Race condition in app_indicator_init() causes application crash
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libappindicator |
Fix Released
|
Medium
|
Charles Kerr | ||
libappindicator (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Brian Murray |
Bug Description
app_indicator_
diff -ruN libappindicator
--- libappindicator
+++ libappindicator
@@ -611,6 +611,8 @@
priv-
priv-
+ self->priv = priv; // Needs to be set BEFORE calling g_bus_get so our handler can read it.
+
/* Start getting the session bus */
g_object_
g_bus_
@@ -618,8 +620,6 @@
g_signal_
"changed", G_CALLBACK(
- self->priv = priv;
-
return;
}
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libappindicator1 (not installed)
ProcVersionSign
Uname: Linux 3.2.0-32-generic x86_64
NonfreeKernelMo
ApportVersion: 2.0.1-0ubuntu17.1
Architecture: amd64
Date: Mon Feb 11 17:20:25 2013
InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 (20121016)
MarkForUpload: True
ProcEnviron:
LC_CTYPE=
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/zsh
SourcePackage: libappindicator
UpgradeStatus: No upgrade log present (probably fresh install)
[Impact]
This bug was the #2 cause of crashes in the Steam client. I believe this meets the SRU criteria: "Bugs which do not fit under above categories, but (1) have an obviously safe patch and (2) affect an application rather than critical infrastructure packages (like X.org or the kernel)."
[Test Case]
As this is a race condition it is difficult to reproduce. However we have many crashdumps with a SIGSEGV referencing a garbage self->priv pointer in bus_creation(). After applying this fix, the crashes stopped.
[Regression Potential]
Low
Related branches
- PS Jenkins bot (community): Approve (continuous-integration)
- Lars Karlitski (community): Approve
-
Diff: 20 lines (+2/-2)1 file modifiedsrc/app-indicator.c (+2/-2)
- Sebastien Bacher: Needs Fixing
- Ubuntu branches: Pending requested
-
Diff: 34 lines (+8/-2)2 files modifieddebian/changelog (+6/-0)
src/app-indicator.c (+2/-2)
description: | updated |
Changed in libappindicator: | |
status: | In Progress → Fix Committed |
Changed in libappindicator (Ubuntu Precise): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in libappindicator (Ubuntu Precise): | |
assignee: | nobody → Brian Murray (brian-murray) |
status: | Triaged → In Progress |
Changed in libappindicator: | |
status: | Fix Committed → Fix Released |
Looks right. Thanks John!