Ubuntu One Client

Nautilus crashes when anything Ubuntu One-related is clicked in the menu

Bug #498019 reported by Roman Yepishev
92
This bug affects 19 people
Affects Status Importance Assigned to Milestone
Ubuntu One Client
Status tracked in Trunk
Stable-1-4
Fix Released
High
Roman Yepishev
Trunk
Fix Released
Medium
Rodrigo Moya
ubuntuone-client (Ubuntu)
Fix Released
Undecided
Roman Yepishev
Nominated for Maverick by Roman Yepishev

Bug Description

This is rather hard to reproduce, but here's my attempt:

Refreshing the folder:
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_bg_menu_items>
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items>
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items> g_list_length(files) = 1
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items> path=/home/rtg/Ubuntu One/testing
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items> uon->share_cb_data exists
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items> share_cb_data = 0x9169810
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items> share_cb_data->path = /home/rtg/Ubuntu One/testing
(nautilus:933): UbuntuOne-Nautilus-WARNING **: </get_bg_menu_items>
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items>
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items>
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items>

Selecting volia-traffic_ folder using the mouse:
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items>
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items> g_list_length(files) = 1
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items> path=/home/rtg/Ubuntu One/testing/volia-traffic_
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items> uon->share_cb_data exists
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items> share_cb_data = 0x9169810
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items> share_cb_data->path = /home/rtg/Ubuntu One/testing/volia-traffic_

Calling Menu on volia-traffic_folder:
(nothing happens)

Clicking "Share this on Ubuntu One":
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items>
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items> g_list_length(files) = 1
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items> path=/home/rtg/Ubuntu One/testing/volia-traffic_
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items> uon->share_cb_data exists
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items> share_cb_data = 0xb1d0e170
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <get_menu_items> share_cb_data->path = /home/rtg/Ubuntu One/testing/volia-traffic_
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <share_folder>, data = 0x9169810
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <share_dialog_construct>
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <share_dialog_construct>, data = 0x9169810
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <share_dialog_construct>, data->path @ (nil)
(nautilus:933): UbuntuOne-Nautilus-WARNING **: <share_dialog_construct>, data->path = (null)
(nautilus:933): GLib-CRITICAL **: g_path_get_basename: assertion `file_name != NULL' failed
(nautilus:933): Gtk-CRITICAL **: gtk_entry_set_text: assertion `text != NULL' failed

Nautilus does not crash in this example, but look at data->path pointer that was passed to ubuntuone_nautilus_share_dialog_construct, it is NULL. It might be not NULL as well in other cases, leading to crashes caused by accessing non-initialized memory.

Additionally, data pointer for "volia-traffic_" folder has changed to the previous one, from 0xb1d0e170 which has a valid path, to 0x9169810, which has everything set to NULL in this case. You might notice that 0x9169810 was allocated when the user selected the folder using the mouse. Since uon->share_cb_data existed in get_menu_items, it got free()d and then a new pointer was allocated. But, somehow, Nautilus preserved the old pointer and passed it to share_dialog_construct.

What is strange is why would ubuntuone_nautilus_get_menu_items be called right after user clicked on the menu item?

Tags: desktop+

Related branches

lp:~rye/ubuntuone-client/no-shared-cb-crash
lp:~rye/ubuntuone-client/no-shared-cb-crash-stable-1-4
Alejandro J. Cura (community): Approve
Rodrigo Moya (community): Approve
Diff: 147 lines (+24/-22)
1 file modified
nautilus/ubuntuone-nautilus.c (+24/-22)
Superseded for merging into lp:ubuntuone-client
dobey (community): Needs Resubmitting
Alejandro J. Cura (community): Approve
Rodrigo Moya (community): Approve
Diff: 147 lines (+24/-22)
1 file modified
nautilus/ubuntuone-nautilus.c (+24/-22)
lp:ubuntu/maverick/ubuntuone-client
Revision history for this message
Roman Yepishev (rye) wrote :

Carrying around our own structure for the menu item might be an overkill.

Each Glib object already "carries around a table of associations from strings to pointers.".

So, probably, we need to dump the custom shared structure that gets freed spontaneously and stuff everything into the menu item object with g_object_set_data/g_object_set_data_full calls which gets passed to the callback routine.

Nautilus does not appear to have anything in code that could call the menu provider for an item activation but I will poke it some more.

Revision history for this message
dobey (dobey) wrote :

I believe you already fixed this no? Please confirm?

Changed in ubuntuone-client:
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Roman Yepishev (rye) wrote :

No, this still needs to be fixed in the plugin itself, it should not store such kind of reference. Tying data to menu entry might be a better choice, but I haven't tested this yet.

Changed in ubuntuone-client:
status: Incomplete → New
Joshua Hoover (joshuahoover)
Changed in ubuntuone-client:
status: New → Confirmed
assignee: nobody → Ubuntu One Desktop+ team (uone-desktop)
tags: added: desktop+
Revision history for this message
Kris Douglas (krisdouglas) wrote :

I am also experiencing this problem, quite a pain when I am trying to get things synced up to Ubuntu One properly.

Roman Yepishev (rye)
Changed in ubuntuone-client:
importance: Low → High
assignee: Ubuntu One Desktop+ team (ubuntuone-desktop+) → Roman Yepishev (rye)
Roman Yepishev (rye)
summary: - Nautilus crashes when "Share on Ubuntu One" is clicked
+ Nautilus crashes when anything Ubuntu One-related is clicked in the menu
Roman Yepishev (rye)
Changed in ubuntuone-client (Ubuntu):
assignee: nobody → Roman Yepishev (rye)
dobey (dobey)
Changed in ubuntuone-client:
status: Confirmed → Fix Committed
dobey (dobey)
Changed in ubuntuone-client:
status: Fix Committed → In Progress
assignee: Roman Yepishev (rye) → Rodrigo Moya (rodrigo-moya)
importance: High → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntuone-client - 1.4.3-0ubuntu1

---------------
ubuntuone-client (1.4.3-0ubuntu1) maverick; urgency=low

  * New upstream release:
    - Correctly stringify http errors that occur in restclient (in another
      process), and fix the call to bus.get_object in the case of removing the
      current machine's token (John Lenton) (LP: #644547)
    - Reuse shared structure to avoid crashes due to referencing already
      released memory (Roman Yepishev) (LP: #498019)
    - Show an error dialog when deleting a share fails (Rodrigo Moya)
      (LP: #645518)
    - Plug a memory leak (Rodrigo Moya)
    - Removed AQ.deferred that was only used for testing (Facundo Batista)
 -- Rodrigo Moya <email address hidden> Fri, 24 Sep 2010 17:57:57 +0200

Changed in ubuntuone-client (Ubuntu):
status: New → Fix Released
Revision history for this message
Xavier Robin (jti-533g) wrote :

Is version 1.4.3-0ubuntu1 going to be backported to lucid? I currently have vesion 1.2.2-0ubuntu2.3 that still crashes.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.