/usr/lib/arm-linux-gnueabihf/unity-scopes/smartscopesproxy:smartscopesproxy: src/lib_json/json_value.cpp:1177: const Json::Value& Json::Value::operator[](const char*) const: Assertion `type_ == nullValue || type_ == objectValue' failed.

this one most highly reported crash on errors.ubuntu.com, lets take a look

Looks like it might be a genuine bug in smartscopesproxy. Either memory corruption (seems unlikely) or a race condition. At any rate, it looks like garbage is being passed to the JSON parser, which then falls over.

Looks like we are missing some null checks in JsonCppNode. We have this in only one of the get_node() methods but not in the other 2 overloads. Looking at the crash report it is definitely one of the get_node() methods attempting to dereference a null root node. I've linked a branch to fix this.

This bug was fixed in the package unity-scopes-api - 1.0.2+15.10.20150921-0ubuntu1

---------------
unity-scopes-api (1.0.2+15.10.20150921-0ubuntu1) wily; urgency=medium

  [ Pawel Stolowski ]
  * Loop through each argument of the custom scope runner command and ensure
    that all path arguments are absolute.
  * Protect all JsonCppNode::get_node() methods with a "if (!root_) throw;"
    check (Fixes LP: #1494796).
  * Merged devel.

  [ CI Train Bot ]
  * debian/libunity-scopes.symbols.in: update to released version.
  * New rebuild forced.

 -- Pawel Stolowski <email address hidden> Mon, 21 Sep 2015 13:32:17 +0000

I'm reopening this report, it is not fixed on OTA7 and errors.u.c is still receiving lot of reports against version 1.0.2+15.04.20150921-0ubuntu1

On the phone, we are using 0.6.0-rc2 of libjsoncpp. Looking at the git repository, the assertion triggers if the node type is not objectValue:

JSON_ASSERT( type_ == nullValue || type_ == objectValue );

The location of this assert matches the line number in the stack trace.

Later versions of libjsoncpp don't assert but throw an exception instead. I suspect that's why we are seeing this only on the phone because, on the desktop, we are using version 0.10.5.

In the get_node() overload for string, we have:

    if (!root_)
    {
        throw unity::LogicException("Current node is empty");
    }

    if (!root_.isMember(node_name))
    {
        throw unity::LogicException("Node " + node_name + " does not exist");
    }
    // ...

I'm pushing a branch that checks the node type before calling isMember() and throws if the node type isn't objectValue. I expect that'll stop the crash.

The question still is why we are trying to get a member from something that isn't an object. Marcus, is this expected?

@alecu which version of which component fixes this crash? it is still top 1 on errors.u.c far far ahead of other crashes in terms of number of reports.

@jibel this was mistakenly set to Fix Released when it was merged to our intermediate level branch. This has not landed yet. Setting back to Fix Committed. Jenkins should take care of setting to Fix Released once i does actually land. Sorry about the confusion.