discussion in #ubuntu-devel regarding the crash to look for:
16:08 < charles> bdmurray: it would show up as
dereferencing a NULL pointer, the
self->priv field
16:08 < bdmurray> charles: would the crash be filed about
some other package though?
16:08 < charles> bdmurray, likely candidates for where
this would happen would be
16:09 < charles> app-indicator.c, bus_creation(), NULL
dereference on app->priv->connection
16:10 < charles> and much less likely, in
app-indicator.c, theme_changed_cb(), in
"if (priv->dbus_registration != 0)"
16:10 < charles> wrt showing up in a different package...
hmm
16:13 < charles> bdmurray, I guess it's possible. If so,
the stacktrace would show the levels
app_indicator_init() -> bus_creation()
-> crash
16:13 < charles> bdmurray: if you're trying to eliminate
candidate tickets -- if those aren't in
the stacktrace, it's not #1122596
16:14 < charles> bdmurray: is this helpful? I'm not sure
that I'm answering the right question :-)
--
You received this bug notification because you are a member of DX
Packages, which is subscribed to libappindicator in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1122596
Title:
Race condition in app_indicator_init() causes application crash
Status in Libappindicator:
Fix Committed
Status in “libappindicator” package in Ubuntu:
Fix Released
Status in “libappindicator” source package in Precise:
Fix Committed
Bug description:
app_indicator_init() in app-indicator.c calls g_bus_get() before
setting self->priv. This creates a race condition where the
bus_creation() callback can execute while self->priv still contains
garbage. Suggested fix is to set self->priv before calling
g_bus_get().
diff -ruN libappindicator-0.4.92/src/app-indicator.c
libappindicator-0.4.92.new/src/app-indicator.c
--- libappindicator-0.4.92/src/app-indicator.c 2012-03-21
11:11:43.967367303 -0700
+++ libappindicator-0.4.92.new/src/app-indicator.c 2013-02-07
13:51:54.773720789 -0800
@@ -611,6 +611,8 @@
priv->sec_activate_target = NULL;
priv->sec_activate_enabled = FALSE;
+ self->priv = priv; // Needs to be set BEFORE calling g_bus_get so our
handler can read it.
+
/* Start getting the session bus */
g_object_ref(self); /* ref for the bus creation callback */
g_bus_get(G_BUS_TYPE_SESSION, NULL, bus_creation, self);
@@ -618,8 +620,6 @@
g_signal_connect(G_OBJECT(gtk_icon_theme_get_default()),
"changed", G_CALLBACK(theme_changed_cb), self);
- self->priv = priv;
-
return;
}
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libappindicator1 (not installed)
ProcVersionSignature: Ubuntu 3.2.0-32.51-generic 3.2.30
Uname: Linux 3.2.0-32-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu17.1
Architecture: amd64
Date: Mon Feb 11 17:20:25 2013
InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64
(20121016)
MarkForUpload: True
ProcEnviron:
LC_CTYPE=en_US.UTF-8
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/zsh
SourcePackage: libappindicator
UpgradeStatus: No upgrade log present (probably fresh install)
[Impact]
This bug was the #2 cause of crashes in the Steam client. I believe this
meets the SRU criteria: "Bugs which do not fit under above categories, but (1)
have an obviously safe patch and (2) affect an application rather than critical
infrastructure packages (like X.org or the kernel)."
[Test Case]
As this is a race condition it is difficult to reproduce. However we have
many crashdumps with a SIGSEGV referencing a garbage self->priv pointer in
bus_creation(). After applying this fix, the crashes stopped.
[Regression Potential]
Low
To manage notifications about this bug go to:
https://bugs.launchpad.net/libappindicator/+bug/1122596/+subscriptions
--
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help : https://help.launchpad.net/ListHelp
