CompizConfigPython.test_* fail with SEGFAULT

Bug #1056615 reported by Daniel van Vugt on 2012-09-26
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Compiz
Medium
Daniel van Vugt
0.9.8
Medium
Daniel van Vugt
compiz (Ubuntu)
Undecided
Unassigned
Quantal
Undecided
Unassigned

Bug Description

[Impact]

Segfault when getting unexpected data from gconf.

[Test case]

Run the automated tests.

[Regression potential]

Low, additional NULL check added.

----

It's back again... This time with lp:compiz r3391:

99% tests passed, 4 tests failed out of 583

Total Test time (real) = 20.24 sec

The following tests FAILED:
   1 - CompizConfigPython.test_profile (SEGFAULT)
   2 - CompizConfigPython.test_plugin (SEGFAULT)
   3 - CompizConfigPython.test_setting (SEGFAULT)
   4 - CompizConfigPython.test_backend (SEGFAULT)
Errors while running CTest

Full verbose log attached.

Daniel van Vugt (vanvugt) wrote :
Changed in compiz:
milestone: none → 0.9.8.4
Changed in compiz:
milestone: 0.9.8.4 → 0.9.9.0
Daniel van Vugt (vanvugt) wrote :

Still crashing in r3413.

Changed in compiz:
assignee: Sam Spilsbury (smspillaz) → nobody
Daniel van Vugt (vanvugt) wrote :

Strange this only seems to happen with gcc. Not clang (yet).

Daniel van Vugt (vanvugt) wrote :

==6009== Invalid read of size 8
==6009== at 0x9252EA9: ccsGNOMEIntegrationBackendReadISAndSetSettingForType (ccs_gnome_integration.c:170)
==6009== by 0x925301A: ccsGNOMEIntegrationBackendReadOptionIntoSetting (ccs_gnome_integration.c:235)
==6009== by 0x9251CB6: readSetting (gconf.c:496)
==6009== by 0x7C83D5A: ccsReadPluginSettingsDefault (main.c:3461)
==6009== by 0x7C7748A: ccsLoadPluginSettings (compiz.cpp:3263)
==6009== by 0x7C82AC1: ccsContextNew (main.c:545)
==6009== by 0x7A541F9: __pyx_tp_new_12compizconfig_Context (compizconfig.c:4174)
==6009== by 0x4DB5E7: ??? (in /usr/bin/python2.7)
==6009== by 0x4E9F35: PyObject_Call (in /usr/bin/python2.7)
==6009== by 0x498469: PyEval_EvalFrameEx (in /usr/bin/python2.7)
==6009== by 0x498601: PyEval_EvalFrameEx (in /usr/bin/python2.7)
==6009== by 0x49F1BF: PyEval_EvalCodeEx (in /usr/bin/python2.7)
==6009== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==6009==
==6009==
==6009== Process terminating with default action of signal 11 (SIGSEGV)
==6009== Access not within mapped region at address 0x0
==6009== at 0x9252EA9: ccsGNOMEIntegrationBackendReadISAndSetSettingForType (ccs_gnome_integration.c:170)
==6009== by 0x925301A: ccsGNOMEIntegrationBackendReadOptionIntoSetting (ccs_gnome_integration.c:235)
==6009== by 0x9251CB6: readSetting (gconf.c:496)
==6009== by 0x7C83D5A: ccsReadPluginSettingsDefault (main.c:3461)
==6009== by 0x7C7748A: ccsLoadPluginSettings (compiz.cpp:3263)
==6009== by 0x7C82AC1: ccsContextNew (main.c:545)
==6009== by 0x7A541F9: __pyx_tp_new_12compizconfig_Context (compizconfig.c:4174)
==6009== by 0x4DB5E7: ??? (in /usr/bin/python2.7)
==6009== by 0x4E9F35: PyObject_Call (in /usr/bin/python2.7)
==6009== by 0x498469: PyEval_EvalFrameEx (in /usr/bin/python2.7)
==6009== by 0x498601: PyEval_EvalFrameEx (in /usr/bin/python2.7)
==6009== by 0x49F1BF: PyEval_EvalCodeEx (in /usr/bin/python2.7)
==6009== If you believe this happened as a result of a stack
==6009== overflow in your program's main thread (unlikely but
==6009== possible), you can try to increase the size of the
==6009== main thread stack using the --main-stacksize= flag.
==6009== The main thread stack size used in this run was 8388608.

Daniel van Vugt (vanvugt) wrote :

Confirmed all four crashes are the same as valgrind reported above.

Daniel van Vugt (vanvugt) wrote :

(gdb) bt full
#0 ccsGNOMEIntegrationBackendReadISAndSetSettingForType (
    integratedSetting=<optimised out>, setting=0xb9cdb0, v=<optimised out>,
    type=<optimised out>)
    at /home/dan/bzr/compiz/trunk/compizconfig/integration/gnome/src/ccs_gnome_integration.c:170
No locals.
#1 0x00007ffff47ba01b in ccsGNOMEIntegrationBackendReadOptionIntoSetting (
    integration=<optimised out>, context=<optimised out>, setting=0xb9cdb0,
    integratedSetting=0xc71bf0)
    at /home/dan/bzr/compiz/trunk/compizconfig/integration/gnome/src/ccs_gnome_integration.c:235
        ret = -1
        v = 0x0
        type = TypeKey
        priv = <optimised out>
#2 0x00007ffff47b8cb7 in readIntegratedOption (integrated=<optimised out>,
    setting=0xb9cdb0, context=0xb79540)
    at /home/dan/bzr/compiz/trunk/compizconfig/gconf/src/gconf.c:496
No locals.
#3 readSetting (backend=<optimised out>, context=0xb79540, setting=0xb9cdb0)
    at /home/dan/bzr/compiz/trunk/compizconfig/gconf/src/gconf.c:1113
        status = <optimised out>
        integrated = 0xc71bf0
#4 0x00007ffff5995d5b in ccsReadPluginSettingsDefault (plugin=0xbb21a0)
    at /home/dan/bzr/compiz/trunk/compizconfig/libcompizconfig/src/main.c:3461
        context = <optimised out>
        cPrivate = 0xa55590
        pPrivate = <optimised out>
        sl = 0xb9cc20
#5 ccsReadPluginSettingsDefault (plugin=0xbb21a0)
    at /home/dan/bzr/compiz/trunk/compizconfig/libcompizconfig/src/main.c:3439
No locals.
#6 0x00007ffff598948b in ccsLoadPluginSettings (plugin=<optimised out>)
    at /home/dan/bzr/compiz/trunk/compizconfig/libcompizconfig/src/compiz.cpp:3263
        pPrivate = <optimised out>
        xmlStat = {st_dev = 2049, st_ino = 3948944, st_nlink = 1,
          st_mode = 33204, st_uid = 1000, st_gid = 1000, __pad0 = 0,
          st_rdev = 0, st_size = 223338, st_blksize = 4096, st_blocks = 440,
          st_atim = {tv_sec = 1350530688, tv_nsec = 989856388}, st_mtim = {
            tv_sec = 1350530666, tv_nsec = 965855975}, st_ctim = {
            tv_sec = 1350530666, tv_nsec = 965855975}, __unused = {0, 0, 0}}
#7 0x00007ffff5994ac2 in ccsContextNew (screenNum=<optimised out>,
    iface=<optimised out>)
    at /home/dan/bzr/compiz/trunk/compizconfig/libcompizconfig/src/main.c:545
        s = <optimised out>
        p = 0xbb21a0
        context = 0xb79540
#8 0x00007ffff5bb11fa in __pyx_f_12compizconfig_7Context___cinit__ (

Changed in compiz:
assignee: nobody → Daniel van Vugt (vanvugt)
Changed in compiz:
status: New → In Progress
Changed in compiz:
status: In Progress → Fix Committed
Daniel van Vugt (vanvugt) wrote :

Fix committed to lp:compiz/0.9.8 at revision 3410.

Changed in compiz:
importance: Undecided → Medium
Daniel van Vugt (vanvugt) wrote :

Fix committed to lp:compiz at revision 3436

description: updated
Changed in compiz (Ubuntu):
status: New → Confirmed
description: updated
Changed in compiz (Ubuntu):
status: Confirmed → In Progress
Changed in compiz (Ubuntu Quantal):
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package compiz - 1:0.9.8.4+bzr3412-0ubuntu1

---------------
compiz (1:0.9.8.4+bzr3412-0ubuntu1) raring; urgency=low

  * New upstream snapshot.
    - Avoid duplicate template instantiations of PluginClassHandler<>, at
      least for those plugins that get re-used by others. (LP: #1065815)
    - Don't try to dereference NULL, which is returned by
      ccsGConfIntegratedSettingReadValue when it gets unexpected data
      from gconf. (LP: #1056615)
    - Stop the resize border (Rectangle resize mode) from flickering
      slightly. (LP: #1068518)
 -- Timo Jyrinki <email address hidden> Fri, 09 Nov 2012 09:52:15 +0200

Changed in compiz (Ubuntu):
status: In Progress → Fix Released

Hello Daniel, or anyone else affected,

Accepted compiz into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/compiz/1:0.9.8.4+bzr3412-0ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in compiz (Ubuntu Quantal):
status: In Progress → Fix Committed
tags: added: verification-needed
tags: added: verification-done
removed: verification-needed

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package compiz - 1:0.9.8.4+bzr3412-0ubuntu0.1

---------------
compiz (1:0.9.8.4+bzr3412-0ubuntu0.1) quantal-proposed; urgency=low

  * New upstream snapshot.
    - Avoid duplicate template instantiations of PluginClassHandler<>, at
      least for those plugins that get re-used by others. (LP: #1065815)
    - Don't try to dereference NULL, which is returned by
      ccsGConfIntegratedSettingReadValue when it gets unexpected data
      from gconf. (LP: #1056615)
    - Stop the resize border (Rectangle resize mode) from flickering
      slightly. (LP: #1068518)
 -- Timo Jyrinki <email address hidden> Fri, 09 Nov 2012 09:52:15 +0200

Changed in compiz (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in compiz:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments