| 2017-10-29 09:25:56 |
Martin Rosenau |
bug |
|
|
added bug |
| 2017-10-29 09:27:36 |
Martin Rosenau |
description |
Symptom:
When selecting a part of the image and performing Edit -> Copy gnome-paint crashes with SIGSEGV.
Analysis of the disassembly:
If a C function is not declared (e.g. in an #include file) the compilers assume the function returns a 32-bit integer. Some other (64-bit) compilers seem to assume a 64-bit return value.
The function "gp_selection_get_pixbuf()" is used by the function "Edit -> Copy" but it is not declared in any #include file (nor in the .c file where it is used).
The function returns a pointer (64-bit).
The compiler which was used to compile the binaries distributed with Ubuntu 17.10 seem to be one of the compilers assuming a signed 32-bit integer.
Therefore the compiler will sign-extend the value returned by "gp_selection_get_pixbuf()" to 64 bits (instead of using the 64-bit pointer)!
The result will be an invalid pointer and therefore a SIGSEGV when this pointer is used.
Disassembly for reference:
18dc0 <on_menu_copy_activate@@Base>:
18dc0: 55 push %rbp
18dc1: 53 push %rbx
...
18e55: 48 89 c5 mov %rax,%rbp
18e58: 31 c0 xor %eax,%eax
18e5a: e8 51 1a 00 00 callq 1a8b0 <gp_selection_get_pixbuf@@Base>
18e5f: 48 89 ee mov %rbp,%rsi
# This line must be "mov %eax,%rdi" (48 89 C7):
18e62: 48 63 f8 movslq %eax,%rdi
18e65: e8 b6 23 ff ff callq b220 <g_type_check_instance_cast@plt>
...
To check if this is really the problem I replaced the bytes 0x63 F8 by the bytes 0x89 C7 in the file /usr/bin/gnome-paint using a hex-editor.
Result: After this patch Edit -> Copy works without problems.
A really correct solution was to add the function "gp_selection_get_pixbuf()" to a header file and to re-compile. |
Symptom:
When selecting a part of the image and performing Edit -> Copy gnome-paint crashes with SIGSEGV.
Analysis of the disassembly:
If a C function is not declared (e.g. in an #include file) many compilers assume the function returns a 32-bit integer. Some other (64-bit) compilers seem to assume a 64-bit return value.
The function "gp_selection_get_pixbuf()" is used by the function "Edit -> Copy" but it is not declared in any #include file (nor in the .c file where it is used).
The function returns a pointer (64-bit).
The compiler which was used to compile the binaries distributed with Ubuntu 17.10 seem to be one of the compilers assuming a signed 32-bit integer.
Therefore the compiler will sign-extend the value returned by "gp_selection_get_pixbuf()" to 64 bits (instead of using the 64-bit pointer)!
The result will be an invalid pointer and therefore a SIGSEGV when this pointer is used.
Disassembly for reference:
18dc0 <on_menu_copy_activate@@Base>:
18dc0: 55 push %rbp
18dc1: 53 push %rbx
...
18e55: 48 89 c5 mov %rax,%rbp
18e58: 31 c0 xor %eax,%eax
18e5a: e8 51 1a 00 00 callq 1a8b0 <gp_selection_get_pixbuf@@Base>
18e5f: 48 89 ee mov %rbp,%rsi
# This line must be "mov %eax,%rdi" (48 89 C7):
18e62: 48 63 f8 movslq %eax,%rdi
18e65: e8 b6 23 ff ff callq b220 <g_type_check_instance_cast@plt>
...
To check if this is really the problem I replaced the bytes 0x63 F8 by the bytes 0x89 C7 in the file /usr/bin/gnome-paint using a hex-editor.
Result: After this patch Edit -> Copy works without problems.
A really correct solution was to add the function "gp_selection_get_pixbuf()" to a header file and to re-compile. |
|
| 2017-10-29 09:28:59 |
Martin Rosenau |
description |
Symptom:
When selecting a part of the image and performing Edit -> Copy gnome-paint crashes with SIGSEGV.
Analysis of the disassembly:
If a C function is not declared (e.g. in an #include file) many compilers assume the function returns a 32-bit integer. Some other (64-bit) compilers seem to assume a 64-bit return value.
The function "gp_selection_get_pixbuf()" is used by the function "Edit -> Copy" but it is not declared in any #include file (nor in the .c file where it is used).
The function returns a pointer (64-bit).
The compiler which was used to compile the binaries distributed with Ubuntu 17.10 seem to be one of the compilers assuming a signed 32-bit integer.
Therefore the compiler will sign-extend the value returned by "gp_selection_get_pixbuf()" to 64 bits (instead of using the 64-bit pointer)!
The result will be an invalid pointer and therefore a SIGSEGV when this pointer is used.
Disassembly for reference:
18dc0 <on_menu_copy_activate@@Base>:
18dc0: 55 push %rbp
18dc1: 53 push %rbx
...
18e55: 48 89 c5 mov %rax,%rbp
18e58: 31 c0 xor %eax,%eax
18e5a: e8 51 1a 00 00 callq 1a8b0 <gp_selection_get_pixbuf@@Base>
18e5f: 48 89 ee mov %rbp,%rsi
# This line must be "mov %eax,%rdi" (48 89 C7):
18e62: 48 63 f8 movslq %eax,%rdi
18e65: e8 b6 23 ff ff callq b220 <g_type_check_instance_cast@plt>
...
To check if this is really the problem I replaced the bytes 0x63 F8 by the bytes 0x89 C7 in the file /usr/bin/gnome-paint using a hex-editor.
Result: After this patch Edit -> Copy works without problems.
A really correct solution was to add the function "gp_selection_get_pixbuf()" to a header file and to re-compile. |
Symptom:
When selecting a part of the image and performing Edit -> Copy gnome-paint crashes with SIGSEGV.
Analysis of the disassembly:
If a C function is not declared (e.g. in an #include file) many compilers assume the function returns a 32-bit integer. Some other (64-bit) compilers seem to assume a 64-bit return value.
The function "gp_selection_get_pixbuf()" is used by the function "Edit -> Copy" but it is not declared in any #include file (nor in the .c file where it is used).
The function returns a pointer (64-bit).
The compiler which was used to compile the binaries distributed with Ubuntu 17.10 seem to be one of the compilers assuming a signed 32-bit integer.
Therefore the compiler will sign-extend the value returned by "gp_selection_get_pixbuf()" to 64 bits (instead of using the 64-bit pointer)!
The result will be an invalid pointer and therefore a SIGSEGV when this pointer is used.
Disassembly for reference:
18dc0 <on_menu_copy_activate@@Base>:
18dc0: 55 : push %rbp
18dc1: 53 : push %rbx
...
18e55: 48 89 c5 : mov %rax,%rbp
18e58: 31 c0 : xor %eax,%eax
18e5a: e8 51 1a 00 00 : callq <gp_selection_get_pixbuf@@Base>
18e5f: 48 89 ee : mov %rbp,%rsi
# This line must be "mov %eax,%rdi" (48 89 C7):
18e62: 48 63 f8 : movslq %eax,%rdi
18e65: e8 b6 23 ff ff : callq <g_type_check_instance_cast@plt>
...
To check if this is really the problem I replaced the bytes 0x63 F8 by the bytes 0x89 C7 in the file /usr/bin/gnome-paint using a hex-editor.
Result: After this patch Edit -> Copy works without problems.
A really correct solution was to add the function "gp_selection_get_pixbuf()" to a header file and to re-compile. |
|
| 2017-10-29 09:30:07 |
Martin Rosenau |
description |
Symptom:
When selecting a part of the image and performing Edit -> Copy gnome-paint crashes with SIGSEGV.
Analysis of the disassembly:
If a C function is not declared (e.g. in an #include file) many compilers assume the function returns a 32-bit integer. Some other (64-bit) compilers seem to assume a 64-bit return value.
The function "gp_selection_get_pixbuf()" is used by the function "Edit -> Copy" but it is not declared in any #include file (nor in the .c file where it is used).
The function returns a pointer (64-bit).
The compiler which was used to compile the binaries distributed with Ubuntu 17.10 seem to be one of the compilers assuming a signed 32-bit integer.
Therefore the compiler will sign-extend the value returned by "gp_selection_get_pixbuf()" to 64 bits (instead of using the 64-bit pointer)!
The result will be an invalid pointer and therefore a SIGSEGV when this pointer is used.
Disassembly for reference:
18dc0 <on_menu_copy_activate@@Base>:
18dc0: 55 : push %rbp
18dc1: 53 : push %rbx
...
18e55: 48 89 c5 : mov %rax,%rbp
18e58: 31 c0 : xor %eax,%eax
18e5a: e8 51 1a 00 00 : callq <gp_selection_get_pixbuf@@Base>
18e5f: 48 89 ee : mov %rbp,%rsi
# This line must be "mov %eax,%rdi" (48 89 C7):
18e62: 48 63 f8 : movslq %eax,%rdi
18e65: e8 b6 23 ff ff : callq <g_type_check_instance_cast@plt>
...
To check if this is really the problem I replaced the bytes 0x63 F8 by the bytes 0x89 C7 in the file /usr/bin/gnome-paint using a hex-editor.
Result: After this patch Edit -> Copy works without problems.
A really correct solution was to add the function "gp_selection_get_pixbuf()" to a header file and to re-compile. |
Symptom:
When selecting a part of the image and performing Edit -> Copy gnome-paint crashes with SIGSEGV.
Analysis of the disassembly:
If a C function is not declared (e.g. in an #include file) many compilers assume the function returns a 32-bit integer. Some other (64-bit) compilers seem to assume a 64-bit return value.
The function "gp_selection_get_pixbuf()" is used by the function "Edit -> Copy" but it is not declared in any #include file (nor in the .c file where it is used).
The function returns a pointer (64-bit).
The compiler which was used to compile the binaries distributed with Ubuntu 17.10 seem to be one of the compilers assuming a signed 32-bit integer.
Therefore the compiler will sign-extend the value returned by "gp_selection_get_pixbuf()" to 64 bits (instead of using the 64-bit pointer)!
The result will be an invalid pointer and therefore a SIGSEGV when this pointer is used.
Disassembly for reference:
18dc0 <on_menu_copy_activate@@Base>:
18dc0: 55 : push %rbp
18dc1: 53 : push %rbx
...
18e55: 48 89 c5 : mov %rax,%rbp
18e58: 31 c0 : xor %eax,%eax
18e5a: e8 51 1a 00 00 : callq <gp_selection_get_pixbuf@@Base>
18e5f: 48 89 ee : mov %rbp,%rsi
# This line must be "mov %eax,%rdi" (48 89 C7):
18e62: 48 63 f8 : movslq %eax,%rdi
18e65: e8 b6 23 ff ff : callq <g_type_check_instance_cast@plt>
...
To check if this is really the problem I replaced the bytes 0x63 F8 by the bytes 0x89 C7 in the file /usr/bin/gnome-paint using a hex-editor.
Result: After this patch Edit -> Copy works without problems.
A really correct solution would be adding the function "gp_selection_get_pixbuf()" to a header file and re-compiling. |
|
