I'm seeing the following crash in connect_bss_signals from GeoClue 2.4.0 built from Git master on Ubuntu 16.04. It happens immediately upon starting where-am-i (or, as far as I can tell, any other application that requests a location). The function checks whether bss_list[i] is NULL but never checks whether bss_list itself is NULL. Program received signal SIGSEGV, Segmentation fault. 0x00000000004176e6 in connect_bss_signals (wifi=0x7fffe40115e0 [GClueWifi]) at gclue-wifi.c:395 395 for (i = 0; bss_list[i] != NULL; i++) (gdb) bt full #0 0x00000000004176e6 in connect_bss_signals (wifi=0x7fffe40115e0 [GClueWifi]) at gclue-wifi.c:395 priv = 0x7fffe4011540 bss_list = 0x0 i = 0 #1 0x0000000000418501 in gclue_wifi_start (source=0x7fffe40115e0 [GClueWifi]) at gclue-wifi.c:435 base_class = <optimized out> __func__ = "gclue_wifi_start" #2 0x0000000000415876 in gclue_location_source_start (source=source@entry=0x7fffe40115e0 [GClueWifi]) at gclue-location-source.c:309 __func__ = "gclue_location_source_start" #3 0x0000000000416117 in start_source (locator=locator@entry=0x6803f0 [GClueLocator], src=src@entry=0x7fffe40115e0 [GClueWifi]) at gclue-locator.c:188 location = 0x0 #4 0x0000000000416a46 in gclue_locator_start (source=<optimized out>) at gclue-locator.c:407 src = 0x7fffe40115e0 [GClueWifi] level = GCLUE_ACCURACY_LEVEL_STREET base_class = <optimized out> locator = 0x6803f0 [GClueLocator] Python Exception <class 'TypeError'> iter() returned non-iterator of type '_iterator': node = 0x697840 __func__ = "gclue_locator_start" #5 0x0000000000415876 in gclue_location_source_start (source=0x6803f0 [GClueLocator]) at gclue-location-source.c:309 __func__ = "gclue_location_source_start" #6 0x000000000040a5e5 in start_client (client=0x69f900 [GClueServiceClient], accuracy_level=accuracy_level@entry=GCLUE_ACCURACY_LEVEL_EXACT) at gclue-service-client.c:219 priv = 0x69f850 #7 0x000000000040a7b8 in complete_start (data=data@entry=0x68ab50, accuracy_level=GCLUE_ACCURACY_LEVEL_EXACT) at gclue-service-client.c:301 gdbus_client = 0x69f900 #8 0x000000000040a8dd in on_authorize_app_ready (source_object=0x66fbf0 [GClueAgentProxy], res=0x667110, user_data=0x68ab50) at gclue-service-client.c:350 data = 0x68ab50 client = 0x69f900 priv = 0x69f850 error = 0x0 authorized = 1 accuracy_level = GCLUE_ACCURACY_LEVEL_EXACT #9 0x00007ffff6d0fed3 in g_task_return_now (task=0x667110 [GTask]) at /build/glib2.0-ZjeN9o/glib2.0-2.47.1/./gio/gtask.c:1106 #10 0x00007ffff6d1057e in g_task_return (task=0x667110 [GTask], type=<optimized out>) at /build/glib2.0-ZjeN9o/glib2.0-2.47.1/./gio/gtask.c:1164 source = 0x7fffe0008480 #11 0x00007ffff6d6875b in reply_cb (connection=<optimized out>, res=<optimized out>, user_data=0x667110) at /build/glib2.0-ZjeN9o/glib2.0-2.47.1/./gio/gdbusproxy.c:2579 data = <optimized out> task = 0x667110 [GTask] value = <optimized out> error = 0x0 fd_list = 0x0 #12 0x00007ffff6d0fed3 in g_task_return_now (task=0x7fffe40113a0 [GTask]) at /build/glib2.0-ZjeN9o/glib2.0-2.47.1/./gio/gtask.c:1106 #13 0x00007ffff6d1057e in g_task_return (task=0x7fffe40113a0 [GTask], type=<optimized out>) at /build/glib2.0-ZjeN9o/glib2.0-2.47.1/./gio/gtask.c:1164 source = 0x7fffe0008480 #14 0x00007ffff6d5d28a in g_dbus_connection_call_done (source=<optimized out>, result=0x687820, user_data=0x7fffe40113a0) at /build/glib2.0-ZjeN9o/glib2.0-2.47.1/./gio/gdbusconnection.c:5704 connection = <optimized out> task = 0x7fffe40113a0 [GTask] state = 0x697c40 error = 0x0 reply = 0x69cb20 [GDBusMessage] value = <optimized out> #15 0x00007ffff6d0fed3 in g_task_return_now (task=0x687820 [GTask]) at /build/glib2.0-ZjeN9o/glib2.0-2.47.1/./gio/gtask.c:1106 #16 0x00007ffff6d0ff09 in complete_in_idle_cb (task=0x687820) at /build/glib2.0-ZjeN9o/glib2.0-2.47.1/./gio/gtask.c:1120 #17 0x00007ffff676efca in g_main_context_dispatch (context=0x663a00) at /build/glib2.0-ZjeN9o/glib2.0-2.47.1/./glib/gmain.c:3154 dispatch = 0x7ffff676ba80 <g_idle_dispatch> prev_source = 0x0 was_in_call = 0 user_data = 0x687820 callback = 0x7ffff6d0ff00 <complete_in_idle_cb> cb_funcs = <optimized out> cb_data = 0x7fffe0007930 need_destroy = <optimized out> source = 0x7fffe0008480 current = 0x65c470 i = 0 #18 0x00007ffff676efca in g_main_context_dispatch (context=context@entry=0x663a00) at /build/glib2.0-ZjeN9o/glib2.0-2.47.1/./glib/gmain.c:3769 #19 0x00007ffff676f370 in g_main_context_iterate (context=0x663a00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/glib2.0-ZjeN9o/glib2.0-2.47.1/./glib/gmain.c:3840 max_priority = 2147483647 timeout = 25000 some_ready = 1 nfds = <optimized out> allocated_nfds = 3 fds = 0x66b820 #20 0x00007ffff676f692 in g_main_loop_run (loop=0x66b840) at /build/glib2.0-ZjeN9o/glib2.0-2.47.1/./glib/gmain.c:4034 __func__ = "g_main_loop_run" #21 0x0000000000408d29 in main (argc=1, argv=0x7fffffffe548) at gclue-main.c:192 owner_id = 1 error = 0x0 context = <optimized out> config = <optimized out>
commit: 4ad5069d95d681c716074d8bbfc40b6312fdbd66 wifi: Add a missing NULL check This avoids a crash if we get a NULL as BSS list from wpa_supplicant.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.