/usr/lib/arm-linux-gnueabihf/unity-scopes/smartscopesproxy:smartscopesproxy: src/lib_json/json_value.cpp:1177: const Json::Value& Json::Value::operator[](const char*) const: Assertion `type_ == nullValue || type_ == objectValue' failed.

Bug #1494796 reported by errors.ubuntu.com bug bridge on 2015-09-11
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical System Image
Critical
Alejandro J. Cura
unity-scopes-api (Ubuntu)
Critical
Marcus Tomlinson

Bug Description

The Ubuntu Error Tracker has been receiving reports about a problem regarding unity-scopes-api. This problem was most recently seen with version 0.6.19+15.04.20150724.3-0ubuntu1, the problem page at https://errors.ubuntu.com/problem/82f3407ea224db29041027eca65d23d17eb2027e contains more details.

Related branches

Bill Filler (bfiller) wrote :

this one most highly reported crash on errors.ubuntu.com, lets take a look

Changed in canonical-devices-system-image:
milestone: none → ww40-2015
assignee: nobody → Alejandro J. Cura (alecu)
importance: Undecided → Critical
Changed in unity-scopes-api (Ubuntu):
assignee: nobody → Alejandro J. Cura (alecu)
Michi Henning (michihenning) wrote :

Looks like it might be a genuine bug in smartscopesproxy. Either memory corruption (seems unlikely) or a race condition. At any rate, it looks like garbage is being passed to the JSON parser, which then falls over.

Changed in unity-scopes-api (Ubuntu):
importance: Undecided → Critical
Changed in unity-scopes-api (Ubuntu):
status: New → In Progress
assignee: Alejandro J. Cura (alecu) → Marcus Tomlinson (marcustomlinson)

Looks like we are missing some null checks in JsonCppNode. We have this in only one of the get_node() methods but not in the other 2 overloads. Looking at the crash report it is definitely one of the get_node() methods attempting to dereference a null root node. I've linked a branch to fix this.

Changed in unity-scopes-api (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity-scopes-api - 1.0.2+15.10.20150921-0ubuntu1

---------------
unity-scopes-api (1.0.2+15.10.20150921-0ubuntu1) wily; urgency=medium

  [ Pawel Stolowski ]
  * Loop through each argument of the custom scope runner command and ensure
    that all path arguments are absolute.
  * Protect all JsonCppNode::get_node() methods with a "if (!root_) throw;"
    check (Fixes LP: #1494796).
  * Merged devel.

  [ CI Train Bot ]
  * debian/libunity-scopes.symbols.in: update to released version.
  * New rebuild forced.

 -- Pawel Stolowski <email address hidden> Mon, 21 Sep 2015 13:32:17 +0000

Changed in unity-scopes-api (Ubuntu):
status: Fix Committed → Fix Released
Changed in canonical-devices-system-image:
status: New → Fix Committed
Changed in canonical-devices-system-image:
status: Fix Committed → Fix Released
Jean-Baptiste Lallement (jibel) wrote :

I'm reopening this report, it is not fixed on OTA7 and errors.u.c is still receiving lot of reports against version 1.0.2+15.04.20150921-0ubuntu1

Changed in canonical-devices-system-image:
status: Fix Released → Confirmed
Changed in unity-scopes-api (Ubuntu):
status: Fix Released → Confirmed
Changed in canonical-devices-system-image:
milestone: ww40-2015 → ww46-2015
Changed in canonical-devices-system-image:
status: Confirmed → In Progress
Michi Henning (michihenning) wrote :

On the phone, we are using 0.6.0-rc2 of libjsoncpp. Looking at the git repository, the assertion triggers if the node type is not objectValue:

JSON_ASSERT( type_ == nullValue || type_ == objectValue );

The location of this assert matches the line number in the stack trace.

Later versions of libjsoncpp don't assert but throw an exception instead. I suspect that's why we are seeing this only on the phone because, on the desktop, we are using version 0.10.5.

In the get_node() overload for string, we have:

    if (!root_)
    {
        throw unity::LogicException("Current node is empty");
    }

    if (!root_.isMember(node_name))
    {
        throw unity::LogicException("Node " + node_name + " does not exist");
    }
    // ...

I'm pushing a branch that checks the node type before calling isMember() and throws if the node type isn't objectValue. I expect that'll stop the crash.

The question still is why we are trying to get a member from something that isn't an object. Marcus, is this expected?

Changed in unity-scopes-api (Ubuntu):
status: Confirmed → Fix Committed
Changed in canonical-devices-system-image:
status: In Progress → Fix Committed
Changed in unity-scopes-api (Ubuntu):
status: Fix Committed → Fix Released
Jean-Baptiste Lallement (jibel) wrote :

@alecu which version of which component fixes this crash? it is still top 1 on errors.u.c far far ahead of other crashes in terms of number of reports.

@jibel this was mistakenly set to Fix Released when it was merged to our intermediate level branch. This has not landed yet. Setting back to Fix Committed. Jenkins should take care of setting to Fix Released once i does actually land. Sorry about the confusion.

Changed in unity-scopes-api (Ubuntu):
status: Fix Released → Fix Committed
Changed in canonical-devices-system-image:
status: Fix Committed → In Progress
milestone: ww46-2015 → ww02-2016
Changed in unity-scopes-api (Ubuntu):
status: Fix Committed → Fix Released
Changed in canonical-devices-system-image:
status: In Progress → Fix Committed
Changed in canonical-devices-system-image:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers