Created attachment 24429 [details] Unfinished regression test which demonstrates the bug An unfinished test that does not yet return from ObserveChannels (attached) causes Mission Control to segfault. #0 0x4005a970 in mcd_connection_get_account (id=0x0) at mcd-connection.c:1982 No locals. #1 0x40064afc in mcd_dispatcher_context_get_protocol_name (context=0x8b92740) at mcd-dispatcher.c:2911 conn = (McdConnection *) 0x0 account = <value optimized out> #2 0x4006d6d0 in mcd_dispatcher_run_handlers (context=0x8b92740) at mcd-dispatcher.c:815 channels = (GList *) 0x8b93d90 unhandled = (GList *) 0x8b88830 #3 0x4006e0bd in mcd_dispatcher_context_release_client_lock ( context=0x8b92740) at mcd-dispatcher.c:1346 __PRETTY_FUNCTION__ = "mcd_dispatcher_context_release_client_lock" #4 0x4006e304 in observe_channels_cb (proxy=0x8b72f50, error=0x8b93da0, user_data=0x8b92740, weak_object=0x8b82828) at mcd-dispatcher.c:1360 __PRETTY_FUNCTION__ = "observe_channels_cb" #5 0x4006c0d7 in _mc_cli_client_observer_invoke_callback_observe_channels ( self=0x8b72f50, error=0x8b93da0, args=0x0, generic_callback=0x4006e270 <observe_channels_cb>, user_data=0x8b92740, weak_object=0x8b82828) at _gen/cli-client-body.h:626 No locals. #6 0x402afdf7 in tp_proxy_pending_call_idle_invoke (p=0x8b8f6b0) at proxy-methods.c:153 invoke = (TpProxyInvokeFunc) 0x8b73bd8 __PRETTY_FUNCTION__ = "tp_proxy_pending_call_idle_invoke" #7 0x403a5811 in g_idle_dispatch (source=0x8b93af0, callback=0, user_data=0x8b8f6b0) at /build/buildd-glib2.0_2.20.0-2-i386-rcJiVy/glib2.0-2.20.0/glib/gmain.c:3922 No locals. #8 0x403a7718 in IA__g_main_context_dispatch (context=0x8b77da8) at /build/buildd-glib2.0_2.20.0-2-i386-rcJiVy/glib2.0-2.20.0/glib/gmain.c:1814 No locals. #9 0x403aac7b in g_main_context_iterate (context=0x8b77da8, block=1, dispatch=1, self=0x8b7b9d0) at /build/buildd-glib2.0_2.20.0-2-i386-rcJiVy/glib2.0-2.20.0/glib/gmain.c:2448 max_priority = -100 timeout = 0 some_ready = 1 nfds = 0 allocated_nfds = <value optimized out> fds = (GPollFD *) 0x8b7c260 __PRETTY_FUNCTION__ = "g_main_context_iterate" #10 0x403ab14a in IA__g_main_loop_run (loop=0x8b78bc0) at /build/buildd-glib2.0_2.20.0-2-i386-rcJiVy/glib2.0-2.20.0/glib/gmain.c:2656 self = (GThread *) 0x8b7b9d0 __PRETTY_FUNCTION__ = "IA__g_main_loop_run" #11 0x4007690e in mcd_service_run (self=0x8b7f810) at mcd-service.c:987 No locals. #12 0x080492c0 in main () at mc-debug-server.c:109 bus_daemon = <value optimized out> mcd = <value optimized out> error = (GError *) 0x0 connection = (DBusConnection *) 0x8b76438 ret = <value optimized out>
The reason for the crash appears to be that mcd_dispatcher_context_get_protocol_name copies the protocol name lazily, by obtaining the account from the context's connection, then copying the protocol from the account; however, when it is first called in this test, the connection has been set to NULL already. It seems to be necessary to either copy the protocol name eagerly, or ref the connection and/or account in the "dispatcher context". (What is a dispatcher context, anyway? Answers on a postcard.)
Fixed some time ago.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.