Dear Maintainer, I just tried to reproduce and collect some more information, used a minimal buster amd64 qemu VM.
This issue seems to be more located in libt4k-common0. It uses "rsvg_handle_get_desc(file_handle)" to retrieve a char pointer to the description and tries to convert that into an integer by sscanf [1]. Unfortunately seems librsvg-2.42 [2] the last release that supported that way of operation. librsvg removed that functionality in commit [3]. Therefore in current version just a null pointer [4] is returned by rsvg_handle_get_desc that leads to the crash in load_svg_sprite: (gdb) bt #0 __rawmemchr_sse2 () at ../sysdeps/x86_64/multiarch/../rawmemchr.S:37 #1 0x00007febe0ac3342 in _IO_str_init_static_internal (sf=sf@entry=0x7ffd7b8ad720, ptr=ptr@entry=0x0, size=size@entry=0, pstart=pstart@entry=0x0) at strops.c:41 #2 0x00007febe0ab624d in _IO_vsscanf (string=0x0, format=0x7febe0c35c62 "%d", args=args@entry=0x7ffd7b8ad850) at iovsscanf.c:40 #3 0x00007febe0ab03f4 in __sscanf (s=<optimized out>, format=format@entry=0x7febe0c35c62 "%d") at sscanf.c:32 #4 0x00007febe0c2c3c9 in load_svg_sprite (file_name=<optimized out>, width=width@entry=-1, height=height@entry=-1) at t4k_loaders.c:217 #5 0x00007febe0c2d52b in load_sprite (name=name@entry=0x55b6034762a1 "comets/comet", mode=mode@entry=4, w=w@entry=-1, h=h@entry=-1, proportional=proportional@entry=false) at t4k_loaders.c:714 #6 0x00007febe0c2d978 in T4K_LoadScaledSprite (name=name@entry=0x55b6034762a1 "comets/comet", mode=mode@entry=4, width=width@entry=-1, height=height@entry=-1) at t4k_loaders.c:651 #7 0x00007febe0c2d98c in T4K_LoadSprite (name=name@entry=0x55b6034762a1 "comets/comet", mode=mode@entry=4) at t4k_loaders.c:646 #8 0x000055b60345b961 in load_image_data () at fileops_media.c:213 #9 0x000055b603448962 in load_data_files () at setup.c:759 #10 0x000055b6034497c5 in setup (argc=1, argv=0x7ffd7b8ae758) at setup.c:139 #11 0x000055b603447be9 in main (argc=<optimized out>, argv=<optimized out>) at tuxmath.c:40 Kind regards, Bernhard [1] https://github.com/tux4kids/t4kcommon/blob/master/src/t4k_loaders.c#L228 [2] https://gitlab.gnome.org/GNOME/librsvg/blob/librsvg-2.42/librsvg/rsvg-handle.c#L772 [3] https://gitlab.gnome.org/GNOME/librsvg/commit/1006c2001d4775b6d5b20d5f77c5aea9ac280fcb [4] https://gitlab.gnome.org/GNOME/librsvg/blob/master/librsvg/rsvg-handle.c#L1007
# buster amd64 qemu VM apt update apt dist-upgrade apt install mc psmisc devscripts dpkg-dev systemd-coredump strace gdb xserver-xorg lightdm openbox tuxmath tuxmath-dbgsym libt4k-common0-dbgsym librsvg2-2-dbgsym apt build-dep t4kcommon systemctl start lightdm mkdir libt4k-common0/orig -p cd libt4k-common0/orig apt source libt4k-common0 cd ../.. mkdir librsvg2-2/orig -p cd librsvg2-2/orig apt source librsvg2-2 cd ../.. export LANG=C export DISPLAY=:0 tuxmath root@debian:~# coredumpctl list TIME PID UID GID SIG COREFILE EXE Sun 2018-12-09 22:02:02 CET 8201 1000 1000 11 present /usr/lib/tuxmath/tuxmath root@debian:~# coredumpctl gdb 8201 PID: 8201 (tuxmath) UID: 1000 (benutzer) GID: 1000 (benutzer) Signal: 11 (SEGV) Timestamp: Sun 2018-12-09 22:02:02 CET (28s ago) Command Line: tuxmath Executable: /usr/lib/tuxmath/tuxmath Control Group: /user.slice/user-1000.slice/session-5.scope Unit: session-5.scope Slice: user-1000.slice Session: 5 Owner UID: 1000 (benutzer) Boot ID: b8debb360de74c7698ecca6a9e56eac5 Machine ID: 32f43b50ac8c4b21941bc0b02f8e7811 Hostname: debian Storage: /var/lib/systemd/coredump/core.tuxmath.1000.b8debb360de74c7698ecca6a9e56eac5.8201.1544389322000000.lz4 Message: Process 8201 (tuxmath) of user 1000 dumped core. Stack trace of thread 8201: #0 0x00007febe0ad67af __rawmemchr_sse2 (libc.so.6) #1 0x00007febe0ac3342 _IO_str_init_static_internal (libc.so.6) #2 0x00007febe0ab624d _IO_vsscanf (libc.so.6) #3 0x00007febe0ab03f4 __sscanf (libc.so.6) #4 0x00007febe0c2c3c9 load_svg_sprite (libt4k_common.so.0) #5 0x00007febe0c2d52b load_sprite (libt4k_common.so.0) #6 0x000055b60345b961 n/a (tuxmath) #7 0x000055b603448962 n/a (tuxmath) #8 0x000055b6034497c5 n/a (tuxmath) #9 0x000055b603447be9 main (tuxmath) #10 0x00007febe0a67b17 __libc_start_main (libc.so.6) #11 0x000055b603447c2a n/a (tuxmath) GNU gdb (Debian 8.2-1) 8.2 Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/lib/tuxmath/tuxmath...(no debugging symbols found)...done. [New LWP 8201] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `tuxmath'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __rawmemchr_sse2 () at ../sysdeps/x86_64/multiarch/../rawmemchr.S:37 37 ../sysdeps/x86_64/multiarch/../rawmemchr.S: Datei oder Verzeichnis nicht gefunden. (gdb) set width 0 (gdb) set pagination off (gdb) directory /home/benutzer/libt4k-common0/orig/t4kcommon-0.1.1/src Source directories searched: /home/benutzer/libt4k-common0/orig/t4kcommon-0.1.1/src:$cdir:$cwd (gdb) bt #0 __rawmemchr_sse2 () at ../sysdeps/x86_64/multiarch/../rawmemchr.S:37 #1 0x00007febe0ac3342 in _IO_str_init_static_internal (sf=sf@entry=0x7ffd7b8ad720, ptr=ptr@entry=0x0, size=size@entry=0, pstart=pstart@entry=0x0) at strops.c:41 #2 0x00007febe0ab624d in _IO_vsscanf (string=0x0, format=0x7febe0c35c62 "%d", args=args@entry=0x7ffd7b8ad850) at iovsscanf.c:40 #3 0x00007febe0ab03f4 in __sscanf (s=<optimized out>, format=<optimized out>) at sscanf.c:32 #4 0x00007febe0c2c3c9 in load_svg_sprite () from /usr/lib/x86_64-linux-gnu/libt4k_common.so.0 #5 0x00007febe0c2d52b in load_sprite () from /usr/lib/x86_64-linux-gnu/libt4k_common.so.0 #6 0x000055b60345b961 in ?? () #7 0x000055b603448962 in ?? () #8 0x000055b6034497c5 in ?? () #9 0x000055b603447be9 in main () # With debug symbols (gdb) bt #0 __rawmemchr_sse2 () at ../sysdeps/x86_64/multiarch/../rawmemchr.S:37 #1 0x00007febe0ac3342 in _IO_str_init_static_internal (sf=sf@entry=0x7ffd7b8ad720, ptr=ptr@entry=0x0, size=size@entry=0, pstart=pstart@entry=0x0) at strops.c:41 #2 0x00007febe0ab624d in _IO_vsscanf (string=0x0, format=0x7febe0c35c62 "%d", args=args@entry=0x7ffd7b8ad850) at iovsscanf.c:40 #3 0x00007febe0ab03f4 in __sscanf (s=<optimized out>, format=format@entry=0x7febe0c35c62 "%d") at sscanf.c:32 #4 0x00007febe0c2c3c9 in load_svg_sprite (file_name=<optimized out>, width=width@entry=-1, height=height@entry=-1) at t4k_loaders.c:217 #5 0x00007febe0c2d52b in load_sprite (name=name@entry=0x55b6034762a1 "comets/comet", mode=mode@entry=4, w=w@entry=-1, h=h@entry=-1, proportional=proportional@entry=false) at t4k_loaders.c:714 #6 0x00007febe0c2d978 in T4K_LoadScaledSprite (name=name@entry=0x55b6034762a1 "comets/comet", mode=mode@entry=4, width=width@entry=-1, height=height@entry=-1) at t4k_loaders.c:651 #7 0x00007febe0c2d98c in T4K_LoadSprite (name=name@entry=0x55b6034762a1 "comets/comet", mode=mode@entry=4) at t4k_loaders.c:646 #8 0x000055b60345b961 in load_image_data () at fileops_media.c:213 #9 0x000055b603448962 in load_data_files () at setup.c:759 #10 0x000055b6034497c5 in setup (argc=1, argv=0x7ffd7b8ae758) at setup.c:139 #11 0x000055b603447be9 in main (argc=<optimized out>, argv=<optimized out>) at tuxmath.c:40 ###################### benutzer@debian:~$ gdb -q --args tuxmath Reading symbols from tuxmath...Reading symbols from /usr/lib/debug/.build-id/8c/79729822c3b1b16ff78c5f9a8e9272dc6475a0.debug...done. done. (gdb) set width 0 (gdb) set pagination off (gdb) directory /home/benutzer/libt4k-common0/orig/t4kcommon-0.1.1/src Source directories searched: /home/benutzer/libt4k-common0/orig/t4kcommon-0.1.1/src:$cdir:$cwd (gdb) directory /home/benutzer/librsvg2-2/orig/librsvg-2.44.9/librsvg Source directories searched: /home/benutzer/librsvg2-2/orig/librsvg-2.44.9/librsvg:/home/benutzer/libt4k-common0/orig/t4kcommon-0.1.1/src:$cdir:$cwd (gdb) b load_svg_sprite Function "load_svg_sprite" not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (load_svg_sprite) pending. (gdb) b rsvg_handle_get_desc Function "rsvg_handle_get_desc" not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 2 (rsvg_handle_get_desc) pending. (gdb) run Starting program: /usr/games/tuxmath [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Initializing Tux4Kids-Common 0.1.1 ALSA lib confmisc.c:767:(parse_card) cannot find card '0' ALSA lib conf.c:4555:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings ALSA lib conf.c:4555:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name ALSA lib conf.c:4555:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory ALSA lib conf.c:5034:(snd_config_expand) Evaluate error: No such file or directory ALSA lib pcm.c:2565:(snd_pcm_open_noupdate) Unknown PCM default Warning: I could not set up audio for 44100 Hz 16-bit stereo. The Simple DirectMedia error that occured was: No available audio device libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile Breakpoint 1, load_svg_sprite (file_name=0x7ffff7b11b20 <tmp_path> "/usr/share/tuxmath/images/comets/comet.svg", width=width@entry=-1, height=height@entry=-1) at t4k_loaders.c:195 warning: Source file is more recent than executable. 195 { (gdb) cont Continuing. (process:21878): librsvg-WARNING **: 22:18:49.261: element id="#default" does not exist Breakpoint 2, rsvg_handle_get_desc (handle=handle@entry=0x555555c8b080) at librsvg/rsvg-handle.c:997 warning: Source file is more recent than executable. 997 g_return_val_if_fail (handle, NULL); (gdb) list 984,1000 984 /** 985 * rsvg_handle_get_desc: 986 * @handle: An #RsvgHandle 987 * 988 * Returns: (nullable): This function always returns NULL. 989 * 990 * Since: 2.4 991 * 992 * Deprecated: 2.36 993 */ 994 const char * 995 rsvg_handle_get_desc (RsvgHandle * handle) 996 { 997 g_return_val_if_fail (handle, NULL); 998 999 return NULL; 1000 } (gdb) print handle->priv->desc->str There is no member named desc. (gdb) print handle->priv $1 = (RsvgHandlePrivate *) 0x555555c8b000 (gdb) print *handle->priv $2 = {flags = RSVG_HANDLE_FLAGS_NONE, hstate = RSVG_HANDLE_STATE_CLOSED_OK, load = 0x0, size_func = 0x0, user_data = 0x0, user_data_destroy = 0x0, tree = 0x555555c8dd30, defs = 0x555555c6a740, css_styles = 0x555555638c40, cancellable = 0x0, dpi_x = 90, dpi_y = 90, base_uri = 0x555555c8a910 "file:///usr/share/tuxmath/images/comets/comet.svg", base_gfile = 0x5555556148a0, in_loop = 0, is_testing = 0, font_config_for_testing = 0x0, font_map_for_testing = 0x0} (gdb) bt #0 rsvg_handle_get_desc (handle=handle@entry=0x555555c8b080) at librsvg/rsvg-handle.c:997 #1 0x00007ffff78f63b1 in load_svg_sprite (file_name=<optimized out>, width=width@entry=-1, height=height@entry=-1) at t4k_loaders.c:217 #2 0x00007ffff78f752b in load_sprite (name=name@entry=0x5555555892a1 "comets/comet", mode=mode@entry=4, w=w@entry=-1, h=h@entry=-1, proportional=proportional@entry=false) at t4k_loaders.c:714 #3 0x00007ffff78f7978 in T4K_LoadScaledSprite (name=name@entry=0x5555555892a1 "comets/comet", mode=mode@entry=4, width=width@entry=-1, height=height@entry=-1) at t4k_loaders.c:651 #4 0x00007ffff78f798c in T4K_LoadSprite (name=name@entry=0x5555555892a1 "comets/comet", mode=mode@entry=4) at t4k_loaders.c:646 #5 0x000055555556e961 in load_image_data () at fileops_media.c:213 #6 0x000055555555b962 in load_data_files () at setup.c:759 #7 0x000055555555c7c5 in setup (argc=1, argv=0x7fffffffe628) at setup.c:139 #8 0x000055555555abe9 in main (argc=<optimized out>, argv=<optimized out>) at tuxmath.c:40 export LANG=C export DISPLAY=:0 gdb -q --args tuxmath set width 0 set pagination off directory /home/benutzer/libt4k-common0/orig/t4kcommon-0.1.1/src directory /home/benutzer/librsvg2-2/orig/librsvg-2.44.9/librsvg b load_svg_sprite y b rsvg_handle_get_desc y run https://gitlab.gnome.org/GNOME/librsvg/commit/1006c2001d4775b6d5b20d5f77c5aea9ac280fcb https://gitlab.gnome.org/GNOME/librsvg/blob/librsvg-2.42/librsvg/rsvg-handle.c#L772 https://github.com/tux4kids/t4kcommon/blob/master/src/t4k_loaders.c#L228 https://gitlab.gnome.org/GNOME/librsvg/blob/master/librsvg/rsvg-handle.c#L1007