Ubuntu
notify-osd package

  1. Bug #1189281
  2. Comment #5

Comment 5 for bug 1189281

Revision history for this message
Angel Guzman Maeso (shakaran) wrote : Re: notify-osd crashed with SIGSEGV while checking bubble private mode G_TYPE_INSTANCE_GET_PRIVATE in bubble_get_id()

I am doing a small analisys of the problem (if helps to developers to get fixed soon in someway)

Notify osd get a OS error code "4" that stands for "Interrupted system call" in dmesg, the relevant info:

[952920.665441] notify-osd[12820]: segfault at aaaaaaaa ip 08056a87 sp bfc97b10 error 4 in notify-osd[8048000+32000]

The StacktraceTop revealed by apport seems that the crash cames from bubble_get_id function in bubble.c, line 3100:

StacktraceTop:
 bubble_get_id (self=self@entry=0x8a71ac0) at bubble.c:3100
 stack_notify_handler (self=0x8b032a0, app_name=0x8b32f90 "liferea", id=0, icon=0x8b33bc0 "liferea", summary=0x8b33bd0 "Actualizaci\303\263n", body=0x8a63d90 "<b>JS CodeBlocks</b> has <b>25</b> updates", actions=0x8b33be8, hints=0x8b00640, timeout=-1, context=0x8b33c60) at stack.c:776
 dbus_glib_marshal_stack_VOID__STRING_UINT_STRING_STRING_STRING_BOXED_BOXED_INT_POINTER (closure=0xbfab4e08, return_value=0x0, n_param_values=10, param_values=0x8b33c88, invocation_hint=0x0, marshal_data=0x8063f50 <stack_notify_handler>) at stack-glue.h:102
 invoke_object_method (message=0x8b35a30, connection=0x8a6e0b8, method=0x8070960 <dbus_glib_stack_methods>, object_info=0x8070944 <dbus_glib_stack_object_info>, object=0x8b032a0) at dbus-gobject.c:1899
 object_registration_message (connection=0x8a6e0b8, message=message@entry=0x8b35a30, user_data=user_data@entry=0x8a9ef00) at dbus-gobject.c:2161

The app that seems to crash notify osd is Liferea, so I am relating this bug with Liferea project too.

The portion code affected is:

guint
bubble_get_id (Bubble* self)
{
 if (!self || !IS_BUBBLE (self))
  return 0;

 return GET_PRIVATE (self)->id;
}

The GET_PRIVATE macro is a alias for:

#define GET_PRIVATE(o) \
  (G_TYPE_INSTANCE_GET_PRIVATE ((o), BUBBLE_TYPE, BubblePrivate))

The crash happens in register comparation as shows:

=> 0x8056a87 <bubble_get_id+23>: cmp %eax,(%edx)
   0x8056a89 <bubble_get_id+25>: je 0x8056aa8 <bubble_get_id+56>
   0x8056a8b <bubble_get_id+27>: mov %eax,0x4(%esp)
   0x8056a8f <bubble_get_id+31>: mov %ebx,(%esp)
   0x8056a92 <bubble_get_id+34>: call 0x8052690 <g_type_check_instance_is_a@plt>
   0x8056a97 <bubble_get_id+39>: test %eax,%eax
   0x8056a99 <bubble_get_id+41>: jne 0x8056aa8 <bubble_get_id+56>
   0x8056a9b <bubble_get_id+43>: add $0x18,%esp
   0x8056a9e <bubble_get_id+46>: xor %eax,%eax
   0x8056aa0 <bubble_get_id+48>: pop %ebx
   0x8056aa1 <bubble_get_id+49>: ret
   0x8056aa2 <bubble_get_id+50>: lea 0x0(%esi),%esi
   0x8056aa8 <bubble_get_id+56>: call 0x8053680 <bubble_get_type>
   0x8056aad <bubble_get_id+61>: mov %ebx,(%esp)
   0x8056ab0 <bubble_get_id+64>: mov %eax,0x4(%esp)
   0x8056ab4 <bubble_get_id+68>: call 0x8052140 <g_type_instance_get_private@plt>

In concrete during G_TYPE_INSTANCE_GET_PRIVATE

https://developer.gnome.org/gobject/stable/gobject-Type-Information.html#G-TYPE-INSTANCE-GET-PRIVATE:CAPS

This function "Gets the private structure for a particular type. The private structure must have been registered in the class_init function with g_type_class_add_private()."

I check that BubblePrivate it is registered in bubble.c, funcion bubble_class_init(), line 2141 with:

g_type_class_add_private (klass, sizeof (BubblePrivate));

And BUBBLE_TYPE is a macro alias for bubble_get_type() that returns a GType object.

GType bubble_get_type (void);

#define BUBBLE_TYPE (bubble_get_type ())

So, in some point the comparation is failing to get the private struct part for BubblePrivate and it is making that NotifyOSD crash the whole app. I would try debug more the problem and send a patch if I discover the real problem for get fixed, but any help is appreciated, I am a lot rusty with C development but I think that I could help to fix.