Ubuntu
ubuntuone-credentials package

scoperunner crashed with SIGSEGV in UbuntuOne::Token::signUrl()

Bug #1298314 reported by Michał Sawicz
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntuone-credentials (Ubuntu)
New
Undecided
Unassigned

Bug Description

The click scope crashes when trying to install a non-click app, which is available through the following steps:

- search for webbrowser
- long-press to open preview
- press uninstall
- press install

"Uninstall" should not be available in the preview for non-click apps.

ProblemType: Crash
DistroRelease: Ubuntu 14.04
Package: libunity-scopes0 0.4.0+14.04.20140324-0ubuntu1
Uname: Linux 3.4.0-5-mako armv7l
ApportVersion: 2.13.3-0ubuntu1
Architecture: armhf
CurrentDesktop: Unity
Date: Thu Mar 27 11:18:03 2014
ExecutablePath: /usr/lib/arm-linux-gnueabihf/scoperunner/scoperunner
InstallationDate: Installed on 2014-03-26 (1 days ago)
InstallationMedia: Ubuntu Trusty Tahr (development branch) - armhf (20140326)
ProcCmdline: /usr/lib/arm-linux-gnueabihf/scoperunner/scoperunner /usr/lib/arm-linux-gnueabihf/unity-scopes/clickscope/clickscope.ini
Signal: 11
SourcePackage: unity-scopes-api
StacktraceTop:
 UbuntuOne::Token::signUrl(QString, QString, bool) const () from /usr/lib/arm-linux-gnueabihf/libubuntuoneauth-2.0.so.0
 click::DownloadManager::handleCredentialsFound(UbuntuOne::Token const&) () from /usr/lib/arm-linux-gnueabihf/unity-scopes/clickscope/libclickscope.so
 QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/arm-linux-gnueabihf/libQt5Core.so.5
 click::CredentialsService::credentialsFound(UbuntuOne::Token const&) () from /usr/lib/arm-linux-gnueabihf/unity-scopes/clickscope/libclickscope.so
 QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/arm-linux-gnueabihf/libQt5Core.so.5
Title: scoperunner crashed with SIGSEGV in UbuntuOne::Token::signUrl()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm autopilot cdrom dialout dip nopasswdlogin plugdev sudo tty video

See original description
Revision history for this message
Michał Sawicz (saviq) wrote :
description: updated
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 UbuntuOne::Token::signUrl(QString, QString, bool) const () at /build/buildd/ubuntuone-credentials-14.04+14.04.20140306/libubuntuoneauth/token.cpp:96
 click::DownloadManager::handleCredentialsFound(UbuntuOne::Token const&) () at /build/buildd/unity-scope-click-0.1+14.04.20140324/scope/click/download-manager.cpp:196
 QMetaObject::activate(QObject*, int, int, void**) () at ../../include/QtCore/../../src/corelib/kernel/qobject_impl.h:132
 click::CredentialsService::credentialsFound(UbuntuOne::Token const&) () at /build/buildd/unity-scope-click-0.1+14.04.20140324/build/scope/click/moc_ubuntuone_credentials.cpp:152
 QMetaObject::activate(QObject*, int, int, void**) () at ../../include/QtCore/../../src/corelib/kernel/qobject_impl.h:132

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in unity-scope-click (Ubuntu):
importance: Undecided → Medium
tags: removed: need-armhf-retrace
Revision history for this message
Michał Sawicz (saviq) wrote :

Related non-crash bug for making sure the steps can't actually be reproduced: bug #1298324

information type: Private → Public
Revision history for this message
Charles Kerr (charlesk) wrote :

The crash looks to be happening in this part of signUrl.

  > argc = oauth_split_url_parameters(url.toUtf8().data(), &argv);
  > // Fixup the URL as liboauth is escaping '+' to ' ' in it, incorrectly.
  > for (int a = 0; argv[0][a] != 0; a++)
  > argv[0][a] = argv[0][a] == ' ' ? '+' : argv[0][a];

Where url is coming from this call:

  > QString authHeader = token.signUrl(impl->downloadUrl, QStringLiteral("HEAD"));

and the stacktrace's only mention of downloadUrl is

  > downloadUrl\000

So the fix of the /immediate/ crash is probably to sanity check argc>0 before walking argv[0] to unescape the '+' characters, eg:

  > argc = oauth_split_url_parameters(url.toUtf8().data(), &argv);
  > // Fixup the URL as liboauth is escaping '+' to ' ' in it, incorrectly.
  > if (argc > 0)
  > for (int a = 0; argv[0][a] != 0; a++)
  > argv[0][a] = argv[0][a] == ' ' ? '+' : argv[0][a];

Although that's a worthwhile safeguard anyway to avoid a crash, it's not a full fix -- program would then return a QString "OAuth " which click::DownloadManager::fetchClickToken() will set as a QNetworkRequest's "Authorization" header's value, and then set its url to impl->downloadUrl, which is still an empty string. So the second part of the fix might be for fetchClickToken() to check impl->downloadUrl before creating a QNetworkRequest.

Michi Henning (michihenning)
Changed in unity-scopes-api (Ubuntu):
status: New → Invalid
dobey (dobey)
no longer affects: unity-scopes-api (Ubuntu)
no longer affects: unity-scope-click (Ubuntu)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.