Invalid reads in keyboard plugin
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-settings-daemon (Ubuntu) |
Fix Released
|
Medium
|
Chris Coulson | ||
Maverick |
Fix Released
|
Medium
|
Chris Coulson |
Bug Description
This is split from comment 16 on bug 630239:
==4294== Invalid read of size 1
==4294== at 0x4C29732: strcmp (mc_replace_
==4294== by 0x640AD28: g_str_equal (gstring.c:115)
==4294== by 0x63D7E6A: g_hash_
==4294== by 0x13BE70E5: popup_menu_
==4294== by 0x13BE7C84: apply_xkb_settings (gsd-keyboard-
==4294== by 0x13BE8377: gsd_keyboard_
==4294== by 0x13BE651A: start_keyboard_
==4294== by 0x63E67E1: g_main_
==4294== by 0x63EA747: g_main_
==4294== by 0x63EAC54: g_main_loop_run (gmain.c:2958)
==4294== by 0x4F7AA46: gtk_main (gtkmain.c:1237)
==4294== by 0x404299: main (main.c:502)
==4294== Address 0x1aa7d3a1 is 1 bytes inside a block of size 4 free'd
==4294== at 0x4C27D71: free (vg_replace_
==4294== by 0x13BE7104: popup_menu_
==4294== by 0x13BE7C84: apply_xkb_settings (gsd-keyboard-
==4294== by 0x13BE8377: gsd_keyboard_
==4294== by 0x13BE651A: start_keyboard_
==4294== by 0x63E67E1: g_main_
==4294== by 0x63EA747: g_main_
==4294== by 0x63EAC54: g_main_loop_run (gmain.c:2958)
==4294== by 0x4F7AA46: gtk_main (gtkmain.c:1237)
==4294== by 0x404299: main (main.c:502)
It is most likely the key for that particular node pointing to free'd
memory.
This is happening here in popup_menu_
for (g = 0; g < g_strv_length (shortnames);g++) {
1--> g_hash_table_insert (ln2cnt_map, lname, GINT_TO_POINTER (counter+1));
2--> g_free(lname);
}
So, at 2), the key "lname" is being free'd after it was previously
inserted in to the hash table (1), leaving a hash table full of nodes
with keys pointing to free'd memory regions.
This needs fixing, as it's likely to trigger crashes for some people when switching layouts
affects: | ubuntu → gnome-settings-daemon (Ubuntu) |
Changed in gnome-settings-daemon (Ubuntu): | |
assignee: | nobody → Chris Coulson (chrisccoulson) |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in gnome-settings-daemon (Ubuntu Maverick): | |
status: | New → Triaged |
importance: | Undecided → Medium |
assignee: | nobody → Chris Coulson (chrisccoulson) |
assignee: | Chris Coulson (chrisccoulson) → nobody |
milestone: | none → maverick-updates |
assignee: | nobody → Chris Coulson (chrisccoulson) |
Accepted gnome-settings- daemon into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you in advance!