liferea icon indicating copy to clipboard operation
liferea copied to clipboard
verified publisher icon lwindolf

liferea 1.12.5 crashes with SIGSEGV after clicking "Next Unread Item" when nothing is selected

Open Suedkiez opened this issue 7 years ago • 4 comments

  1. Launch Liferea
  2. Ensure that nothing is selected in feed tree
  3. Click "Next Unread Item" -> Crash

SegvAnalysis: Segfault happened at: 0x5592270a2157: mov 0x38(%rax),%rsi PC (0x5592270a2157) ok source "0x38(%rax)" (0x00000038) not located in a known VMA region (needed readable region)! destination "%rsi" ok SegvReason: reading NULL VMA Signal: 11

StacktraceTop: feedlist_collect_unread (node=0x5592287f09e0, user_data=0x7ffdcb8140a0) at feedlist.c:499 node_foreach_child_full (node=, func=0x5592270a2100 <feedlist_collect_unread>, params=1, user_data=0x7ffdcb8140a0) at node.c:572 node_foreach_child_full (node=, func=0x5592270a2100 <feedlist_collect_unread>, params=1, user_data=0x7ffdcb8140a0) at node.c:572 feedlist_find_unread_feed (folder=) at feedlist.c:508 itemlist_select_next_unread () at itemlist.c:387

This is on Ubuntu Cosmic 18.10. Ubuntu bug report with stacktrace: https://bugs.launchpad.net/ubuntu/+source/liferea/+bug/1797510

Suedkiez avatar Oct 17 '18 21:10 Suedkiez

I cannot reproduce it. How do you do the "unselecting"? I did it by Ctrl-clicking the selected feed and failed to produce the crash this way.

lwindolf avatar Nov 08 '18 18:11 lwindolf

The line numbers in the traceback are off because of the optimized code. The actual line number is feedlist.c:496 node->unreadCount is not zero and it's testing if node->id and SELECTED->id are equal. I'm guessing in this case SELECTED (feedlist->priv->selectedNode) is not yet initialized or is definitely invalid. rip is feedlist priv is offset 0x18 off of feedlist selectedNode is offset 0x10 off of priv id is offset 0x38 off of selectedNode.

 4d8:   48 8b 05 00 00 00 00    mov    0x0(%rip),%rax        # 4df <feedlist_collect_unread+0x4f>
 4df:   48 8b 40 18             mov    0x18(%rax),%rax
 4e3:   48 8b 40 10             mov    0x10(%rax),%rax
 4e7:   48 8b 70 38             mov    0x38(%rax),%rsi

feedlist is initialized by feedlist_init, but feedlist_init does not initialize SELECTED (selectedNode). Perhaps it should set it to ROOTNODE in feedlist_init.

rich-coe avatar Nov 08 '18 20:11 rich-coe

My previous comment (below) was wrong. I tried to repro by rebooting, and I realize that this "liferea starting with nothing selected" does not seem to happen anymore. I do not know when it stopped. Before I reported the bug, it was happening consistently. When it did, it started with a weird three-panel view, similar to Wide View, but not quite. Or maybe it looked only weird because nothing was selected, as described. When I selected any feed, it returned to normal. I thought that was somehow intended, as the issue started to appear after I installed Ubuntu Cosmic on a new machine. What can I say, now it starts normally again, there is a selection, and the crash therefore not repro

I am not explicitly unselecting. I realize now that this seems to happen only after a fresh login. Then it starts with nothing being selected by default in the feed tree. So when I click the Next Unread button right then, it crashes.

(So when I try to repro in a running Gnome session by quiting liferea, killing the process, and then restarting it, it starts with a selection in the feed tree, and then it does not reproduce).

Suedkiez avatar Nov 08 '18 20:11 Suedkiez

I can confirm the issue, the behaviour of liferea is exactly the same for me. I have liferea 1.12.7 installed.

dmaurel avatar May 08 '21 18:05 dmaurel

Recent releases always remember the last selected node. This makes the problem not happen anymore.

lwindolf avatar Oct 24 '22 21:10 lwindolf