Ubuntu
nautilus-share package

nautilus crashed with SIGSEGV in strlen()

Bug #258570 reported by Vicente Ruiz
50
This bug affects 5 people
Affects Status Importance Assigned to Milestone
nautilus-share (Ubuntu)
Fix Released
Medium
Chow Loong Jin

Bug Description

Binary package hint: nautilus

I wanted to share a folder. I chose to install the service. Then nautilus crashed.

ProblemType: Crash
Architecture: amd64
DistroRelease: Ubuntu 8.10
ExecutablePath: /usr/bin/nautilus
NonfreeKernelModules: nvidia
Package: nautilus 1:2.23.6.1-0ubuntu1
ProcAttrCurrent: unconfined
ProcCmdline: nautilus --no-desktop --browser
ProcEnviron:
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=es_ES.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: nautilus
StacktraceTop:
 strlen () from /lib/libc.so.6
 vfprintf () from /lib/libc.so.6
 __vasprintf_chk () from /lib/libc.so.6
 IA__g_vasprintf (string=0xffffffffe8035400,
 IA__g_strdup_printf (
Title: nautilus crashed with SIGSEGV in strlen()
Uname: Linux 2.6.26-5-generic x86_64
UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin plugdev sambashare video

Tags: apport-crash
Revision history for this message
Vicente Ruiz (uve) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Symbolic stack trace

StacktraceTop:strlen () from /lib/libc.so.6
vfprintf () from /lib/libc.so.6
__vasprintf_chk () from /lib/libc.so.6
IA__g_vasprintf (string=0xffffffffe8035400, format=<value optimized out>,
IA__g_strdup_printf (

Revision history for this message
Apport retracing service (apport) wrote : Symbolic threaded stack trace
Changed in nautilus:
importance: Undecided → Medium
Revision history for this message
Sebastien Bacher (seb128) wrote :

confirmed when using the properties dialog and close it before having samba installed

Changed in nautilus-share (Ubuntu):
status: New → Confirmed
Revision history for this message
Sebastien Bacher (seb128) wrote :

valgrind error log

==13665== Invalid read of size 4
==13665== at 0x74E2933: on_checkbutton_share_folder_toggled (nautilus-share.c:810)
==13665== by 0x46983A3: g_cclosure_marshal_VOID__VOID (gmarshal.c:77)
==13665== by 0x468AC7A: g_closure_invoke (gclosure.c:767)
==13665== by 0x46A0E56: signal_emit_unlocked_R (gsignal.c:3247)
==13665== by 0x46A24B8: g_signal_emit_valist (gsignal.c:2980)
==13665== by 0x46A2935: g_signal_emit (gsignal.c:3037)
==13665== by 0x42E0459: gtk_toggle_button_toggled (gtktogglebutton.c:365)
==13665== by 0x42E04A1: gtk_toggle_button_clicked (gtktogglebutton.c:498)
==13665== by 0x46983A3: g_cclosure_marshal_VOID__VOID (gmarshal.c:77)
==13665== by 0x46893D8: g_type_class_meta_marshal (gclosure.c:878)
==13665== by 0x468AC7A: g_closure_invoke (gclosure.c:767)
==13665== by 0x46A06BF: signal_emit_unlocked_R (gsignal.c:3177)
==13665== Address 0x932c178 is 16 bytes inside a block of size 72 free'd
==13665== at 0x4025DFA: free (vg_replace_malloc.c:323)
==13665== by 0x4737125: g_free (gmem.c:190)
==13665== by 0x74E2F71: free_property_page_cb (nautilus-share.c:854)
==13665== by 0x4719231: g_datalist_clear (gdataset.c:120)
==13665== by 0x468F25F: g_object_finalize (gobject.c:747)
==13665== by 0x423AF5B: gtk_object_finalize (gtkobject.c:450)
==13665== by 0x4331EB8: gtk_widget_finalize (gtkwidget.c:7953)
==13665== by 0x468CDF2: g_object_unref (gobject.c:2421)
==13665== by 0x423AD0D: gtk_object_destroy (gtkobject.c:406)
==13665== by 0x422D377: gtk_notebook_forall (gtknotebook.c:4000)
==13665== by 0x4187135: gtk_container_foreach (gtkcontainer.c:1526)
==13665== by 0x4187A07: gtk_container_destroy (gtkcontainer.c:1066)

using the current jaunty version

Revision history for this message
Chow Loong Jin (hyperair) wrote : Re: [Bug 258570] Re: nautilus crashed with SIGSEGV in strlen()

On Thu, 2009-04-16 at 22:22 +0000, Sebastien Bacher wrote:
> valgrind error log
>
> ==13665== Invalid read of size 4
> ==13665== at 0x74E2933: on_checkbutton_share_folder_toggled (nautilus-share.c:810)
> ==13665== by 0x46983A3: g_cclosure_marshal_VOID__VOID (gmarshal.c:77)
> ==13665== by 0x468AC7A: g_closure_invoke (gclosure.c:767)
> ==13665== by 0x46A0E56: signal_emit_unlocked_R (gsignal.c:3247)
> ==13665== by 0x46A24B8: g_signal_emit_valist (gsignal.c:2980)
> ==13665== by 0x46A2935: g_signal_emit (gsignal.c:3037)
> ==13665== by 0x42E0459: gtk_toggle_button_toggled (gtktogglebutton.c:365)
> ==13665== by 0x42E04A1: gtk_toggle_button_clicked (gtktogglebutton.c:498)
> ==13665== by 0x46983A3: g_cclosure_marshal_VOID__VOID (gmarshal.c:77)
> ==13665== by 0x46893D8: g_type_class_meta_marshal (gclosure.c:878)
> ==13665== by 0x468AC7A: g_closure_invoke (gclosure.c:767)
> ==13665== by 0x46A06BF: signal_emit_unlocked_R (gsignal.c:3177)
> ==13665== Address 0x932c178 is 16 bytes inside a block of size 72 free'd
> ==13665== at 0x4025DFA: free (vg_replace_malloc.c:323)
> ==13665== by 0x4737125: g_free (gmem.c:190)
> ==13665== by 0x74E2F71: free_property_page_cb (nautilus-share.c:854)
> ==13665== by 0x4719231: g_datalist_clear (gdataset.c:120)
> ==13665== by 0x468F25F: g_object_finalize (gobject.c:747)
> ==13665== by 0x423AF5B: gtk_object_finalize (gtkobject.c:450)
> ==13665== by 0x4331EB8: gtk_widget_finalize (gtkwidget.c:7953)
> ==13665== by 0x468CDF2: g_object_unref (gobject.c:2421)
> ==13665== by 0x423AD0D: gtk_object_destroy (gtkobject.c:406)
> ==13665== by 0x422D377: gtk_notebook_forall (gtknotebook.c:4000)
> ==13665== by 0x4187135: gtk_container_foreach (gtkcontainer.c:1526)
> ==13665== by 0x4187A07: gtk_container_destroy (gtkcontainer.c:1066)
>
> using the current jaunty version
>
 Thanks, that helped a lot. I see the error, though can't reproduce it
myself. Basically there's a pointer that's free'd (in
free_property_page_cb) before being accessed in
on_checkbutton_share_folder_toggled.

I see two methods of approaching it:
      * Disabling the cancel button (hence the dialog won't be closed
        until after the synaptic run completes)
      * Allowing the dialog to be cancelled, but making sure there isn't
        another attempt to access the free'd data.

Which of the two is more favourable?
--
Regards,
Chow Loong Jin

Chow Loong Jin (hyperair)
Changed in nautilus-share (Ubuntu):
assignee: nobody → Chow Loong Jin (hyperair)
status: Confirmed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nautilus-share - 0.7.2-6

---------------
nautilus-share (0.7.2-6) unstable; urgency=low

  * debian/control:
    + Bumped up samba suggests to 3.0.27a
    + Depends on samba-common 3.0.27a for "net" binary
  * debian/patches/*:
    + Add descriptions to patches
  * debian/patches/01_fix_install_dir.patch:
    + Drop FIXME lines from Makefile.am and Makefile.in, since it's fixed
    + Fix Makefile.in to grab extensiondir from pkg-config as well
    + Use $(PKG_CONFIG) instead of pkg-config directly
  * debian/patches/02_install_missing_samba.patch:
    + Rewritten to fix LP: #258570, and also be more robust when attempting to
      enable sharing of multiple directories while installing samba.
  * debian/patches/07_set-title.patch:
    + Manually set the title of the Sharing Options dialog so that it can be
      translated.

 -- Ubuntu Archive Auto-Sync <email address hidden> Mon, 11 May 2009 12:07:57 +0100

Changed in nautilus-share (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Charlie Ogier (cogier) wrote :

This error happened to me in Ubuntu 10.10 on 2 different computers

Revision history for this message
Robert Coughlin (tulsastagehand) wrote :

Yes its happening to me on 3 different computers with 10.10 all just updated.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.