Short-lived input devices crash applications

Bug #897976 reported by Stephen M. Webb on 2011-11-30
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Geis
High
Stephen M. Webb
utouch-geis (Ubuntu)
High
Stephen M. Webb

Bug Description

Input devices that appear and disappear quickly cause a race condition in utouch-geis that results in a null pointer dereference and subsequent application crash. This can lead to unfortunate consequences when the application is compiz.

Here's a backtrace of the situation in flagrante delicto.

#0 XIFreeDeviceInfo (info=0x0) at ../../src/XIQueryDevice.c:109
        ptr = 0x0
#1 0x00007ff8331e7569 in _report_xcb_devices (be=0x1cc4cf8, deviceid=18)
    at geis_xcb_backend.c:504
        devices = 0x0
        device_index = 0
        num_devices = -1
#2 0x00007ff8331e8320 in _report_hierarchy_change (be=0x1cc4cf8,
    event=0x25b9ef0) at geis_xcb_backend.c:858
        he = 0x25b9ef0
        info = 0x25b9fd4
        i = 16
#3 0x00007ff8331e8509 in _xcb_dispatch (be=0x1cc4cf8)
    at geis_xcb_backend.c:921
        ge = 0x25b9ef0
        extension_info = 0x1cd4490
        event = 0x25b9ef0
        __FUNCTION__ = "_xcb_dispatch"
#4 0x00007ff8331e85c0 in _fd_callback (fd=26, ev=GEIS_BE_MX_READ_AVAILABLE,
    ctx=0x1cc4cf8) at geis_xcb_backend.c:943
        be = 0x1cc4cf8
#5 0x00007ff8331da886 in geis_backend_multiplexor_pump (mx=0x1cc4a90)
    at geis_backend_multiplexor.c:399
        flags = GEIS_BE_MX_READ_AVAILABLE
        callback_info = 0x1cc52e0
        i = 0
        status = GEIS_STATUS_UNKNOWN_ERROR
        processed_event_count = 0
        available_event_count = 1
        events = {{events = 1, data = {ptr = 0x1cc52e0, fd = 30167776,
              u32 = 30167776, u64 = 30167776}}, {events = 0, data = {
              ptr = 0x1406f10, fd = 20999952, u32 = 20999952,
              u64 = 20999952}}, {events = 0, data = {ptr = 0xa721c8000000000,
              fd = 0, u32 = 0, u64 = 752695423805685760}}, {events = 0,
            data = {ptr = 0xa7bf740, fd = 175896384, u32 = 175896384,
              u64 = 175896384}}}
        __FUNCTION__ = "geis_backend_multiplexor_pump"
#6 0x00007ff8331e3ba0 in geis_dispatch_events (geis=0x1cc4970) at geis.c:834
        status = GEIS_STATUS_SUCCESS
#7 0x00007ff8331e1ea8 in geis_event_dispatch (instance=0x1cc4900)
    at geis_v1.c:632
No locals.
#8 0x00007ff82142bde0 in GeisAdapter::OnWatchIn(_GIOChannel*, GIOCondition, void*) () from /usr/lib/compiz/libunityshell.so
No symbol table info available.

Related branches

Stephen M. Webb (bregma) wrote :

This bug came to light while exercising the utouch-evemu test suite, which creates and destroys input devices very quickly.

Changed in utouch-geis:
assignee: nobody → Stephen M. Webb (bregma)
importance: Undecided → High
status: New → Triaged
Stephen M. Webb (bregma) on 2011-11-30
Changed in utouch-geis:
milestone: none → utouch-geis-2.2.2
status: Triaged → In Progress
Stephen M. Webb (bregma) on 2011-11-30
summary: - Short-lived input devices crash compiz
+ Short-lived input devices crash applications
Changed in utouch-geis (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Stephen M. Webb (bregma)
Stephen M. Webb (bregma) on 2011-12-08
Changed in utouch-geis:
status: In Progress → Fix Committed
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package utouch-geis - 2.2.2-0ubuntu1

---------------
utouch-geis (2.2.2-0ubuntu1) precise; urgency=low

  * Set noopt option in PPA daily build.
  * New upstream release.
    - Fixes a crash due to a race condition (LP: #897976).
    - Fixes a special case for no matchingdevices in a filter (LP: #891731).
    - Adds an API call to get device attributes by name.
    - Adds an API call to get device by ID (LP: #891654).
    - Adds proper header to back end test fixtures (LP: #785321).
    - Uses back end fallback only for default back end (LP: #883470).
  * Reversed condition for PPA daily builds.
  * debian/libutouch-geis1.symbols: added symbols for new API calls.
    - geis_device_attr_by_name()
    - geis_get_device()
 -- <email address hidden> (Stephen M. Webb) Thu, 08 Dec 2011 11:03:49 -0500

Changed in utouch-geis (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers