Bug 80557 - GLib-GObject-CRITICAL **: g_value_unset: assertion 'G_IS_VALUE (value)' failed
Summary: GLib-GObject-CRITICAL **: g_value_unset: assertion 'G_IS_VALUE (value)' failed
Status: RESOLVED FIXED
Alias: None
Product: dbus
Classification: Unclassified
Component: GLib (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Rob Taylor
QA Contact:
URL:
Whiteboard: review+
Keywords: patch
Depends on:
Blocks:
 
Reported: 2014-06-26 13:38 UTC by Alban Crequy
Modified: 2014-09-05 15:46 UTC (History)
3 users (show)

See Also:
i915 platform:
i915 features:


Attachments
kill-gabble.c (1.90 KB, text/plain)
2014-06-26 13:38 UTC, Alban Crequy
Details
[PATCH 1/2] _dbus_gtype_from_signature_iter: fail gracefully with unknown message types (1.90 KB, patch)
2014-07-29 10:50 UTC, Alban Crequy
Details | Splinter Review
[PATCH 2/2] demarshal_static_variant: fail gracefully with unknown message types (1.74 KB, patch)
2014-07-29 10:51 UTC, Alban Crequy
Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Alban Crequy 2014-06-26 13:38:01 UTC
Created attachment 101803 [details]
kill-gabble.c

The attached program sends a D-Bus message to telepathy-gabble and it makes it die with the following message.

I don't see gabble in the stack but mostly dbus-glib.


process 15033: arguments to dbus_signature_iter_recurse() were incorrect, assertion "dbus_type_is_container (dbus_signature_iter_get_current_type (iter))" failed in file ../../dbus/dbus-signature.c line 213.
This is normally a bug in some application using the D-Bus library.

(telepathy-gabble:15033): GLib-GObject-CRITICAL **: g_value_unset: assertion 'G_IS_VALUE (value)' failed

Program received signal SIGTRAP, Trace/breakpoint trap.
g_logv (log_domain=0x7ffff5b3516c "GLib-GObject", log_level=G_LOG_LEVEL_CRITICAL, format=<optimized out>, args=args@entry=0x7fffffffda68)
    at /tmp/buildd/glib2.0-2.40.0/./glib/gmessages.c:1038
1038	/tmp/buildd/glib2.0-2.40.0/./glib/gmessages.c: No such file or directory.
(gdb) bt
#0  g_logv (log_domain=0x7ffff5b3516c "GLib-GObject", log_level=G_LOG_LEVEL_CRITICAL, format=<optimized out>, args=args@entry=0x7fffffffda68)
    at /tmp/buildd/glib2.0-2.40.0/./glib/gmessages.c:1038
#1  0x00007ffff563fd72 in g_log (log_domain=log_domain@entry=0x7ffff5b3516c "GLib-GObject", log_level=log_level@entry=G_LOG_LEVEL_CRITICAL, 
    format=format@entry=0x7ffff5687742 "%s: assertion '%s' failed") at /tmp/buildd/glib2.0-2.40.0/./glib/gmessages.c:1071
#2  0x00007ffff563fd99 in g_return_if_fail_warning (log_domain=log_domain@entry=0x7ffff5b3516c "GLib-GObject", 
    pretty_function=pretty_function@entry=0x7ffff5b3eb75 <__FUNCTION__.12263> "g_value_unset", 
    expression=expression@entry=0x7ffff5b376c6 "G_IS_VALUE (value)") at /tmp/buildd/glib2.0-2.40.0/./glib/gmessages.c:1080
#3  0x00007ffff5b30e3b in g_value_unset (value=value@entry=0x735e90) at /tmp/buildd/glib2.0-2.40.0/./gobject/gvalue.c:267
#4  0x00007ffff79c4409 in unset_and_free_g_value (val=0x735e90) at dbus-gvalue-utils.c:292
#5  0x00007ffff5627c67 in g_hash_table_remove_all_nodes (hash_table=0x7308c0, notify=<optimized out>)
    at /tmp/buildd/glib2.0-2.40.0/./glib/ghash.c:503
#6  0x00007ffff56284e5 in g_hash_table_unref (hash_table=0x7308c0) at /tmp/buildd/glib2.0-2.40.0/./glib/ghash.c:1042
#7  0x00007ffff79c5458 in hashtable_free (type=<optimized out>, val=0x7308c0) at dbus-gvalue-utils.c:761
#8  0x00007ffff5b30e03 in g_value_unset (value=0x735db0) at /tmp/buildd/glib2.0-2.40.0/./gobject/gvalue.c:272
#9  0x00007ffff5b3171d in g_value_array_free (value_array=0x708880) at /tmp/buildd/glib2.0-2.40.0/./gobject/gvaluearray.c:169
#10 0x00007ffff79b7855 in invoke_object_method (message=<optimized out>, connection=0x70d240, method=<optimized out>, object_info=<optimized out>, 
    object=<optimized out>) at dbus-gobject.c:2042
#11 object_registration_message (connection=0x70d240, message=message@entry=0x70d8d0, user_data=user_data@entry=0x708d80) at dbus-gobject.c:2161
#12 0x00007ffff7781326 in _dbus_object_tree_dispatch_and_unlock (tree=0x70cef0, message=message@entry=0x70d8d0, 
    found_object=found_object@entry=0x7fffffffdfa4) at ../../dbus/dbus-object-tree.c:1018
#13 0x00007ffff7773ca1 in dbus_connection_dispatch (connection=connection@entry=0x70d240) at ../../dbus/dbus-connection.c:4691
#14 0x00007ffff79b4db5 in message_queue_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at dbus-gmain.c:90
#15 0x00007ffff5638e04 in g_main_dispatch (context=0x7101d0) at /tmp/buildd/glib2.0-2.40.0/./glib/gmain.c:3064
#16 g_main_context_dispatch (context=context@entry=0x7101d0) at /tmp/buildd/glib2.0-2.40.0/./glib/gmain.c:3663
#17 0x00007ffff5639048 in g_main_context_iterate (context=0x7101d0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at /tmp/buildd/glib2.0-2.40.0/./glib/gmain.c:3734
#18 0x00007ffff563930a in g_main_loop_run (loop=0x71d5c0) at /tmp/buildd/glib2.0-2.40.0/./glib/gmain.c:3928
#19 0x00007ffff6901d52 in tp_run_connection_manager () from /usr/lib/x86_64-linux-gnu/libtelepathy-glib.so.0
#20 0x0000000000426d5c in gabble_main (argc=1, argv=0x7fffffffe268) at gabble.c:177
#21 0x00007ffff504bb45 in __libc_start_main (main=0x426950 <main>, argc=1, argv=0x7fffffffe268, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffe258) at libc-start.c:287
#22 0x0000000000426999 in _start ()
Comment 1 Simon McVittie 2014-06-26 14:13:08 UTC
I don't think dbus-glib supports file descriptors at all.
Comment 2 Alban Crequy 2014-06-27 14:04:04 UTC
Since console-kit uses dbus-glib too, I can generate a similar problem in console-kit when it receives a fd inside a variant:

console-kit-daemon[2239]: process 2239: arguments to dbus_signature_iter_recurse() were incorrect, assertion "dbus_type_is_container (dbus_signature_iter_get_current_type (iter))" failed in file ../../dbus/dbus-signature.c line 213.
console-kit-daemon[2239]: This is normally a bug in some application using the D-Bus library.
console-kit-daemon[2239]: console-kit-daemon[2239]: GLib-GObject-CRITICAL: g_value_unset: assertion 'G_IS_VALUE (value)' failed
console-kit-daemon[2239]: GLib-GObject-CRITICAL: g_value_unset: assertion 'G_IS_VALUE (value)' failed
console-kit-daemon[2239]: GLib-GObject-CRITICAL: g_value_unset: assertion 'G_IS_VALUE (value)' failed
console-kit-daemon[2239]: console-kit-daemon[2239]: GLib-GObject-CRITICAL: g_value_unset: assertion 'G_IS_VALUE (value)' failed


But it seems harmless: it just adds a few lines in the logs.
Comment 3 Alban Crequy 2014-07-29 10:50:59 UTC
Created attachment 103640 [details] [review]
[PATCH 1/2] _dbus_gtype_from_signature_iter: fail gracefully with unknown message types
Comment 4 Alban Crequy 2014-07-29 10:51:40 UTC
Created attachment 103641 [details] [review]
[PATCH 2/2] demarshal_static_variant: fail gracefully with unknown message types
Comment 5 Simon McVittie 2014-09-05 12:38:09 UTC
Looks good to me, will apply
Comment 6 Simon McVittie 2014-09-05 15:46:26 UTC
Thanks, fixed in git for 0.104


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.