hud-service crashed with SIGSEGV in data()

Bug #1292237 reported by Marin Treselj on 2014-03-13
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
hud (Ubuntu)
Medium
Pete Woods

Bug Description

Don't know how it happened, crash warning just poped up...

ProblemType: Crash
DistroRelease: Ubuntu 14.04
Package: hud 13.10.1+14.04.20140218.2-0ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-17.37-generic 3.13.6
Uname: Linux 3.13.0-17-generic x86_64
ApportVersion: 2.13.3-0ubuntu1
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Mar 13 22:45:46 2014
ExecutablePath: /usr/lib/x86_64-linux-gnu/hud/hud-service
InstallationDate: Installed on 2013-02-03 (403 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
ProcCmdline: /usr/lib/x86_64-linux-gnu/hud/hud-service
SegvAnalysis:
 Segfault happened at: 0x7f31049cadc1 <_ZNK7QAction4textEv+1>: mov 0x8(%rsi),%rsi
 PC (0x7f31049cadc1) ok
 source "0x8(%rsi)" (0x00000008) not located in a known VMA region (needed readable region)!
 destination "%rsi" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: hud
StacktraceTop:
 QAction::text() const () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
 ?? ()
 ?? ()
 hud::service::ItemStore::search(QString const&, QList<hud::service::Result>&) ()
 hud::service::QueryImpl::refresh() ()
Title: hud-service crashed with SIGSEGV in QAction::text()
UpgradeStatus: Upgraded to trusty on 2014-02-13 (28 days ago)
UserGroups: adm cdrom dip libvirtd lpadmin plugdev sambashare sudo www-data

Related branches

Marin Treselj (phyzik) wrote :

StacktraceTop:
 data (this=0x8) at ../../include/QtCore/../../src/corelib/tools/qscopedpointer.h:134
 qGetPtrHelper<QScopedPointer<QObjectData> > (p=...) at ../../include/QtCore/../../src/corelib/global/qglobal.h:991
 d_func (this=0x0) at kernel/qaction.h:66
 QAction::text (this=0x0) at kernel/qaction.cpp:744
 convertActionText (action=action@entry=0x0) at /build/buildd/hud-13.10.1+14.04.20140218.2/service/ItemStore.cpp:59

Changed in hud (Ubuntu):
importance: Undecided → Medium
summary: - hud-service crashed with SIGSEGV in QAction::text()
+ hud-service crashed with SIGSEGV in data()
tags: removed: need-amd64-retrace
Charles Kerr (charlesk) wrote :

The crash occurred when convertActionText() was passed a nullptr from convertToEntry(), whose nullptr 'action' argument came from ItemStore::search looping over its m_items and passing in it->value()->action().

It looks like Item::action()'s implementation explicitly returns nullptr in extreme cases, so we should probably add a nullptr safeguard to convertActionText() and fix convertToEntry() to avoid empty strings between the "||" delimiters.

information type: Private → Public
Changed in hud (Ubuntu):
status: New → Triaged
Charles Kerr (charlesk) wrote :

After talking it over with Pete, it sounds like this crash is probably caused by the async dbus calls issue fixed in Bug #1292586.

Please upgrade your system to that version of hud when it is released. If you still encounter the crash, please file a new report.

Pete Woods (pete-woods) wrote :

I looked at this again. I could be wrong. I've linked a branch that simply skips actions that can't be found in the search results.

Pete Woods (pete-woods) on 2014-03-21
Changed in hud (Ubuntu):
assignee: nobody → Pete Woods (pete-woods)
status: Triaged → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package hud - 13.10.1+14.04.20140326-0ubuntu1

---------------
hud (13.10.1+14.04.20140326-0ubuntu1) trusty; urgency=low

  [ Pete Woods ]
  * Add safety valve for DBusMenuCollector that also reports the
    offending application (LP: #1280372)

hud (13.10.1+14.04.20140325-0ubuntu1) trusty; urgency=low

  [ Charles Kerr ]
  * Simplify the implementation of QtGActionGroup. This started off with
    the intent of removing the overhead of g_action_group_list_actions()
    in QtGActionGroup::Action(), but then I found
    QtGActionGroup::Action() was only called in the object's constructor
    and destructor, so it made more sense to remove the function
    altogether. Summary of changes:   * Plugged GVariant leak in
    QtGActionGroup::TriggerAction()   * Plugged char* leak in
    QtGMenuUtils::makeStringListQVariant   * ActionGroup ctor calls
    g_action_group_list_actions() once instead of n+1 times   *
    ActionGroup dtor calls g_action_group_list_actions() once instead of
    n times   * Removed unused public method Size()   * Removed newly-
    unused public method Action()   * Removed newly-unused field m_size
    (LP: #1296746)

  [ Pete Woods ]
  * Add null guards to ItemStore search (LP: #1292237)
  * Fix test failures exposed by fix to libqtdbustest (LP: #1296744)
  * Call only "safe" write method from UNIX signal handler See
    http://pubs.opengroup.org/onlinepubs/000095399/functions/xsh_chap02_
    04.html#tag_02_04_01 (LP: #1296602)
 -- Ubuntu daily release <email address hidden> Wed, 26 Mar 2014 09:36:22 +0000

Changed in hud (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers