On Mon, 19 Apr 2021 16:31:34 +0200 =?UTF-8?Q?Bernhard_=c3=9cbelacker?= <bernha...@mailbox.org> wrote: > Dear Maintainer, > I tried to have a look and I could reproduce the crash [1]. > > I think this is caused by a call to gtk_list_store_set > in totem_playlist_steal_current_starttime [2]. > There a variadic argument list contains a plain 0, > which might occupy just 32 bit, but gets later interpreted > as gint64, therefore the terminating -1 gets overrun. > > A totem package rebuilt with attached patch does not show > the crash inside the test VM. > > Kind regards, > Bernhard
Could you submit a MR upstream for your 32 bits arch patch for totem (critical to armhf use)? https://gitlab.gnome.org/GNOME/totem/-/issues The issue is still there https://gitlab.gnome.org/GNOME/totem/-/blob/master/src/totem-playlist.c?ref_type=heads#L1734 > > [1] > (gdb) bt > #0 strlen () at ../sysdeps/arm/armv6t2/strlen.S:126 > #1 0xb6e82878 in g_strdup (str=0x63fca6aa <error: Cannot access memory at address 0x63fca6aa>) at ../../../glib/gstrfuncs.c:363 > #2 0xb6f47144 in value_collect_string (value=0xbeffee60, n_collect_values=<optimized out>, collect_values=<optimized out>, collect_flags=<optimized out>) at ../../../gobject/gvaluetypes.c:293 > #3 0xb680a3be in gtk_list_store_set_valist_internal (list_store=list_store@entry=0xa0b4c8, iter=iter@entry=0xbeffef44, emit_signal=emit_signal@entry=0xbeffeefc, maybe_need_sort=maybe_need_sort@entry=0xbeffef00, var_args=..., var_args@entry=...) at ../../../../gtk/gtkliststore.c:1033 > #4 0xb680ab52 in gtk_list_store_set_valist (list_store=0xa0b4c8, iter=iter@entry=0xbeffef44, var_args=..., var_args@entry=...) at ../../../../gtk/gtkliststore.c:1137 > #5 0xb680ac1a in gtk_list_store_set (list_store=<optimized out>, iter=0xbeffef44) at ../../../../gtk/gtkliststore.c:1179 > #6 0xb6f91c40 in totem_playlist_steal_current_starttime (playlist=0xa1e100) at ../src/totem-playlist.c:1790 > #7 0xb6f8b590 in update_seekable (totem=0x450140) at ../src/totem-object.c:2524 > #8 property_notify_cb_seekable (bvw=<optimized out>, spec=<optimized out>, totem=0x450140) at ../src/totem-object.c:2616 > #9 0xb6f2b252 in g_closure_invoke (closure=0x6e7048, return_value=return_value@entry=0x0, n_param_values=2, param_values=param_values@entry=0xbefff090, invocation_hint=invocation_hint@entry=0xbefff00c) at ../../../gobject/gclosure.c:810 > #10 0xb6f38768 in signal_emit_unlocked_R (node=node@entry=0x448800, detail=105, instance=0xa6e290, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0xbefff090) at ../../../gobject/gsignal.c:3739 > #11 0xb6f3ce12 in g_signal_emit_valist (instance=instance@entry=0xa6e290, signal_id=signal_id@entry=1, detail=detail@entry=3204444612, var_args=..., var_args@entry=...) at ../../../gobject/gsignal.c:3495 > #12 0xb6f3d0a2 in g_signal_emit (instance=instance@entry=0xa6e290, signal_id=signal_id@entry=1, detail=105) at ../../../gobject/gsignal.c:3551 > #13 0xb6f2e33e in g_object_dispatch_properties_changed (object=0xa6e290, n_pspecs=1, pspecs=<optimized out>) at ../../../gobject/gobject.c:1206 > #14 0xb6f2faac in g_object_notify_by_spec_internal (pspec=<optimized out>, object=0xa6e290) at ../../../gobject/gobject.c:1299 > #15 g_object_notify (object=0xa6e290, property_name=<optimized out>) at ../../../gobject/gobject.c:1347 > #16 0xb6f9b9ec in got_time_tick (time_nanos=<optimized out>, bvw=bvw@entry=0xa6e290, play=<optimized out>) at ../src/backend/bacon- video-widget.c:2614 > #17 0xb6f9ca02 in bvw_query_timeout (bvw=bvw@entry=0xa6e290) at ../src/backend/bacon-video-widget.c:2830 > #18 0xb6fa0792 in bvw_bus_message_cb (bus=<optimized out>, message=<optimized out>, bvw=0xa6e290) at ../src/backend/bacon-video- widget.c:2485 > #19 0xb6f2d2e8 in g_cclosure_marshal_VOID__BOXEDv (closure=0xaaf750, return_value=<optimized out>, instance=0x9f8bf0, args=..., marshal_data=0x0, n_params=1, param_types=0x7d1118) at ../../../gobject/gmarshal.c:1686 > #20 0xb6f2b3d8 in _g_closure_invoke_va (closure=closure@entry=0xaaf750, return_value=0x0, instance=0x9f8bf0, instance@entry=0x0, args=..., args@entry=..., n_params=n_params@entry=1, param_types=0x7d1118) at ../../../gobject/gclosure.c:873 > #21 0xb6f3cef6 in g_signal_emit_valist (instance=0x0, instance@entry=0x9f8bf0, signal_id=<optimized out>, detail=0, detail@entry=3204445364, var_args=..., var_args@entry=...) at ../../../gobject/gsignal.c:3404 > #22 0xb6f3d0a2 in g_signal_emit (instance=instance@entry=0x9f8bf0, signal_id=<optimized out>, detail=289) at ../../../gobject/gsignal.c:3551 > #23 0xb64b1420 in gst_bus_async_signal_func (bus=0x9f8bf0, message=0xa5405068, data=<optimized out>) at ../gst/gstbus.c:1295 > #24 0xb64b2008 in gst_bus_source_dispatch (source=0xa8a388, callback=0xb64b13e5 <gst_bus_async_signal_func>, user_data=0x0) at ../gst/gstbus.c:851 > #25 0xb6e6bf4c in g_main_dispatch (context=0x46e678) at ../../../glib/gmain.c:3325 > #26 g_main_context_dispatch (context=context@entry=0x46e678) at ../../../glib/gmain.c:4043 > #27 0xb6e6c1e0 in g_main_context_iterate (context=context@entry=0x46e678, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4119 > #28 0xb6e6c25a in g_main_context_iteration (context=context@entry=0x46e678, may_block=may_block@entry=1) at ../../../glib/gmain.c:4184 > #29 0xb6d990a6 in g_application_run (application=0x450140, argc=<optimized out>, argv=0xbefff754) at ../../../gio/gapplication.c:2559 > #30 0x00401160 in main (argc=<optimized out>, argv=<optimized out>) at ../src/totem.c:83 > > > [2] > https://sources.debian.org/src/totem/3.38.0-2/src/totem-playlist.c/#L1790 > https://gitlab.gnome.org/GNOME/totem/-/commit/159e5ae4e884d85d149bd06866a156935eb43d74.patch > 1790 gtk_list_store_set (GTK_LIST_STORE (playlist- >priv->model), > 1791 &iter, > 1792 STARTTIME_COL, 0, > 1793 -1);
