| Summary: | 0.99.4 regression: upowerd crashed with SIGSEGV in g_variant_is_trusted() | ||
|---|---|---|---|
| Product: | upower | Reporter: | Martin Pitt <martin.pitt> |
| Component: | general | Assignee: | Martin Pitt <martin.pitt> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | critical | ||
| Priority: | medium | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| URL: | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815590 | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
up-daemon-generated.c has this code:
1158 g_variant_new ("(o)",
1159 device));
(gdb) p device
$1 = (const gchar *) 0x555555588af2 "PowerOff"
which is indeed not a valid object path. This should certainly not crash with a segfault but trigger an assertion, so there's a glib bug as well.
Ah, this is a copy&paste error in src/up-daemon.c:
static gboolean
up_daemon_get_critical_action (UpExportedDaemon *skeleton,
GDBusMethodInvocation *invocation,
UpDaemon *daemon)
{
up_exported_daemon_complete_get_display_device (skeleton, invocation,
up_backend_get_critical_action (daemon->priv->backend));
|
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
0.99.4 has a major regression, it crashes very often with #0 0x00007fdb12e38ee0 in g_variant_is_trusted () from /tmp/apport_sandbox_GBFpqZ/lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #1 0x00007fdb12e358b4 in g_variant_builder_add_value () from /tmp/apport_sandbox_GBFpqZ/lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #2 0x00007fdb12e375b6 in g_variant_valist_new () from /tmp/apport_sandbox_GBFpqZ/lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #3 0x00007fdb12e37a42 in g_variant_new_va () from /tmp/apport_sandbox_GBFpqZ/lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #4 0x00007fdb12e37cbd in g_variant_new () from /tmp/apport_sandbox_GBFpqZ/lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #5 0x0000556372c30515 in up_exported_daemon_complete_get_display_device (object=<optimized out>, invocation=0x5563746435e0, device=<optimized out>) at up-daemon-generated.c:1157 No locals. #6 0x0000556372c28107 in up_daemon_get_critical_action (skeleton=0x55637463f100, invocation=0x5563746435e0, daemon=<optimized out>) at up-daemon.c:438 No locals. #7 0x00007fdb11941e40 in ffi_call_unix64 () from /tmp/apport_sandbox_GBFpqZ/usr/lib/x86_64-linux-gnu/libffi.so.6 No symbol table info available. #8 0x00007fdb119418ab in ffi_call () from /tmp/apport_sandbox_GBFpqZ/usr/lib/x86_64-linux-gnu/libffi.so.6 No symbol table info available. #9 0x00007fdb130d57c9 in g_cclosure_marshal_generic () from /tmp/apport_sandbox_GBFpqZ/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 No symbol table info available. #10 0x00007fdb130d4fa5 in g_closure_invoke () from /tmp/apport_sandbox_GBFpqZ/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 No symbol table info available. #11 0x00007fdb130e6ff1 in signal_emit_unlocked_R () from /tmp/apport_sandbox_GBFpqZ/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 No symbol table info available. #12 0x00007fdb130eed71 in g_signal_emitv () from /tmp/apport_sandbox_GBFpqZ/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 No symbol table info available. #13 0x0000556372c31569 in _up_exported_daemon_skeleton_handle_method_call (connection=<optimized out>, sender=<optimized out>, object_path=<optimized out>, interface_name=0x7fdafc0067f0 "org.freedesktop.UPower", method_name=0x7fdafc007f60 "GetCriticalAction", parameters=<optimized out>, invocation=0x5563746435e0, user_data=0x55637463f100) at up-daemon-generated.c:1722 skeleton = <optimized out> info = 0x556372e50da0 <_up_exported_daemon_method_info_get_critical_action> iter = {x = {140578507495472, 0, 0, 0, 140578507489120, 140578894309087, 0, 3579507750, 93885615510416, 140578910142288, 93885642809936, 93885642885536, 140578507491840, 140578891213488, 0, 140578910112173}} child = 0x0 paramv = 0x5563746840b0 num_params = <optimized out> num_extra = <optimized out> n = <optimized out> signal_id = 13 return_value = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} __func__ = "_up_exported_daemon_skeleton_handle_method_call" #14 0x00007fdb138270f1 in skeleton_intercept_handle_method_call () from /tmp/apport_sandbox_GBFpqZ/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 No symbol table info available. #15 0x00007fdb1380ef5c in call_in_idle_cb () from /tmp/apport_sandbox_GBFpqZ/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 No symbol table info available. #16 0x00007fdb12dfdffa in g_main_context_dispatch () from /tmp/apport_sandbox_GBFpqZ/lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #17 0x00007fdb12dfe3a0 in g_main_context_iterate.isra () from /tmp/apport_sandbox_GBFpqZ/lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #18 0x00007fdb12dfe6c2 in g_main_loop_run () from /tmp/apport_sandbox_GBFpqZ/lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #19 0x0000556372c27e07 in main (argc=1, argv=0x7ffe1c050778) at up-main.c:271 error = 0x0 context = <optimized out> timed_exit = 0 immediate_exit = 0 timer_id = 0 verbose = 0 state = 0x5563746362f0 options = {{long_name = 0x556372c45159 "timed-exit", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7ffe1c05059c, description = 0x556372c45164 "Exit after a small delay", arg_description = 0x0}, {long_name = 0x556372c4517d "immediate-exit", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7ffe1c0505a0, description = 0x556372c45208 "Exit after the engine has loaded", arg_description = 0x0}, {long_name = 0x556372c4518c "verbose", short_name = 118 'v', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7ffe1c0505a4, description = 0x556372c45230 "Show extra debugging information", arg_description = 0x0}, {long_name = 0x0, short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x0, description = 0x0, arg_description = 0x0}} This can be reproduced easily with calling `upower -d` once or twice.