unity-system-compositor crashed with SIGSEGV in invoke() from mir::frontend::detail::ProtobufMessageProcessor::dispatch:on_new_message() from on_read_size()

Bug #1672960 reported by errors.ubuntu.com bug bridge on 2017-03-15
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical System Image
Stephen M. Webb
Fix Released
Alan Griffiths
Unity System Compositor
mir (Ubuntu)
unity-system-compositor (Ubuntu)

Bug Description

The Ubuntu Error Tracker has been receiving reports about a problem regarding unity-system-compositor. This problem was most recently seen with package version 0.8.0+17.04.20161206-0ubuntu1, the problem page at https://errors.ubuntu.com/problem/322176398baf670e4e9e5bb140a0aed0bbf0a00e contains more details, including versions of packages affected, stacktrace or traceback, and individual crash reports.
If you do not have access to the Ubuntu Error Tracker you can request it at http://forms.canonical.com/reports/.

Related branches

summary: - /usr/sbin/unity-system-
- compositor:11:invoke:mir::frontend::detail::ProtobufMessageProcessor::dispatch:on_new_message:on_read_size:std::function
+ unity-system-compositor crashed with SIGSEGV in invoke() from
+ mir::frontend::detail::ProtobufMessageProcessor::dispatch:on_new_message()
+ from on_read_size()
Changed in unity-system-compositor (Ubuntu):
importance: Undecided → Critical
Changed in unity-system-compositor:
importance: Undecided → Critical
Changed in mir:
importance: Undecided → Critical
Changed in mir (Ubuntu):
importance: Undecided → Critical
Changed in canonical-devices-system-image:
importance: Undecided → Critical
tags: added: unity8-desktop
Changed in canonical-devices-system-image:
milestone: none → u8c-1
Changed in mir:
milestone: none → 1.0.0
information type: Public → Public Security
kevin gunn (kgunn72) on 2017-03-20
Changed in canonical-devices-system-image:
assignee: nobody → Stephen M. Webb (bregma)
Stephen M. Webb (bregma) on 2017-03-27
Changed in canonical-devices-system-image:
status: New → Confirmed
Changed in mir:
status: New → Confirmed
Changed in unity-system-compositor:
status: New → Confirmed
Changed in mir (Ubuntu):
status: New → Confirmed
Changed in unity-system-compositor (Ubuntu):
status: New → Confirmed
Stephen M. Webb (bregma) on 2017-03-28
tags: added: protobuf
Changed in canonical-devices-system-image:
milestone: u8c-1 → u8c-z
Changed in mir:
milestone: 0.27.0 → 0.28.0
Stephen M. Webb (bregma) wrote :

This problem appears to be exlcusively in the Mir libraries and not in U-S-C.

Changed in unity-system-compositor:
status: Confirmed → Invalid
Changed in unity-system-compositor (Ubuntu):
status: Confirmed → Invalid
Alan Griffiths (alan-griffiths) wrote :

Looking at src/server/frontend/protobuf_message_processor.cpp LL105..154

This looks like an issue with the "response_callback" supplied to SelfDeletingCallback throwing: in which case the "callback" has self destructed before the catch block is entered.

Changed in mir:
status: Confirmed → In Progress
assignee: nobody → Alan Griffiths (alan-griffiths)
Changed in mir:
milestone: none → 0.28.0
Mir CI Bot (mir-ci-bot) wrote :

Fix committed into lp:mir at revision None, scheduled for release in mir, milestone 1.0.0

Changed in mir:
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mir - 0.28.0+17.10.20171011.1-0ubuntu1

mir (0.28.0+17.10.20171011.1-0ubuntu1) artful; urgency=medium

  * New upstream release 0.28.0(https://launchpad.net/mir/+milestone/0.28.0)
    - ABI summary:
      . mirclient ABI unchanged at 9
      . miral ABI introduced at 2
      . mirserver ABI bumped to 45
      . mircommon ABI unchanged at 7
      . mirplatform ABI unchanged at 61
      . mirprotobuf ABI unchanged at 3
      . mirplatformgraphics ABI unchanged at 13
      . mirclientplatform ABI unchanged at 5
      . mirinputplatform ABI unchanged at 7
      . mircore ABI unchanged at 1
    - Enhancements:
      . Update licences to (L)GPL3 or (L)GPL2.
      . Initial support for Wayland clients
      . [mir_demo_client_display_config] add orientation changing
      . RPC: Don't require the server ACK client's buffer-release requests.
      . Added libmirclientcpp to Mir source package
      . Added libmiral to Mir source package
      . Various small improvements to miral-shell example
      . [libmiral, miral-shell] handle display reconfiguration better and allow
        shells to customize maximized placements.
      . Enable CommandLineOptions to be processed before server initialization
    - Bugs fixed:
      . Fix handling of invalid display configuration. (LP: #1643446)
      . Move full responsibility for buffer IPC into frontend. (LP: #1395421)
      . Don't destroy an IPC "closure" object when it may yet be used
        (LP: #1672960)
      . [mesa-kms] Respect display orientation when painting cursor.
        (LP: #1610078)
      . Respect cursor hotspot when hosted on Mir. (LP: #1705284)
      . mcl::BufferVault: Fix lock inversion.
      . Handle mir_event_type_close_window in examples (LP: #1706004),
        (LP: #1705439)
      . Drop BufferStream::suitable_for_cursor()
      . Only notify resize events for valid surfaces (LP: #1643446)
      . Don't leak DRM fds in platform-eglstream probe.
      . Remove obsolete & broken example code. (LP: #1663130)
      . Move buffer-release IPC to a dedicated IPC thread. (LP: #1395421)
      . [NestedServerWithTwoDisplays] Look for the last of a series of
        synthetic events to ensure that the queue is drained before the test
        exits. (LP: #1709666)
      . floating window manager allows resizing maximized windows (LP: #1704776)
      . [miral-shell] doesn't work with breeze X cursor theme (LP: #1699084)
      . [miral-shell] Don't allow splashscreen to be occluded (LP: #1705973)
      . [miral-shell] Update maximized windows on display changes (LP: #1705695)
      . Make racy DragAndDrop test reliable. (LP: #1704780)
      . [libmiral] Define default window settings in one place and clamp the
        actual values to avoid ldiv0. (LP: #1717061)
      . [miral-kiosk] Apply fullscreen logic when hidden windows are restored.
        (LP: #1717910)
      . [mir-on-x11] Less annoying clipping of Mir-on-X11 window when it exceeds
        display bounds. (LP: #1668599)

 -- Alan Griffiths <email address hidden> Wed, 11 Oct 2017 15:06:23 +0000

Changed in mir (Ubuntu):
status: Confirmed → Fix Released
Changed in mir:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers