Ubuntu
iceauth package

[apport] iceauth crashed with SIGSEGV in strlen()

Bug #103873 reported by evilhomer
18
Affects Status Importance Assigned to Milestone
X.Org X server
Fix Released
Medium
iceauth (Ubuntu)
Fix Released
Medium
Ubuntu-X

Bug Description

Binary package hint: iceauth

Crash icon was on my taskbar after I booted up

ProblemType: Crash
Architecture: i386
Date: Fri Apr 6 16:07:52 2007
DistroRelease: Ubuntu 7.04
ExecutablePath: /usr/bin/iceauth
Package: iceauth 1:1.0.1-0ubuntu2
PackageArchitecture: i386
ProcCmdline: iceauth remove netid=local/roc-ahubbard:/tmp/.ICE-unix/dcop5674-1175861561
ProcCwd: /home/ahubbard
ProcEnviron:
 PATH=/home/ahubbard/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_US.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: iceauth
Stacktrace:
 #0 0xb7e31c23 in strlen () from /lib/tls/i686/cmov/libc.so.6
 #1 0xb7f093e3 in IceUnlockAuthFile () from /usr/lib/libICE.so.6
 #2 0x0804992b in ?? ()
 #3 0x00000000 in ?? ()
StacktraceTop:
 strlen () from /lib/tls/i686/cmov/libc.so.6
 IceUnlockAuthFile () from /usr/lib/libICE.so.6
 ?? ()
 ?? ()
Uname: Linux roc-ahubbard 2.6.20-12-generic #2 SMP Wed Mar 21 20:55:46 UTC 2007 i686 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip floppy lpadmin netdev plugdev powerdev scanner video

Revision history for this message
evilhomer (memberships-ahubbard) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Symbolic stack trace

StacktraceTop:strlen () from /lib/tls/i686/cmov/libc.so.6
IceUnlockAuthFile (file_name=0x0) at ../../src/authutil.c:230
?? ()
?? ()

Revision history for this message
Apport retracing service (apport) wrote : Symbolic threaded stack trace
Brian Murray (brian-murray)
Changed in iceauth:
importance: Undecided → Medium
Revision history for this message
In , didier (did447-deactivatedaccount) wrote :

iceauth can dump a core in auth_initialize() if a signal is caught before iceauth_filename has been malloced.

Revision history for this message
didier (did447-deactivatedaccount) wrote :

seems that the signal handler is called before file_name is 'malloced'

Changed in iceauth:
status: Unconfirmed → Confirmed
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

You all seem to have something in common.. the hostname includes a dash. Could you rename the host so it doesn't have a dash, and then try to reproduce this.

Changed in iceauth:
status: Confirmed → Needs Info
Revision history for this message
didier (did447-deactivatedaccount) wrote : Re: [Bug 103873] Re: [apport] iceauth crashed with SIGSEGV in strlen()

No,

In my understanding, on exit a lot of stuffs are killed *very*
quickly. It could be the reason why there's so many reports of SIGSEV
in a lot of packages.

For iceauth

--- process.c~ 2007-05-10 16:53:29.000000000 +0200
+++ process.c 2007-05-10 16:53:29.000000000 +0200
@@ -742,7 +742,7 @@
        }
     }

- if (!ignore_locks) {
+ if (!ignore_locks && iceauth_filename) {
        IceUnlockAuthFile (iceauth_filename);
     }
     (void) umask (original_umask);

Revision history for this message
In , Alan Coopersmith (alan-coopersmith) wrote :

Yep - was able to trigger it by running on Solaris and using dtrace to fire a
signal in auth_initialize between the call to register_signals() and the malloc
of iceauth_filename.

Stack trace showed crash in:

program terminated by signal SEGV (no mapping at the fault address)
0xfef74e0f: IceUnlockAuthFile+0x0027: repnz scasb
Current function is auth_finalize
  726 IceUnlockAuthFile (iceauth_filename);
(dbx) where
  [1] IceUnlockAuthFile(0x0), at 0xfef74e0f
=>[2] auth_finalize(), line 726 in "process.c"
  [3] die(sig = 1), line 501 in "process.c"
  [4] catchsig(sig = 1), line 523 in "process.c"
  [5] __sighndlr(0x1, 0x0, 0x8047860, 0x80534a0), at 0xfef1d39f
  [6] call_user_handler(0x1, 0x0, 0x8047860), at 0xfef128ab
  [7] sigacthandler(0x1, 0x0, 0x8047860, 0xf, 0x0, 0x0), at 0xfef12a52
  ---- called from signal handler with signal 1 (SIGHUP) ------
  [8] auth_initialize(authfilename = 0x80681d0 "/.ICEauthority"), line 584 in "process.c"
  [9] main(argc = 1, argv = 0x8047af0), line 157 in "iceauth.c"

Adding a test for NULL filename before calling IceUnlockAuthFile cleared the
crash, but left the lock file behind. Moving the initialization of
authfilename to earlier in auth_initialize allowed the locks to be cleaned up
as well.

Committed fix to git master in commit 0022cf7baf11bccea0024d0dc8c1ecc37e46ef3d.

Revision history for this message
didier (did447-deactivatedaccount) wrote : Re: [Bug 103873] Re: [apport] iceauth crashed with SIGSEGV in strlen()

Fixed upstream cf:

http://bugs.freedesktop.org/show_bug.cgi?id=10739

Sebastien Bacher (seb128)
Changed in iceauth:
status: Incomplete → Fix Committed
assignee: nobody → ubuntu-x-swat
Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
status: Unknown → Fix Released
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Fixed in gutsy, which has iceauth 1.0.2.

Changed in iceauth:
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
importance: Unknown → Medium
Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
importance: Medium → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.