Bugzilla – Bug 10739
iceauth dumps core
Last modified: 2007-05-16 20:15:39 UTC
iceauth can dump a core in auth_initialize() if a signal is caught before iceauth_filename has been malloced.
Yep - was able to trigger it by running on Solaris and using dtrace to fire a
signal in auth_initialize between the call to register_signals() and the malloc
Stack trace showed crash in:
program terminated by signal SEGV (no mapping at the fault address)
0xfef74e0f: IceUnlockAuthFile+0x0027: repnz scasb
Current function is auth_finalize
726 IceUnlockAuthFile (iceauth_filename);
 IceUnlockAuthFile(0x0), at 0xfef74e0f
=> auth_finalize(), line 726 in "process.c"
 die(sig = 1), line 501 in "process.c"
 catchsig(sig = 1), line 523 in "process.c"
 __sighndlr(0x1, 0x0, 0x8047860, 0x80534a0), at 0xfef1d39f
 call_user_handler(0x1, 0x0, 0x8047860), at 0xfef128ab
 sigacthandler(0x1, 0x0, 0x8047860, 0xf, 0x0, 0x0), at 0xfef12a52
---- called from signal handler with signal 1 (SIGHUP) ------
 auth_initialize(authfilename = 0x80681d0 "/.ICEauthority"), line 584 in "process.c"
 main(argc = 1, argv = 0x8047af0), line 157 in "iceauth.c"
Adding a test for NULL filename before calling IceUnlockAuthFile cleared the
crash, but left the lock file behind. Moving the initialization of
authfilename to earlier in auth_initialize allowed the locks to be cleaned up
Committed fix to git master in commit 0022cf7baf11bccea0024d0dc8c1ecc37e46ef3d.