Liferea 1.14.1 crash when refreshing feeds.

[Froggy232]

Hi, Since the last update of liferea (I use the flatpak version on fedora silverblue), liferea crash when refreshing the feeds. Everything work well with 1.14.0. Unfortunally, if I launch liferea from a terminal, I don't have any message in the terminal when it crash. Capture vidéo du 2023-03-15 12-15-48.webm Thanks you

[bbhtt]

Can you please run it with --debug-all and see if something is reported?

Also is a core generated? Can you please follow https://www.figuiere.net/technotes/notes/tn001/ and get a stack trace of it?

[paulgevers]

This sounds a bit like the report I got in Debian which has a stack trace:

    Thread 1 "liferea" received signal SIGSEGV, Segmentation fault.
    0x0000555555577a6e in conf_get_bool_value_from_schema (gsettings=<optimized out>, gsettings@entry=0x0, key=key@entry=0x5555555cb33a "enable-reader-mode", value=value@entry=0x54) at ../conf.c:258
    258             *value = g_settings_get_boolean (gsettings,key);

https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1032989;filename=liferea.crash;msg=5

[Froggy232]

Hi, Thanks you, here is the output of the terminal with --debug-all : https://ctxt.io/2/AACQhP6gFQ Thanks

[lwindolf]

@Froggy232 Thanks for posting the --debug-all this helps as it indicates the remove item causing the crash which matches this https://github.com/lwindolf/liferea/commit/e1d09156e76b1ca2cd94b1c16edd46dc989c5c20#r99367029 assumption about a possible crash that needs fixing.

[obfuscated]

Same problem here on gentoo since updating to 1.14.1, 1.14.0 worked fine.

A bit of output from gdb:

DB     : loading item 67408
DB     : loading item 67414
DB     : loading item 67415
DB     : loading item 67427

Thread 1 "liferea" received signal SIGSEGV, Segmentation fault.
0x000055555557777e in conf_get_bool_value_from_schema ()
(gdb) bt
#0  0x000055555557777e in conf_get_bool_value_from_schema ()
#1  0x00005555555a75fd in liferea_browser_update ()
#2  0x0000555555584f9d in itemlist_merge_itemset ()

[mokraemer]

The same on mageia: https://bugs.mageia.org/show_bug.cgi?id=31691

--debug-all gives me:

[...]
UPDATE : dropping item nr 148033 (Strategische Kooperation: USA liefern Australien Atom-U-Boote)....
UPDATE : dropping item nr 148034 (Aktuelle Stunde im Bundestag: Viele offene Fragen zur Heizwende)....
DB     : removing item with id 147759
Speicherzugriffsfehler (Speicherabzug geschrieben)

so it looks like, at the moment when an item is removed from the db, it causes the seg fault

[mozbugbox]

Please try this patch: itemlist-crash-patch.txt

diff --git a/src/itemlist.c b/src/itemlist.c
index 5f5caca3..fd0f7ba6 100644
--- a/src/itemlist.c
+++ b/src/itemlist.c
@@ -499,8 +499,13 @@ itemlist_remove_items (itemSetPtr itemSet, GList *items)

    while (iter) {
        itemPtr item = (itemPtr) iter->data;
-       itemlist_request_remove_item (item);
-       db_item_remove (item->id);
+       if (itemlist->priv->selectedId != item->id) {
+           itemview_remove_item(item);
+           db_item_remove(item->id);
+       } else {
+           itemlist_request_remove_item(item);
+       }
+       g_object_unref (item);
        iter = g_list_next (iter);
    }

It basically revert the change to the itemlist_remove_items() while GObjectify Item Object.

[mokraemer]

I can confirm, after applying that patch everything works as before. No crash!

[lwindolf]

Will test too this evening.

[lwindolf]

@mozbugbox I've implemented your suggestion.

While I never could reproduce the crash or any problem with valgrind with the 1.4.1 code I still believe it is correct to revert it like this,

[Froggy232]

@lwindolf Thanks you, do you know when we could update via flatpak? Thanks you

[mozbugbox]

The bug can be simply reproduced by

1. Select the oldest item in a feed. Make sure it will be dropped after an update
2. update the feed
3. move to the next item
4. Crash

The selected item should be dropped when new item comes in, as it's the oldest in the feed. But it get deferred because it's selected. Unselect the item would actually drop the item. This will trigger the bug as the item already removed from the db.

[mikelolasagasti]

@lwindolf Thanks you, do you know when we could update via flatpak? Thanks you

A build for 1.14.2 has been pushed, should be published soon.

[mikelolasagasti]

@paulgevers can you check if the issue still happens with 1.14.2? It may be a different issue I just reported in https://github.com/lwindolf/liferea/issues/1214