gjs-console assert failure: *** Error in `/usr/bin/gjs-console': free(): invalid next size (fast): 0x00007f74a804b240 ***
Bug #1418771 reported by
Tim Lunn
This bug affects 107 people
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Ubuntu GNOME |
Fix Released
|
Undecided
|
Unassigned | |||
gjs |
Fix Released
|
Medium
|
||||
gjs (Debian) |
Fix Released
|
Unknown
|
||||
gjs (Ubuntu) | ||||||
Wily |
Invalid
|
Undecided
|
Unassigned | |||
tracker (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | |||
Wily |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[Impact]
gnome-documents search provider crashes due to a buffer overrun in libunistring handling.
I have also included a few other patches cherry-picked from the upstream tracker-1.4 branch, that deal with crashes mishandling gcancellables.
[Test Case]
- in one terminal run /usr/bin/
- within 10 seconds of the above, in another terminal run dbus-send --print-reply --dest=
[Regression Potential]
Low, these are all simple patches from the upstream stable branch
information type: | Private → Public |
Changed in ubuntu-gnome: | |
milestone: | none → vivid |
Changed in ubuntu-gnome: | |
status: | New → Confirmed |
Changed in gjs: | |
importance: | Unknown → Medium |
status: | Unknown → Incomplete |
Changed in ubuntu-gnome: | |
milestone: | vivid → wily |
Changed in gjs (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in gjs (Debian): | |
status: | Unknown → Confirmed |
Changed in gjs: | |
status: | Incomplete → Fix Released |
no longer affects: | gjs (Ubuntu) |
Changed in gjs (Debian): | |
status: | Confirmed → Fix Released |
description: | updated |
Changed in tracker (Ubuntu): | |
status: | New → Fix Committed |
Changed in tracker (Ubuntu Wily): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in tracker (Ubuntu): | |
importance: | Undecided → Medium |
Changed in gjs (Ubuntu Wily): | |
status: | Confirmed → Invalid |
Changed in ubuntu-gnome: | |
status: | Confirmed → Fix Committed |
Changed in tracker (Ubuntu Wily): | |
status: | Fix Committed → Fix Released |
Changed in tracker (Ubuntu Wily): | |
status: | Fix Released → Fix Committed |
Changed in ubuntu-gnome: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
StacktraceTop: do_abort@ entry=1, fmt=fmt@ entry=0x7f74d0b f9b00 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/ posix/libc_ fatal.c: 175 entry=0x23fd0a8 , n=<optimized out>, bPreserve= bPreserve@ entry=1) at sqlite3.c:61809 inator (pMem=pMem@ entry=0x23fd0a8 ) at sqlite3.c:61903
__libc_message (do_abort=
malloc_printerr (ptr=<optimized out>, str=0x7f74d0bf9ca0 "free(): invalid next size (fast)", action=1) at malloc.c:4996
_int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
sqlite3VdbeMemGrow (pMem=pMem@
vdbeMemAddTerm