invalid read in the plugin loader code

Bug #1726906 reported by Sebastien Bacher on 2017-10-24
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNOME Software
Expired
Medium
gnome-software (Ubuntu)
High
Unassigned

Bug Description

Using the 17.10 version valgrind shows that error (the system has an invalid snap store login account configured so it might be due to that)

==4467== Invalid read of size 8
==4467== at 0x52E7747: g_type_check_instance_is_a (gtype.c:4008)
==4467== by 0x175E3C: GS_IS_PLUGIN_EVENT (gs-plugin-event.h:34)
==4467== by 0x175E3C: gs_plugin_event_add_flag (gs-plugin-event.c:210)
==4467== by 0x52C1F9C: g_closure_invoke (gclosure.c:804)
==4467== by 0x52D4CDD: signal_emit_unlocked_R (gsignal.c:3635)
==4467== by 0x52DD4B4: g_signal_emit_valist (gsignal.c:3391)
==4467== by 0x52DDECE: g_signal_emit (gsignal.c:3447)
==4467== by 0x52C6463: g_object_dispatch_properties_changed (gobject.c:1080)
==4467== by 0x52C8838: g_object_notify_by_spec_internal (gobject.c:1173)
==4467== by 0x52C8838: g_object_notify (gobject.c:1221)
==4467== by 0x17AECF: gs_plugin_loader_notify_idle_cb (gs-plugin-loader.c:297)
==4467== by 0x5550E24: g_main_dispatch (gmain.c:3148)
==4467== by 0x5550E24: g_main_context_dispatch (gmain.c:3813)
==4467== by 0x55511EF: g_main_context_iterate.isra.30 (gmain.c:3886)
==4467== by 0x555127B: g_main_context_iteration (gmain.c:3947)
==4467== Address 0x2bf16960 is 0 bytes inside a block of size 72 free'd
==4467== at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4467== by 0x52E6AB0: g_type_free_instance (gtype.c:1943)
==4467== by 0x1783F1: glib_autoptr_cleanup_GObject (gobject-autocleanups.h:25)
==4467== by 0x1783F1: glib_autoptr_cleanup_GsPluginEvent (gs-plugin-event.h:34)
==4467== by 0x1783F1: gs_plugin_loader_create_event_from_error (gs-plugin-loader.c:332)
==4467== by 0x1783F1: gs_plugin_error_handle_failure (gs-plugin-loader.c:410)
==4467== by 0x17953F: gs_plugin_loader_call_vfunc (gs-plugin-loader.c:742)
==4467== by 0x17A073: gs_plugin_loader_run_refine_internal (gs-plugin-loader.c:816)
==4467== by 0x17A58E: gs_plugin_loader_run_refine (gs-plugin-loader.c:950)
==4467== by 0x17B14F: gs_plugin_loader_process_thread_cb (gs-plugin-loader.c:3170)
==4467== by 0x58A5D55: g_task_thread_pool_thread (gtask.c:1328)
==4467== by 0x557900F: g_thread_pool_thread_proxy (gthreadpool.c:307)
==4467== by 0x5578644: g_thread_proxy (gthread.c:784)
==4467== by 0x82D07FB: start_thread (pthread_create.c:465)
==4467== by 0x85FCB0E: clone (clone.S:95)
==4467== Block was alloc'd at
==4467== at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4467== by 0x5556578: g_malloc (gmem.c:94)
==4467== by 0x556E0F5: g_slice_alloc (gslice.c:1025)
==4467== by 0x556E588: g_slice_alloc0 (gslice.c:1051)
==4467== by 0x52E66D4: g_type_create_instance (gtype.c:1848)
==4467== by 0x52C75E7: g_object_new_internal (gobject.c:1797)
==4467== by 0x52C8D84: g_object_new_with_properties (gobject.c:1965)
==4467== by 0x52C9800: g_object_new (gobject.c:1637)
==4467== by 0x175F91: gs_plugin_event_new (gs-plugin-event.c:319)
==4467== by 0x178294: gs_plugin_loader_create_event_from_error (gs-plugin-loader.c:347)
==4467== by 0x178294: gs_plugin_error_handle_failure (gs-plugin-loader.c:410)
==4467== by 0x17953F: gs_plugin_loader_call_vfunc (gs-plugin-loader.c:742)
==4467== by 0x17A073: gs_plugin_loader_run_refine_internal (gs-plugin-loader.c:816)

Sebastien Bacher (seb128) wrote :
Changed in gnome-software (Ubuntu):
importance: Undecided → High
status: New → Triaged
Changed in gnome-software:
importance: Unknown → Medium
status: Unknown → Confirmed
Changed in gnome-software:
status: Confirmed → Incomplete
Changed in gnome-software:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.