| 2013-02-12 01:25:18 |
John Vert |
bug |
|
|
added bug |
| 2013-02-14 18:35:37 |
Sebastien Bacher |
bug task added |
|
libappindicator |
|
| 2013-02-14 19:13:36 |
Charles Kerr |
libappindicator: status |
New |
In Progress |
|
| 2013-02-14 19:13:40 |
Charles Kerr |
libappindicator: assignee |
|
Charles Kerr (charlesk) |
|
| 2013-02-14 19:13:43 |
Charles Kerr |
libappindicator: importance |
Undecided |
Medium |
|
| 2013-02-14 19:17:50 |
Launchpad Janitor |
branch linked |
|
lp:~charlesk/libappindicator/lp-1122596 |
|
| 2013-02-14 19:41:45 |
John Vert |
description |
app_indicator_init() in app-indicator.c calls g_bus_get() before setting self->priv. This creates a race condition where the bus_creation() callback can execute while self->priv still contains garbage. Suggested fix is to set self->priv before calling g_bus_get().
diff -ruN libappindicator-0.4.92/src/app-indicator.c libappindicator-0.4.92.new/src/app-indicator.c
--- libappindicator-0.4.92/src/app-indicator.c 2012-03-21 11:11:43.967367303 -0700
+++ libappindicator-0.4.92.new/src/app-indicator.c 2013-02-07 13:51:54.773720789 -0800
@@ -611,6 +611,8 @@
priv->sec_activate_target = NULL;
priv->sec_activate_enabled = FALSE;
+ self->priv = priv; // Needs to be set BEFORE calling g_bus_get so our handler can read it.
+
/* Start getting the session bus */
g_object_ref(self); /* ref for the bus creation callback */
g_bus_get(G_BUS_TYPE_SESSION, NULL, bus_creation, self);
@@ -618,8 +620,6 @@
g_signal_connect(G_OBJECT(gtk_icon_theme_get_default()),
"changed", G_CALLBACK(theme_changed_cb), self);
- self->priv = priv;
-
return;
}
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libappindicator1 (not installed)
ProcVersionSignature: Ubuntu 3.2.0-32.51-generic 3.2.30
Uname: Linux 3.2.0-32-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu17.1
Architecture: amd64
Date: Mon Feb 11 17:20:25 2013
InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 (20121016)
MarkForUpload: True
ProcEnviron:
LC_CTYPE=en_US.UTF-8
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/zsh
SourcePackage: libappindicator
UpgradeStatus: No upgrade log present (probably fresh install) |
app_indicator_init() in app-indicator.c calls g_bus_get() before setting self->priv. This creates a race condition where the bus_creation() callback can execute while self->priv still contains garbage. Suggested fix is to set self->priv before calling g_bus_get().
diff -ruN libappindicator-0.4.92/src/app-indicator.c libappindicator-0.4.92.new/src/app-indicator.c
--- libappindicator-0.4.92/src/app-indicator.c 2012-03-21 11:11:43.967367303 -0700
+++ libappindicator-0.4.92.new/src/app-indicator.c 2013-02-07 13:51:54.773720789 -0800
@@ -611,6 +611,8 @@
priv->sec_activate_target = NULL;
priv->sec_activate_enabled = FALSE;
+ self->priv = priv; // Needs to be set BEFORE calling g_bus_get so our handler can read it.
+
/* Start getting the session bus */
g_object_ref(self); /* ref for the bus creation callback */
g_bus_get(G_BUS_TYPE_SESSION, NULL, bus_creation, self);
@@ -618,8 +620,6 @@
g_signal_connect(G_OBJECT(gtk_icon_theme_get_default()),
"changed", G_CALLBACK(theme_changed_cb), self);
- self->priv = priv;
-
return;
}
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libappindicator1 (not installed)
ProcVersionSignature: Ubuntu 3.2.0-32.51-generic 3.2.30
Uname: Linux 3.2.0-32-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu17.1
Architecture: amd64
Date: Mon Feb 11 17:20:25 2013
InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 (20121016)
MarkForUpload: True
ProcEnviron:
LC_CTYPE=en_US.UTF-8
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/zsh
SourcePackage: libappindicator
UpgradeStatus: No upgrade log present (probably fresh install)
[Impact]
This bug was the #2 cause of crashes in the Steam client. I believe this meets the SRU criteria: "Bugs which do not fit under above categories, but (1) have an obviously safe patch and (2) affect an application rather than critical infrastructure packages (like X.org or the kernel)."
[Test Case]
As this is a race condition it is difficult to reproduce. However we have many crashdumps with a SIGSEGV referencing a garbage self->priv pointer in bus_creation(). After applying this fix, the crashes stopped.
[Regression Potential]
Low |
|
| 2013-02-14 21:14:47 |
PS Jenkins bot |
libappindicator: status |
In Progress |
Fix Committed |
|
| 2013-02-15 11:45:16 |
Launchpad Janitor |
libappindicator (Ubuntu): status |
New |
Fix Released |
|
| 2013-02-27 20:36:14 |
Brian Murray |
branch linked |
|
lp:~johnv/ubuntu/precise/libappindicator/bug-1122596 |
|
| 2013-02-27 20:42:11 |
Brian Murray |
nominated for series |
|
Ubuntu Precise |
|
| 2013-02-27 20:42:11 |
Brian Murray |
bug task added |
|
libappindicator (Ubuntu Precise) |
|
| 2013-02-27 20:42:20 |
Brian Murray |
libappindicator (Ubuntu Precise): status |
New |
Triaged |
|
| 2013-02-27 20:42:24 |
Brian Murray |
libappindicator (Ubuntu Precise): importance |
Undecided |
High |
|
| 2013-02-27 20:54:39 |
Brian Murray |
libappindicator (Ubuntu Precise): assignee |
|
Brian Murray (brian-murray) |
|
| 2013-02-27 20:54:44 |
Brian Murray |
libappindicator (Ubuntu Precise): status |
Triaged |
In Progress |
|
| 2013-03-07 22:32:57 |
Dave Walker |
libappindicator (Ubuntu Precise): status |
In Progress |
Fix Committed |
|
| 2013-03-07 22:32:58 |
Dave Walker |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2013-03-07 22:33:00 |
Dave Walker |
bug |
|
|
added subscriber SRU Verification |
| 2013-03-07 22:33:07 |
Dave Walker |
tags |
amd64 apport-bug precise running-unity |
amd64 apport-bug precise running-unity verification-needed |
|
| 2013-03-07 22:47:34 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/precise/libappindicator/precise-proposed |
|
| 2013-06-18 18:07:30 |
Ubuntu Foundations Team Bug Bot |
tags |
amd64 apport-bug precise running-unity verification-needed |
amd64 apport-bug precise removal-candidate running-unity verification-needed |
|
| 2014-01-07 09:31:52 |
Bartosz Kosiorek |
tags |
amd64 apport-bug precise removal-candidate running-unity verification-needed |
amd64 apport-bug precise removal-candidate running-unity verification-done |
|
| 2014-01-07 11:37:25 |
Launchpad Janitor |
libappindicator (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
| 2014-01-07 11:37:33 |
Colin Watson |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2014-03-13 21:35:05 |
Charles Kerr |
libappindicator: status |
Fix Committed |
Fix Released |
|
