nautilus crashes in action_open_item_location_callback() call in nautilus-view.c when pressing Ctrl+Alt+O directy on the desktop

Bug #1318688 reported by Cristian Calin on 2014-05-12
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
nautilus (Ubuntu)
Low
Unassigned
Trusty
Low
Unassigned

Bug Description

[ Description ]

null pointer dereference in Nautilus selection open callback.

[ QA ]

Open `Files'. Make sure nothing is selected. Hit ctrl+alt+O.

[ Development fix ]

The exact same patch has been uploaded to Utopic.

[ Regression potential ]

The patch is pending review upstream. I think it's unlikely to cause problems, but maybe it is expected that selection can be NULL.

[ Original description ]

This crash can be triggered immediately after logging in without any windows open or with all application windows hidden.
When you press Ctrl+Alt+O, nautilus intercepts this keybinding and crashes.

I've installed the debug packages and managed to identify the brakage in the action_open_item_location_callback fuction in nautilus-view.c.

Full backtrace:

(gdb) backtrace
#0 0x000000000046766e in action_open_item_location_callback (
    action=<optimized out>, callback_data=<optimized out>)
    at nautilus-view.c:1147
#1 0x00007f3da91713b8 in g_closure_invoke (closure=0xc86fb0,
    return_value=0x0, n_param_values=1, param_values=0x7ffff6867f80,
    invocation_hint=0x7ffff6867f20)
    at /build/buildd/glib2.0-2.40.0/./gobject/gclosure.c:768
#2 0x00007f3da9182d3d in signal_emit_unlocked_R (node=node@entry=0xa566b0,
    detail=detail@entry=0, instance=instance@entry=0xc75eb0,
    emission_return=emission_return@entry=0x0,
    instance_and_params=instance_and_params@entry=0x7ffff6867f80)
    at /build/buildd/glib2.0-2.40.0/./gobject/gsignal.c:3551
#3 0x00007f3da918aa29 in g_signal_emit_valist (instance=<optimized out>,
    signal_id=<optimized out>, detail=<optimized out>,
    var_args=var_args@entry=0x7ffff6868108)
    at /build/buildd/glib2.0-2.40.0/./gobject/gsignal.c:3307
#4 0x00007f3da918ace2 in g_signal_emit (instance=instance@entry=0xc75eb0,
    signal_id=<optimized out>, detail=detail@entry=0)
    at /build/buildd/glib2.0-2.40.0/./gobject/gsignal.c:3363
#5 0x00007f3dab7519d0 in _gtk_action_emit_activate (action=0xc75eb0)
    at /build/buildd/gtk+3.0-3.10.8/./gtk/deprecated/gtkaction.c:906
#6 0x00007f3dab751f69 in closure_accel_activate (closure=0xc86e00,
    return_value=0x7ffff6868300, n_param_values=<optimized out>,
---Type <return> to continue, or q <return> to quit---
    param_values=<optimized out>, invocation_hint=<optimized out>,
    marshal_data=<optimized out>)
    at /build/buildd/gtk+3.0-3.10.8/./gtk/deprecated/gtkaction.c:1861
#7 0x00007f3da91713b8 in g_closure_invoke (closure=0xc86e00,
    return_value=0x7ffff6868300, n_param_values=4,
    param_values=0x7ffff68683b0, invocation_hint=0x7ffff6868350)
    at /build/buildd/glib2.0-2.40.0/./gobject/gclosure.c:768
#8 0x00007f3da9182d3d in signal_emit_unlocked_R (node=node@entry=0xa334d0,
    detail=detail@entry=2786, instance=instance@entry=0xa4d8e0,
    emission_return=emission_return@entry=0x7ffff68684b0,
    instance_and_params=instance_and_params@entry=0x7ffff68683b0)
    at /build/buildd/glib2.0-2.40.0/./gobject/gsignal.c:3551
#9 0x00007f3da918a6f9 in g_signal_emit_valist (instance=<optimized out>,
    signal_id=<optimized out>, detail=<optimized out>,
    var_args=var_args@entry=0x7ffff6868578)
    at /build/buildd/glib2.0-2.40.0/./gobject/gsignal.c:3317
#10 0x00007f3da918ace2 in g_signal_emit (instance=instance@entry=0xa4d8e0,
    signal_id=<optimized out>, detail=detail@entry=2786)
    at /build/buildd/glib2.0-2.40.0/./gobject/gsignal.c:3363
#11 0x00007f3dab783d7d in gtk_accel_group_activate (accel_group=0xa4d8e0,
    accel_quark=accel_quark@entry=2786,
    acceleratable=acceleratable@entry=0xa50320, accel_key=accel_key@entry=111,
    accel_mods=accel_mods@entry=12)
---Type <return> to continue, or q <return> to quit---
    at /build/buildd/gtk+3.0-3.10.8/./gtk/gtkaccelgroup.c:910
#12 0x00007f3dab7854ed in gtk_accel_groups_activate (
    object=object@entry=0xa50320, accel_key=111, accel_mods=12)
    at /build/buildd/gtk+3.0-3.10.8/./gtk/gtkaccelgroup.c:948
#13 0x00007f3dab9c0dc6 in gtk_window_activate_key (
    window=window@entry=0xa50320, event=event@entry=0xe34100)
    at /build/buildd/gtk+3.0-3.10.8/./gtk/gtkwindow.c:11251
#14 0x00007f3dab9c0e51 in gtk_window_key_press_event (widget=0xa50320,
    event=0xe34100) at /build/buildd/gtk+3.0-3.10.8/./gtk/gtkwindow.c:7290
#15 0x0000000000479828 in nautilus_window_key_press_event (widget=0xa50320,
    event=0xe34100) at nautilus-window.c:1908
#16 0x00007f3dab877efe in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x884420,
    return_value=0x7ffff68688a0, instance=<optimized out>,
    args=<optimized out>, marshal_data=<optimized out>,
    n_params=<optimized out>, param_types=0x884450)
    at /build/buildd/gtk+3.0-3.10.8/./gtk/gtkmarshalers.c:130
#17 0x00007f3da91715e7 in _g_closure_invoke_va (closure=0x884420,
    return_value=0x7ffff68688a0, instance=0xa50320, args=0x7ffff68689a8,
    n_params=1, param_types=0x884450)
    at /build/buildd/glib2.0-2.40.0/./gobject/gclosure.c:831
#18 0x00007f3da918a088 in g_signal_emit_valist (instance=0xa50320,
    signal_id=<optimized out>, detail=0,
    var_args=var_args@entry=0x7ffff68689a8)
---Type <return> to continue, or q <return> to quit---
    at /build/buildd/glib2.0-2.40.0/./gobject/gsignal.c:3215
#19 0x00007f3da918ace2 in g_signal_emit (instance=instance@entry=0xa50320,
    signal_id=<optimized out>, detail=detail@entry=0)
    at /build/buildd/glib2.0-2.40.0/./gobject/gsignal.c:3363
#20 0x00007f3dab9a0df4 in gtk_widget_event_internal (widget=0xa50320,
    event=0xe34100) at /build/buildd/gtk+3.0-3.10.8/./gtk/gtkwidget.c:7168
#21 0x00007f3dab87636f in propagate_event (widget=0xa50320, event=0xe34100,
    captured=<optimized out>, topmost=<optimized out>)
    at /build/buildd/gtk+3.0-3.10.8/./gtk/gtkmain.c:2498
#22 0x00007f3dab877ada in gtk_main_do_event (event=0xe34100)
    at /build/buildd/gtk+3.0-3.10.8/./gtk/gtkmain.c:1714
#23 0x00007f3dab47bc22 in gdk_event_source_dispatch (source=<optimized out>,
    callback=<optimized out>, user_data=<optimized out>)
    at /build/buildd/gtk+3.0-3.10.8/./gdk/x11/gdkeventsource.c:364
#24 0x00007f3da8ea1e04 in g_main_dispatch (context=0x8a0c90)
    at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3064
#25 g_main_context_dispatch (context=context@entry=0x8a0c90)
    at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3663
#26 0x00007f3da8ea2048 in g_main_context_iterate (
    context=context@entry=0x8a0c90, block=block@entry=1,
    dispatch=dispatch@entry=1, self=<optimized out>)
    at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3734
#27 0x00007f3da8ea20ec in g_main_context_iteration (context=0x8a0c90,
---Type <return> to continue, or q <return> to quit---
    context@entry=0x0, may_block=may_block@entry=1)
    at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3795
#28 0x00007f3da945467c in g_application_run (application=0x878140,
    argc=argc@entry=2, argv=argv@entry=0x7ffff6868de8)
    at /build/buildd/glib2.0-2.40.0/./gio/gapplication.c:2114
#29 0x000000000042b561 in main (argc=2, argv=0x7ffff6868de8)
    at nautilus-main.c:104

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: nautilus 1:3.10.1-0ubuntu9
ProcVersionSignature: Ubuntu 3.13.0-24.47-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
ApportVersion: 2.14.1-0ubuntu3
Architecture: amd64
CurrentDesktop: Unity
Date: Mon May 12 15:39:38 2014
EcryptfsInUse: Yes
GsettingsChanges:

InstallationDate: Installed on 2013-11-21 (172 days ago)
InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release amd64 (20131016.1)
SourcePackage: nautilus
UpgradeStatus: Upgraded to trusty on 2014-04-20 (21 days ago)

Cristian Calin (cristi-calin) wrote :
Cristian Calin (cristi-calin) wrote :

When called on the empty desktop, the nautilus_view_get_selection (view) function results in a NULL result. At that point, there is no further need to continue the function execution and it is safe to exit as no resources need to be released.

This patch checks for selection being NULL and returns preventing nautilus from crashing.

Please comment on this and if appropriate merge the patch in the nautilus package.

Sebastien Bacher (seb128) wrote :

Thanks for the work, I'm subscribing ubuntu-sponsors so the patch is in the review queue

Changed in nautilus (Ubuntu):
importance: Undecided → Low
status: New → Confirmed
Iain Lane (laney) wrote :

Cheers, uploaded & forwarded upstream.

I'll upload to trusty too.

Changed in nautilus (Ubuntu):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nautilus - 1:3.10.1-0ubuntu12

---------------
nautilus (1:3.10.1-0ubuntu12) utopic; urgency=medium

  * 0001-Don-t-try-to-open-a-selection-if-we-don-t-have-one.patch: Don't crash
    when pressing ctrl-alt-o without a selection (on the desktop or in the
    main window). Thanks to Cristian Calin. (LP: #1318688)
 -- Iain Lane <email address hidden> Mon, 30 Jun 2014 11:45:31 +0100

Changed in nautilus (Ubuntu):
status: Fix Committed → Fix Released
Iain Lane (laney) wrote :

Okay, uploaded. Please wait for the current SRU (9.2) to clear out before you accept it.

description: updated
Changed in nautilus (Ubuntu Trusty):
status: New → In Progress
Changed in nautilus (Ubuntu Trusty):
importance: Undecided → Low

Hello Cristian, or anyone else affected,

Accepted nautilus into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/nautilus/1:3.10.1-0ubuntu9.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in nautilus (Ubuntu Trusty):
status: In Progress → Fix Committed
tags: added: verification-needed
Cristian Calin (cristi-calin) wrote :

Hi,

I just installed version 3.10.1-0ubuntu9.3 and can confirm that the bug is fixed in this version. Nautilus does no longer crash when pressing Ctr+Alt+O on the empty desktop.

tags: added: verification-done
removed: verification-needed

The verification of the Stable Release Update for nautilus has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nautilus - 1:3.10.1-0ubuntu9.3

---------------
nautilus (1:3.10.1-0ubuntu9.3) trusty; urgency=medium

  * 0001-Don-t-try-to-open-a-selection-if-we-don-t-have-one.patch: Don't crash
    when pressing ctrl-alt-o without a selection (on the desktop or in the
    main window). Thanks to Cristian Calin. (LP: #1318688)
 -- Iain Lane <email address hidden> Mon, 30 Jun 2014 12:17:27 +0100

Changed in nautilus (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers