fee46819705c6468c165-x86-64.cache-2
2aaaaabff000-2aaaaac5b000 r--s 00000000 fe:11 1316066                    /var/cache/fontconfig/21a99156bb11811cef641abeda519a45-x86-64.cache-2
2aaaaac5b000-2aaaaac7c000 r--s 00000000 fe:11 1316070                    /var/cache/fontconfig/e13b20fdb08344e0e664864cc2ede53d-x86-64.cache-2
2aaaaac7c000-2aaaaac92000 r--s 00000000 fe:11 1316069                    /var/cache/fontconfig/cabbd14511b9e8a55e92af97fb3a0461-x86-64.cache-2
2aaaaac92000-2aaaaac98000 r--s 00000000 fe:11 1316075                    /var/cache/fontconfig/105b9c7e6f0a4f82d8c9b6e39c52c6f9-x86-64.cache-2
2aaaaac98000-2aaaaaca1000 r--s 00000000 fe:11 1316093                    /var/cache/fontconfig/d52a8644073d54c13679302cKCrash: Application 'twinkle' crashing...

Stacktrace:

(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 0x2ac1c89a0e70 (LWP 2533)]
[New Thread 0x4580a950 (LWP 2783)]
[New Thread 0x44808950 (LWP 2600)]
[New Thread 0x44007950 (LWP 2599)]
[New Thread 0x43806950 (LWP 2598)]
[New Thread 0x43005950 (LWP 2597)]
[New Thread 0x42804950 (LWP 2596)]
[New Thread 0x42003950 (LWP 2595)]
[New Thread 0x41802950 (LWP 2594)]
[New Thread 0x41001950 (LWP 2593)]
[New Thread 0x40800950 (LWP 2592)]
[KCrash handler]
#5  0x00002ac1c2d08025 in raise () from /lib/libc.so.6
#6  0x00002ac1c2d09a80 in abort () from /lib/libc.so.6
#7  0x00002ac1c2d42a1b in __libc_message () from /lib/libc.so.6
#8  0x00002ac1c2d48603 in malloc_consolidate () from /lib/libc.so.6
#9  0x00002ac1c2d4a8c2 in _int_malloc () from /lib/libc.so.6
#10 0x00002ac1c2d4c300 in malloc () from /lib/libc.so.6
#11 0x00002ac1c189924f in QTextEngine (this=0x7fffec4f3910, 
    str=<value optimized out>, f=<value optimized out>)
    at kernel/qtextengine.cpp:907
#12 0x00002ac1c178a349 in QPainter::drawText (this=0xf0ab30, x=4, y=13, 
    str=@0x7fffec4f3e60, pos=<value optimized out>, len=180, 
    dir=QPainter::LTR) at kernel/qpainter_x11.cpp:3045
#13 0x00002ac1c18647f5 in QTextParagraph::drawString (this=0xee4880, 
    painter=@0xf0ab30, str=@0x7fffec4f3e60, start=0, len=180, xstart=4, y=0, 
    baseLine=13, w=1191, h=16, drawSelections=false, fullSelectionWidth=0, 
    formatChar=0xdaa3f0, cg=@0x7fffec4f41b0, rightToLeft=false)
    at kernel/qrichtext.cpp:4801
#14 0x00002ac1c186b65c in QTextParagraph::paint (this=0xee4880, 
    painter=@0xf0ab30, cg=@0x7fffec4f41b0, cursor=0x0, drawSelections=false, 
    clipx=105, clipy=88, clipw=312, cliph=171) at kernel/qrichtext.cpp:4680
#15 0x00002ac1c186c39c in QTextDocument::drawParagraph (this=0x7fffec4f3f70, 
    p=0x7fffec4f4280, parag=0xee4880, cx=105, cy=88, cw=312, ch=171, 
    doubleBuffer=@0x7fffec4f4078, cg=@0x7fffec4f41b0, drawCursor=false, 
    cursor=0x0, resetChanged=true) at kernel/qrichtext.cpp:3240
#16 0x00002ac1c186ccfd in QTextDocument::draw (this=0xa90c80, 
    p=0x7fffec4f4280, cx=105, cy=88, cw=312, ch=171, cg=@0x7fffec4f41b0, 
    onlyChanged=false, drawCursor=false, cursor=0xdef680, resetChanged=true)
    at kernel/qrichtext.cpp:3300
#17 0x00002ac1c1946dfc in QTextEdit::paintDocument (this=0xa8e9a0, 
    drawAll=true, p=0x7fffec4f4280, cx=105, cy=88, cw=312, ch=171)
    at widgets/qtextedit.cpp:1059
#18 0x00002ac1c195a98e in QTextEdit::drawContents (this=0x9e5, 
    p=0x7fffec4f4280, cx=105, cy=88, cw=312, ch=171)
    at widgets/qtextedit.cpp:1081
#19 0x00002ac1c190d967 in QScrollView::viewportPaintEvent (this=0xa8e9a0, 
    pe=0x7fffec4f49a0) at widgets/qscrollview.cpp:1709
#20 0x00002ac1c190ecd3 in QScrollView::eventFilter (this=0xa8e9a0, 
    obj=0xa8f900, e=0x7fffec4f49a0) at widgets/qscrollview.cpp:1492
#21 0x00002ac1c1958335 in QTextEdit::eventFilter (this=0xa8e9a0, o=0xa8f900, 
    e=0x7fffec4f49a0) at widgets/qtextedit.cpp:3030
#22 0x00002ac1c1816a22 in QObject::activate_filters (this=0xa8f900, 
    e=0x7fffec4f49a0) at kernel/qobject.cpp:906
#23 0x00002ac1c1816a77 in QObject::event (this=0xa8f900, e=0x7fffec4f49a0)
    at kernel/qobject.cpp:738
#24 0x00002ac1c1847ea3 in QWidget::event (this=0x9e5, e=0x9e5)
    at kernel/qwidget.cpp:4681
#25 0x00002ac1c17c19a3 in QApplication::internalNotify (
    this=<value optimized out>, receiver=0xa8f900, e=0x7fffec4f49a0)
    at kernel/qapplication.cpp:2638
#26 0x00002ac1c17c267e in QApplication::notify (this=0x9cfc40, 
    receiver=0xa8f900, e=0x7fffec4f49a0) at kernel/qapplication.cpp:2526
#27 0x00002ac1bfc45ead in KApplication::notify (this=0x9cfc40, 
    receiver=0xa8f900, event=0x7fffec4f49a0)
    at /tmp/buildd/kdelibs-3.5.9.dfsg.1/./kdecore/kapplication.cpp:550
#28 0x00002ac1c175ed4c in QETWidget::translatePaintEvent (this=0xa8f900, 
    event=<value optimized out>) at kernel/qapplication.h:526
#29 0x00002ac1c1768d70 in QApplication::x11ProcessEvent (this=0x9cfc40, 
    event=0x7fffec4f4cd0) at kernel/qapplication_x11.cpp:3546
#30 0x00002ac1c1777aa9 in QEventLoop::processEvents (this=0xa01970, flags=4)
    at kernel/qeventloop_x11.cpp:195
#31 0x00002ac1c17d6051 in QEventLoop::enterLoop (this=0x9e5)
    at kernel/qeventloop.cpp:201
#32 0x00002ac1c17d5f02 in QEventLoop::exec (this=0x9e5)
    at kernel/qeventloop.cpp:148
#33 0x0000000000435d84 in ?? ()
#34 0x000000000042a1e9 in ?? ()
#35 0x00002ac1c2cf41c4 in __libc_start_main () from /lib/libc.so.6
#36 0x0000000000424699 in ?? ()
#37 0x00007fffec4f5d78 in ?? ()
#38 0x0000000000000000 in ?? ()

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-melech (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages twinkle depends on:
ii  kdelibs4c2a            4:3.5.9.dfsg.1-2  core libraries and binaries for al
ii  libasound2             1.0.16-1          ALSA library
ii  libboost-regex1.34.1   1.34.1-7          regular expression library for C++
ii  libc6                  2.7-6             GNU C Library: Shared libraries
ii  libccrtp1-1.6-0        1.6.0-1+b1        Common C++ class framework for RTP
ii  libcommoncpp2-1.6-0    1.6.0-1           A GNU package for creating portabl
ii  libgcc1                1:4.3.0~rc2-1     GCC support library
ii  libgsm1                1.0.12-1          Shared libraries for GSM speech co
ii  libqt3-mt              3:3.3.8b-4        Qt GUI Library (Threaded runtime v
ii  libsndfile1            1.0.17-4          Library for reading/writing audio 
ii  libspeex1              1.1.12-3          The Speex Speech Codec
ii  libstdc++6             4.3.0~rc2-1       The GNU Standard C++ Library v3
ii  libx11-6               2:1.0.3-7         X11 client-side library
ii  libxext6               2:1.0.4-1         X11 miscellaneous extension librar
ii  libxml2                2.6.31.dfsg-1     GNOME XML library
ii  libzrtpcpp-0.9.2deb0   0.9.2-3+b1        ccrtp extension for zrtp/Zfone sup
ii  zlib1g                 1:1.2.3.3.dfsg-11 compression library - runtime

twinkle recommends no packages.

-- no debconf information