Ubuntu
glib2.0 package

glib-compile-schemas invalid free in per session override

Bug #1711545 reported by dino99 on 2017-08-18

This bug report is a duplicate of: Bug #1713391: glib-compile-schemas invalid free in per session override. Edit Remove

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	glib2.0 (Ubuntu)	Confirmed	High	Unassigned

Bug Description

Got that crash while upgrading some packages:

Preparing to unpack .../0-ubuntu-minimal_1.395_amd64.deb ...
Unpacking ubuntu-minimal (1.395) over (1.394) ...
Preparing to unpack .../1-ubuntu-standard_1.395_amd64.deb ...
Unpacking ubuntu-standard (1.395) over (1.394) ...
Preparing to unpack .../2-gnome-session-bin_3.24.1-0ubuntu21_amd64.deb ...
Unpacking gnome-session-bin (3.24.1-0ubuntu21) over (3.24.1-0ubuntu20) ...
Preparing to unpack .../3-ubuntu-session_3.24.1-0ubuntu21_amd64.deb ...
Unpacking ubuntu-session (3.24.1-0ubuntu21) over (3.24.1-0ubuntu20) ...
Preparing to unpack .../4-gnome-session_3.24.1-0ubuntu21_amd64.deb ...
Unpacking gnome-session (3.24.1-0ubuntu21) over (3.24.1-0ubuntu20) ...
Preparing to unpack .../5-gnome-session-common_3.24.1-0ubuntu21_all.deb ...
Unpacking gnome-session-common (3.24.1-0ubuntu21) over (3.24.1-0ubuntu20) ...
Preparing to unpack .../6-ubuntu-settings_17.10.12_all.deb ...
Unpacking ubuntu-settings (17.10.12) over (17.10.11) ...
Preparing to unpack .../7-ubuntu-web-launchers_17.10.12_all.deb ...
Unpacking ubuntu-web-launchers (17.10.12) over (17.10.11) ...
Processing triggers for gconf2 (3.2.6-4ubuntu1) ...
Processing triggers for mime-support (3.60ubuntu1) ...
Setting up ubuntu-web-launchers (17.10.12) ...
Processing triggers for desktop-file-utils (0.23-1ubuntu3) ...
Setting up ubuntu-settings (17.10.12) ...
Processing triggers for libglib2.0-0:amd64 (2.53.4-3ubuntu1) ...
No such key 'enable-hot-corners' in schema 'org.gnome.shell:ubuntu' as specified in override file '/usr/share/glib-2.0/schemas/10_ubuntu-settings.gschema.override'; ignoring override for this key.
*** Error in `/usr/lib/x86_64-linux-gnu/glib-2.0/glib-compile-schemas': munmap_chunk(): invalid pointer: 0x0000002601a1d1e0 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x790bb)[0x7fb4dfe8b0bb]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x1f8)[0x7fb4dfe98f08]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_strfreev+0x29)[0x7fb4e02423e9]
/usr/lib/x86_64-linux-gnu/glib-2.0/glib-compile-schemas(+0x3ff6)[0x25ff8c9ff6]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7fb4dfe32421]
/usr/lib/x86_64-linux-gnu/glib-2.0/glib-compile-schemas(+0x404a)[0x25ff8ca04a]
======= Memory map: ========
25ff8c6000-25ff8d0000 r-xp 00000000 08:04 523111 /usr/lib/x86_64-linux-gnu/glib-2.0/glib-compile-schemas
25ffacf000-25ffad0000 r--p 00009000 08:04 523111 /usr/lib/x86_64-linux-gnu/glib-2.0/glib-compile-schemas
25ffad0000-25ffad1000 rw-p 0000a000 08:04 523111 /usr/lib/x86_64-linux-gnu/glib-2.0/glib-compile-schemas
26018a6000-2601b18000 rw-p 00000000 00:00 0 [heap]
7fb4df48f000-7fb4df4a5000 r-xp 00000000 08:04 522367 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb4df4a5000-7fb4df6a4000 ---p 00016000 08:04 522367 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb4df6a4000-7fb4df6a5000 r--p 00015000 08:04 522367 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb4df6a5000-7fb4df6a6000 rw-p 00016000 08:04 522367 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb4df6a6000-7fb4df981000 r--p 00000000 08:04 522184 /usr/lib/locale/locale-archive
7fb4df981000-7fb4df999000 r-xp 00000000 08:04 542247 /lib/x86_64-linux-gnu/libpthread-2.24.so
7fb4df999000-7fb4dfb99000 ---p 00018000 08:04 542247 /lib/x86_64-linux-gnu/libpthread-2.24.so
7fb4dfb99000-7fb4dfb9a000 r--p 00018000 08:04 542247 /lib/x86_64-linux-gnu/libpthread-2.24.so
7fb4dfb9a000-7fb4dfb9b000 rw-p 00019000 08:04 542247 /lib/x86_64-linux-gnu/libpthread-2.24.so
7fb4dfb9b000-7fb4dfb9f000 rw-p 00000000 00:00 0
7fb4dfb9f000-7fb4dfc11000 r-xp 00000000 08:04 523149 /lib/x86_64-linux-gnu/libpcre.so.3.13.3
7fb4dfc11000-7fb4dfe10000 ---p 00072000 08:04 523149 /lib/x86_64-linux-gnu/libpcre.so.3.13.3
7fb4dfe10000-7fb4dfe11000 r--p 00071000 08:04 523149 /lib/x86_64-linux-gnu/libpcre.so.3.13.3
7fb4dfe11000-7fb4dfe12000 rw-p 00072000 08:04 523149 /lib/x86_64-linux-gnu/libpcre.so.3.13.3
7fb4dfe12000-7fb4dffce000 r-xp 00000000 08:04 542222 /lib/x86_64-linux-gnu/libc-2.24.so
7fb4dffce000-7fb4e01cd000 ---p 001bc000 08:04 542222 /lib/x86_64-linux-gnu/libc-2.24.so
7fb4e01cd000-7fb4e01d1000 r--p 001bb000 08:04 542222 /lib/x86_64-linux-gnu/libc-2.24.so
7fb4e01d1000-7fb4e01d3000 rw-p 001bf000 08:04 542222 /lib/x86_64-linux-gnu/libc-2.24.so
7fb4e01d3000-7fb4e01d7000 rw-p 00000000 00:00 0
7fb4e01d7000-7fb4e02e8000 r-xp 00000000 08:04 523029 /lib/x86_64-linux-gnu/libglib-2.0.so.0.5304.0
7fb4e02e8000-7fb4e04e8000 ---p 00111000 08:04 523029 /lib/x86_64-linux-gnu/libglib-2.0.so.0.5304.0
7fb4e04e8000-7fb4e04e9000 r--p 00111000 08:04 523029 /lib/x86_64-linux-gnu/libglib-2.0.so.0.5304.0
7fb4e04e9000-7fb4e04ea000 rw-p 00112000 08:04 523029 /lib/x86_64-linux-gnu/libglib-2.0.so.0.5304.0
7fb4e04ea000-7fb4e04eb000 rw-p 00000000 00:00 0
7fb4e04eb000-7fb4e0511000 r-xp 00000000 08:04 542218 /lib/x86_64-linux-gnu/ld-2.24.so
7fb4e06e1000-7fb4e06e3000 rw-p 00000000 00:00 0
7fb4e070c000-7fb4e0710000 rw-p 00000000 00:00 0
7fb4e0710000-7fb4e0711000 r--p 00025000 08:04 542218 /lib/x86_64-linux-gnu/ld-2.24.so
7fb4e0711000-7fb4e0712000 rw-p 00026000 08:04 542218 /lib/x86_64-linux-gnu/ld-2.24.so
7fb4e0712000-7fb4e0713000 rw-p 00000000 00:00 0
7ffe474b8000-7ffe474d9000 rw-p 00000000 00:00 0 [stack]
7ffe475f3000-7ffe475f6000 r--p 00000000 00:00 0 [vvar]
7ffe475f6000-7ffe475f8000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted (core dumped)

ProblemType: Crash
DistroRelease: Ubuntu 17.10
Package: libglib2.0-0 2.53.4-3ubuntu1
ProcVersionSignature: Ubuntu 4.12.0-11.12-generic 4.12.5
Uname: Linux 4.12.0-11-generic x86_64
ApportVersion: 2.20.6-0ubuntu5
Architecture: amd64
AssertionMessage: *** Error in `/usr/lib/x86_64-linux-gnu/glib-2.0/glib-compile-schemas': munmap_chunk(): invalid pointer: 0x0000002601a1d1e0 ***
Date: Fri Aug 18 11:08:55 2017
ExecutablePath: /usr/lib/x86_64-linux-gnu/glib-2.0/glib-compile-schemas
ProcCmdline: /usr/lib/x86_64-linux-gnu/glib-2.0/glib-compile-schemas /usr/share/glib-2.0/schemas
ProcEnviron:
LANGUAGE=en_US
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
Signal: 6
SourcePackage: glib2.0
StacktraceTop:
__libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7fb4dffa0f68 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
malloc_printerr (ar_ptr=0x0, ptr=<optimized out>, str=0x7fb4dffa0f90 "munmap_chunk(): invalid pointer", action=<optimized out>) at malloc.c:5049
munmap_chunk (p=<optimized out>) at malloc.c:2857
__GI___libc_free (mem=<optimized out>) at malloc.c:2980
g_strfreev () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
Title: glib-compile-schemas assert failure: *** Error in `/usr/lib/x86_64-linux-gnu/glib-2.0/glib-compile-schemas': munmap_chunk(): invalid pointer: 0x0000002601a1d1e0 ***
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

Tags:

Revision history for this message

dino99 (9d9) wrote on 2017-08-18:

Dependencies.txt Edit (2.5 KiB, text/plain; charset="utf-8")
Disassembly.txt Edit (885 bytes, text/plain; charset="utf-8")
JournalErrors.txt Edit (62.9 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (1.1 KiB, text/plain; charset="utf-8")
ProcMaps.txt Edit (3.7 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (1.2 KiB, text/plain; charset="utf-8")
Registers.txt Edit (769 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (3.0 KiB, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (3.1 KiB, text/plain; charset="utf-8")

information type:

Private → Public

Revision history for this message

Apport retracing service (apport) wrote on 2017-08-18:

StacktraceTop:
__libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7fb4dffa0f68 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
malloc_printerr (ar_ptr=0x0, ptr=<optimized out>, str=0x7fb4dffa0f90 "munmap_chunk(): invalid pointer", action=<optimized out>) at malloc.c:5049
munmap_chunk (p=<optimized out>) at malloc.c:2857
__GI___libc_free (mem=<optimized out>) at malloc.c:2980
g_free (mem=<optimized out>) at ../../../../glib/gmem.c:189

Revision history for this message

Apport retracing service (apport) wrote on 2017-08-18: Stacktrace.txt

Stacktrace.txt Edit (5.0 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2017-08-18: StacktraceSource.txt

StacktraceSource.txt Edit (2.2 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2017-08-18: ThreadStacktrace.txt

ThreadStacktrace.txt Edit (5.0 KiB, text/plain)

Changed in glib2.0 (Ubuntu):
importance:	Undecided → Medium
tags:	removed: need-amd64-retrace

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-08-24: Re: glib-compile-schemas assert failure: *** Error in `/usr/lib/x86_64-linux-gnu/glib-2.0/glib-compile-schemas': munmap_chunk(): invalid pointer: 0x0000002601a1d1e0 ***

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in glib2.0 (Ubuntu):
status:	New → Confirmed

Revision history for this message

Jeremy Bícha (jbicha) wrote on 2017-08-25:

I can't reproduce this bug.

Please be aware that it is not recommended to use -proposed updates during the development cycle.

Revision history for this message

Sebastien Bacher (seb128) wrote on 2017-08-28:

The issue is new and likely due to the per-session override code

Changed in glib2.0 (Ubuntu):
importance:	Medium → High

Revision history for this message

Sebastien Bacher (seb128) wrote on 2017-08-28:

Glancing on the code it seems there could be a double g_strfreev (pieces) case at least when schemas == NULL? It frees it and continue and then it's freed again at least before returning?

Revision history for this message

Sebastien Bacher (seb128) wrote on 2017-08-28:

#10

50_sogoupinyin.gschema.override Edit (172 bytes, text/plain)

The file attached triggers the segfault once copied in the schemas system dir

Revision history for this message

Sebastien Bacher (seb128) wrote on 2017-08-28:

#11

The invalid read

==31343== at 0x4EA5439: g_strfreev (gstrfuncs.c:2496)
==31343== by 0x10C045: set_overrides (glib-compile-schemas.c:2115)
==31343== by 0x10C045: main (glib-compile-schemas.c:2269)
==31343== Address 0x634b8e8 is 8 bytes inside a block of size 16 free'd
==31343== at 0x4C2ED5B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==31343== by 0x10BE82: set_overrides (glib-compile-schemas.c:2084)
==31343== by 0x10BE82: main (glib-compile-schemas.c:2269)

summary:

- glib-compile-schemas assert failure: *** Error in
- `/usr/lib/x86_64-linux-gnu/glib-2.0/glib-compile-schemas':
- munmap_chunk(): invalid pointer: 0x0000002601a1d1e0 ***
+ glib-compile-schemas invalid free in per session override

Revision history for this message

dino99 (9d9) wrote on 2017-08-28:

#12

Like Jeremy said, i have not met that error again since that report. Maybe the case has not been reproduced yet, and the problem will reappear later.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1713391 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuglib2.0 package

glib-compile-schemas invalid free in per session override

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
glib2.0 package