Geis

Short-lived input devices crash applications

Bug #897976 reported by Stephen M. Webb
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Geis
Fix Released
High
Stephen M. Webb
Geis utouch-geis-2.2.2
utouch-geis (Ubuntu)
Fix Released
High
Stephen M. Webb

Bug Description

Input devices that appear and disappear quickly cause a race condition in utouch-geis that results in a null pointer dereference and subsequent application crash. This can lead to unfortunate consequences when the application is compiz.

Here's a backtrace of the situation in flagrante delicto.

#0 XIFreeDeviceInfo (info=0x0) at ../../src/XIQueryDevice.c:109
        ptr = 0x0
#1 0x00007ff8331e7569 in _report_xcb_devices (be=0x1cc4cf8, deviceid=18)
    at geis_xcb_backend.c:504
        devices = 0x0
        device_index = 0
        num_devices = -1
#2 0x00007ff8331e8320 in _report_hierarchy_change (be=0x1cc4cf8,
    event=0x25b9ef0) at geis_xcb_backend.c:858
        he = 0x25b9ef0
        info = 0x25b9fd4
        i = 16
#3 0x00007ff8331e8509 in _xcb_dispatch (be=0x1cc4cf8)
    at geis_xcb_backend.c:921
        ge = 0x25b9ef0
        extension_info = 0x1cd4490
        event = 0x25b9ef0
        __FUNCTION__ = "_xcb_dispatch"
#4 0x00007ff8331e85c0 in _fd_callback (fd=26, ev=GEIS_BE_MX_READ_AVAILABLE,
    ctx=0x1cc4cf8) at geis_xcb_backend.c:943
        be = 0x1cc4cf8
#5 0x00007ff8331da886 in geis_backend_multiplexor_pump (mx=0x1cc4a90)
    at geis_backend_multiplexor.c:399
        flags = GEIS_BE_MX_READ_AVAILABLE
        callback_info = 0x1cc52e0
        i = 0
        status = GEIS_STATUS_UNKNOWN_ERROR
        processed_event_count = 0
        available_event_count = 1
        events = {{events = 1, data = {ptr = 0x1cc52e0, fd = 30167776,
              u32 = 30167776, u64 = 30167776}}, {events = 0, data = {
              ptr = 0x1406f10, fd = 20999952, u32 = 20999952,
              u64 = 20999952}}, {events = 0, data = {ptr = 0xa721c8000000000,
              fd = 0, u32 = 0, u64 = 752695423805685760}}, {events = 0,
            data = {ptr = 0xa7bf740, fd = 175896384, u32 = 175896384,
              u64 = 175896384}}}
        __FUNCTION__ = "geis_backend_multiplexor_pump"
#6 0x00007ff8331e3ba0 in geis_dispatch_events (geis=0x1cc4970) at geis.c:834
        status = GEIS_STATUS_SUCCESS
#7 0x00007ff8331e1ea8 in geis_event_dispatch (instance=0x1cc4900)
    at geis_v1.c:632
No locals.
#8 0x00007ff82142bde0 in GeisAdapter::OnWatchIn(_GIOChannel*, GIOCondition, void*) () from /usr/lib/compiz/libunityshell.so
No symbol table info available.

Related branches

lp:~bregma/geis/lp-897976
Chase Douglas (community): Approve
Diff: 24 lines (+8/-5)
1 file modified
libutouch-geis/backend/xcb/geis_xcb_backend.c (+8/-5)
lp:geis
lp:geis/ubuntu
lp:ubuntu/precise/utouch-geis
Revision history for this message
Stephen M. Webb (bregma) wrote :

This bug came to light while exercising the utouch-evemu test suite, which creates and destroys input devices very quickly.

Changed in utouch-geis:
assignee: nobody → Stephen M. Webb (bregma)
importance: Undecided → High
status: New → Triaged
Stephen M. Webb (bregma)
Changed in utouch-geis:
milestone: none → utouch-geis-2.2.2
status: Triaged → In Progress
Stephen M. Webb (bregma)
summary: - Short-lived input devices crash compiz
+ Short-lived input devices crash applications
Chase Douglas (chasedouglas)
Changed in utouch-geis (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Stephen M. Webb (bregma)
Stephen M. Webb (bregma)
Changed in utouch-geis:
status: In Progress → Fix Committed
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package utouch-geis - 2.2.2-0ubuntu1

---------------
utouch-geis (2.2.2-0ubuntu1) precise; urgency=low

  * Set noopt option in PPA daily build.
  * New upstream release.
    - Fixes a crash due to a race condition (LP: #897976).
    - Fixes a special case for no matchingdevices in a filter (LP: #891731).
    - Adds an API call to get device attributes by name.
    - Adds an API call to get device by ID (LP: #891654).
    - Adds proper header to back end test fixtures (LP: #785321).
    - Uses back end fallback only for default back end (LP: #883470).
  * Reversed condition for PPA daily builds.
  * debian/libutouch-geis1.symbols: added symbols for new API calls.
    - geis_device_attr_by_name()
    - geis_get_device()
 -- <email address hidden> (Stephen M. Webb) Thu, 08 Dec 2011 11:03:49 -0500

Changed in utouch-geis (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.