indicator-sound-service crashed with SIGSEGV in fast_validate()

Bug #949837 reported by Paul Wieczkowski on 2012-03-08
52
This bug affects 7 people
Affects Status Importance Assigned to Milestone
The Sound Menu
Fix Released
High
Charles Kerr
indicator-sound (Ubuntu)
High
Unassigned

Bug Description

Removing Clementine via Ubuntu Software Center and generated the crash.

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: indicator-sound 0.8.3.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-18.28-generic 3.2.9
Uname: Linux 3.2.0-18-generic x86_64
NonfreeKernelModules: fglrx
ApportVersion: 1.94.1-0ubuntu1
Architecture: amd64
Date: Thu Mar 8 06:00:59 2012
ExecutablePath: /usr/lib/indicator-sound/indicator-sound-service
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120228.1)
ProcCmdline: /usr/lib/indicator-sound/indicator-sound-service
SegvAnalysis:
 Segfault happened at: 0x7f66b74a1088 <g_utf8_validate+488>: movzbl (%rdi),%r8d
 PC (0x7f66b74a1088) ok
 source "(%rdi)" (0x00000021) not located in a known VMA region (needed readable region)!
 destination "%r8d" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: indicator-sound
StacktraceTop:
 g_utf8_validate () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
 g_variant_new_string () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
 g_variant_new_strv () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
 g_settings_set_strv () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
 ?? ()
Title: indicator-sound-service crashed with SIGSEGV in g_utf8_validate()
UpgradeStatus: Upgraded to precise on 2012-03-07 (1 days ago)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

Related branches

StacktraceTop:
 fast_validate (str=<optimized out>) at /build/buildd/glib2.0-2.31.20/./glib/gutf8.c:1461
 g_utf8_validate (str=0x21 <Address 0x21 out of bounds>, max_len=-1, end=0x0) at /build/buildd/glib2.0-2.31.20/./glib/gutf8.c:1629
 g_variant_new_string (string=0x21 <Address 0x21 out of bounds>) at /build/buildd/glib2.0-2.31.20/./glib/gvariant.c:1267
 g_variant_new_strv (strv=0x1626330, length=6) at /build/buildd/glib2.0-2.31.20/./glib/gvariant.c:1494
 g_settings_set_strv (settings=0x15f1850, key=0x4240aa "interested-media-players", value=<optimized out>) at /build/buildd/glib2.0-2.31.20/./gio/gsettings.c:1855

Changed in indicator-sound (Ubuntu):
importance: Undecided → Medium
summary: - indicator-sound-service crashed with SIGSEGV in g_utf8_validate()
+ indicator-sound-service crashed with SIGSEGV in fast_validate()
tags: removed: need-amd64-retrace
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in indicator-sound (Ubuntu):
status: New → Confirmed
Conor Curran (cjcurran) on 2012-03-23
visibility: private → public
Changed in indicator-sound:
status: New → Confirmed
importance: Undecided → Medium
Conor Curran (cjcurran) on 2012-03-26
Changed in indicator-sound:
assignee: nobody → Conor Curran (cjcurran)
Charles Kerr (charlesk) on 2012-03-26
Changed in indicator-sound:
assignee: Conor Curran (cjcurran) → Charles Kerr (charlesk)
Charles Kerr (charlesk) wrote :

This is more than just an isolated crash, I think we're corrupting memory and this crash is just one side-effect of it...

Changed in indicator-sound (Ubuntu):
importance: Medium → High
Changed in indicator-sound:
importance: Medium → High
Charles Kerr (charlesk) on 2012-03-26
Changed in indicator-sound:
status: Confirmed → In Progress
Charles Kerr (charlesk) wrote :

...no, maybe I'm wrong about that. I was confusing g_settings_get_strv() with g_variant_get_strv() which have different behaviors, one returns a deep copy and the other returns a shallow copy.

Charles Kerr (charlesk) wrote :

Okay, the problem here is a pretty simple one, settings.set_strv() requires a NULL-terminated array of strings and the vala code doesn't add a null to the ArrayList. Moreover, it looks like ArrayList.add() doesn't allow null anyway.

I've reimplemented the two .set_strv() functions (remove_interested() and add_interested()) to use GVariantBuilder + .set_value() instead.

Charles Kerr (charlesk) wrote :

Fixing this bug exposes another one, Bug #965848

Charles Kerr (charlesk) on 2012-03-27
Changed in indicator-sound:
status: In Progress → Fix Committed
Conor Curran (cjcurran) on 2012-03-27
Changed in indicator-sound:
milestone: none → 0.8.5
Changed in indicator-sound (Ubuntu):
status: Confirmed → In Progress
Conor Curran (cjcurran) on 2012-03-30
Changed in indicator-sound:
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package indicator-sound - 0.8.5.0-0ubuntu1

---------------
indicator-sound (0.8.5.0-0ubuntu1) precise; urgency=low

  * New upstream release.
    - Inconsistency between messaging menu and sound menu pips (LP: #933593)
    - indicator-sound-service crashed with SIGSEGV in
      fast_validate() (LP: #949837)
    - free-memory-read crash in indicator-sound-service's file
      monitoring (LP: #965848)
    - minor memory leaks in blacklist handling (LP: #960578)
    - FIX (LP: FIX)
  * -debian/patches/lp_945827.patch, debian/patches/lp_960846.patch
     - dropped, merged upstream
 -- Ken VanDine <email address hidden> Fri, 30 Mar 2012 14:45:03 -0400

Changed in indicator-sound (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers