Segfault added in the recent changes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
update-notifier (Ubuntu) |
Fix Released
|
High
|
Dan Bungert | ||
Hirsute |
Fix Released
|
High
|
Unassigned |
Bug Description
[Impact]
On hirsute/impish, update-notifier can crash when attempting to run hooks.
This issue is the #2 crash on update-notifier in hirsute, presently (and
maybe some of the others). I would call this a severe regression.
In the crash cases, cleanup steps are running on an uninitialized variable. The fix resolves this by ensuring the relevant variable is initialized.
[Test Case]
Create a file 'bug'
'Name: bug
Priority: Low
Command: "/bin/true"
DisplayIf: /bin/true
Description: update notifier bug'
and copy it to /var/lib/
[Where problems could occur]
This is not the most absolute minimal version of this fix.
If the minimal version of the fix is desired, I can provide that, which
should be a +2/-2 diff. (I don't want to confuse the current proposal.)
The fix changeset being proposed includes other glib usage improvements
which sound really good from a maintainability perspective and may even
close other yet unknown bugs but add their own risk of regressions if
said maintainability was not done correctly.
The original idea was to address a problem where we offer to run a
command, and the user would click the button to do so, but then nothing
would happen because the command wasn't on the system. If the parsing
of this command is invalid, then valid hooks may be filtered.
It's possible for the command to contain arguments, and to be quoted (or
not), or to not be the full command path. Variables for such testing
include:
* rely on path lookup or fully qualified path supplied in command
* quoted or unquoted or mixed quotes (quote the command and args
outside of the quotes)
* arguments or no
* presence or absence of actual command
See attached tarball for the resulting 20 tests (4 redundant tests pruned).
All the 'present' hooks are valid, 'absent' hooks should be skipped.
In an attempt to stave off further memory safety problems I've analyzed
this version with valgrind. valgrind is able to observe several
problems in the unfixed version, whereas the fixed version only
complains about some items in glib that appear to be unrelated to this
change.
I've got some unit test code as well but haven't integrated that yet to
the update-notifier codebase.
[Original Bug Report Description]
The issue is new using
https:/
, the previous revision didn't have the issue
* Create a file 'bug'
'Name: bug
Priority: Low
Command: "/bin/true"
DisplayIf: /bin/true
Description: update notifier bug'
and copy it to /var/lib/
-> update-notifier segfaults
(gdb) bt
#0 0x00007ffff718c769 in __GI___libc_free (mem=0x5550000a
#1 0x00007ffff7365215 in g_strfreev (str_array=
#2 g_strfreev (str_array=
#3 0x000055555555dd2d in hook_command_exists (cmd=0x555555702600 "\"/usr/bin/eog\"") at hooks.c:137
#4 0x000055555555fd6e in is_hook_relevant (hook_file=
at hooks.c:717
#5 0x000055555555ffb1 in check_update_hooks (ta=0x5555556c9a20) at hooks.c:781
#6 0x0000555555560715 in hook_tray_icon_init (ta=0x5555556c9a20) at hooks.c:969
#7 0x000055555555cd77 in tray_icons_init (un=0x55555562c3e0,
It seems likely to be the error on top of the weekly report for hirsute
but that's missing a stacktrace
One comment in addition on the change there, was the env split + iterate
over pathdirs basically a re-implementation of
https:/
? If there is particular reason to do that I would recommend just using
the glib function instead (which might also fix the issue as a side
effect, I didn't check)
Related branches
- Brian Murray: Approve
- Sebastien Bacher: Approve
-
Diff: 99 lines (+20/-34)2 files modifieddebian/changelog (+4/-0)
src/hooks.c (+16/-34)
Changed in update-notifier (Ubuntu): | |
importance: | Undecided → High |
tags: | added: fr-1314 |
Changed in update-notifier (Ubuntu): | |
assignee: | nobody → Dan Bungert (dbungert) |
Changed in update-notifier (Ubuntu): | |
status: | Confirmed → In Progress |
description: | updated |
Changed in update-notifier (Ubuntu): | |
status: | Confirmed → Fix Committed |
Changed in update-notifier (Ubuntu Hirsute): | |
assignee: | nobody → Dan Bungert (dbungert) |
importance: | Undecided → High |
description: | updated |
description: | updated |
tags: | added: regression-release |
tags: | removed: verification-needed |
Marking confirmed as I can see a segfault, but mine looks a little different:
Thread 1 "update-notifier" received signal SIGSEGV, Segmentation fault. 0x555555778340 = {...}, ta=<optimized out>, ta=<optimized out>) at hooks.c:376 hide(priv- >button_ next); 0x555555778340 = {...}, ta=0x5555556c9000, ta=<optimized out>) at hooks.c:376 notifier. c:447 64-linux- gnu/libglib- 2.0.so. 0 context_ dispatch () at /lib/x86_ 64-linux- gnu/libglib- 2.0.so. 0 64-linux- gnu/libglib- 2.0.so. 0 64-linux- gnu/libglib- 2.0.so. 0 64-linux- gnu/libgtk- 3.so.0 notifier. c:649
show_next_hook (hooks=
376 gtk_widget_
(gdb) bt
#0 show_next_hook (hooks=
#1 0x000055555555efdc in show_hooks (focus_on_map=0, ta=0x5555556c9000) at hooks.c:609
#2 check_update_hooks (ta=0x5555556c9000) at hooks.c:858
#3 0x000055555555f268 in hook_tray_icon_init (ta=<optimized out>) at hooks.c:969
#4 0x000055555555c933 in tray_icons_init (un=0x5555556e4f70) at update-
#5 0x00007ffff7351e38 in () at /lib/x86_
#6 0x00007ffff735174f in g_main_
#7 0x00007ffff73a4c68 in () at /lib/x86_
#8 0x00007ffff7350db3 in g_main_loop_run () at /lib/x86_
#9 0x00007ffff7a4517d in gtk_main () at /lib/x86_
#10 0x000055555555c0f5 in main (argc=<optimized out>, argv=<optimized out>) at update-
I like your suggestion to use g_find_ program_ in_path and plan to use that if at all possible.