Created attachment 18263 [details] example.c Maybe I've made a stupid error, but as far as I can tell the attached code is correct. But it seems to hit uninitialized memory when examining TpConnectionManager::protocols, as if the array has not really been NULL-terminated, at least for the "butterfly" connection manager. Here is a valgrind backtrace: $ valgrind --num-callers=30 ./example ==1330== Memcheck, a memory error detector. ==1330== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==1330== Using LibVEX rev 1804, a library for dynamic binary translation. ==1330== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==1330== Using valgrind-3.3.0-Debian, a dynamic binary instrumentation framework. ==1330== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==1330== For more details, rerun with: -v ==1330== Found 6 connection managers: Connection Manager name: butterfly (process:1330): GLib-GObject-CRITICAL **: g_object_get: assertion `G_IS_OBJECT (object)' failed Connection Manager name: (null) ==1330== Conditional jump or move depends on uninitialised value(s) ==1330== at 0x80489DE: on_list_connection_managers (main.c:64) ==1330== by 0x4078A66: tp_list_connection_managers_got_names (connection-manager.c:1332) ==1330== by 0x407BD62: _tp_cli_dbus_daemon_invoke_callback_list_names (tp-cli-dbus-daemon-body.h:1818) ==1330== by 0x40A134A: tp_proxy_pending_call_idle_invoke (proxy-methods.c:153) ==1330== by 0x48CA1FC: g_idle_dispatch (gmain.c:4178) ==1330== by 0x48C62C3: g_main_dispatch (gmain.c:2073) ==1330== by 0x48C77A9: g_main_context_dispatch (gmain.c:2625) ==1330== by 0x48C7CFD: g_main_context_iterate (gmain.c:2706) ==1330== by 0x48C84D4: g_main_loop_run (gmain.c:2929) ==1330== by 0x8048A7E: main (main.c:101) (process:1330): GLib-GObject-CRITICAL **: g_object_get: assertion `G_IS_OBJECT (object)' failed Connection Manager name: (null) ==1330== ==1330== Invalid read of size 1 ==1330== at 0x40239D8: strlen (mc_replace_strmem.c:242) ==1330== by 0x49B140A: vfprintf (vfprintf.c:1560) ==1330== by 0x49B23AF: vprintf (vprintf.c:31) ==1330== by 0x4904AC4: g_vprintf (gprintf.c:186) ==1330== by 0x49049D9: g_printf (gprintf.c:55) ==1330== by 0x80489D5: on_list_connection_managers (main.c:73) ==1330== by 0x4078A66: tp_list_connection_managers_got_names (connection-manager.c:1332) ==1330== by 0x407BD62: _tp_cli_dbus_daemon_invoke_callback_list_names (tp-cli-dbus-daemon-body.h:1818) ==1330== by 0x40A134A: tp_proxy_pending_call_idle_invoke (proxy-methods.c:153) ==1330== by 0x48CA1FC: g_idle_dispatch (gmain.c:4178) ==1330== by 0x48C62C3: g_main_dispatch (gmain.c:2073) ==1330== by 0x48C77A9: g_main_context_dispatch (gmain.c:2625) ==1330== by 0x48C7CFD: g_main_context_iterate (gmain.c:2706) ==1330== by 0x48C84D4: g_main_loop_run (gmain.c:2929) ==1330== by 0x8048A7E: main (main.c:101) ==1330== Address 0x7273752f is not stack'd, malloc'd or (recently) free'd ==1330== ==1330== Process terminating with default action of signal 11 (SIGSEGV) ==1330== Access not within mapped region at address 0x7273752F ==1330== at 0x40239D8: strlen (mc_replace_strmem.c:242) ==1330== by 0x49B140A: vfprintf (vfprintf.c:1560) ==1330== by 0x49B23AF: vprintf (vprintf.c:31) ==1330== by 0x4904AC4: g_vprintf (gprintf.c:186) ==1330== by 0x49049D9: g_printf (gprintf.c:55) ==1330== by 0x80489D5: on_list_connection_managers (main.c:73) ==1330== by 0x4078A66: tp_list_connection_managers_got_names (connection-manager.c:1332) ==1330== by 0x407BD62: _tp_cli_dbus_daemon_invoke_callback_list_names (tp-cli-dbus-daemon-body.h:1818) ==1330== by 0x40A134A: tp_proxy_pending_call_idle_invoke (proxy-methods.c:153) ==1330== by 0x48CA1FC: g_idle_dispatch (gmain.c:4178) ==1330== by 0x48C62C3: g_main_dispatch (gmain.c:2073) ==1330== by 0x48C77A9: g_main_context_dispatch (gmain.c:2625) ==1330== by 0x48C7CFD: g_main_context_iterate (gmain.c:2706) ==1330== by 0x48C84D4: g_main_loop_run (gmain.c:2929) ==1330== by 0x8048A7E: main (main.c:101) Protocol name: ==1330== ==1330== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 95 from 1) ==1330== malloc/free: in use at exit: 55,383 bytes in 728 blocks. ==1330== malloc/free: 2,145 allocs, 1,417 frees, 355,791 bytes allocated. ==1330== For counts of detected errors, rerun with: -v ==1330== searching for pointers to 728 not-freed blocks. ==1330== checked 397,508 bytes. ==1330== ==1330== LEAK SUMMARY: ==1330== definitely lost: 156 bytes in 11 blocks. ==1330== possibly lost: 7,120 bytes in 30 blocks. ==1330== still reachable: 48,107 bytes in 687 blocks. ==1330== suppressed: 0 bytes in 0 blocks. ==1330== Rerun with --leak-check=full to see details of leaked memory. Segmentation fault
Created attachment 18353 [details] Fixed version of example.c Your example was slightly wrong, which caused the crash. Attached a fixed version
Yes, it was silly to test the pointer for NULL after doing ++ on it. Thanks for the help.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.