Ubuntu
indicator-sound package

indicator-sound-service crashed with SIGSEGV in fast_validate()

Bug #949837 reported by Paul Wieczkowski on 2012-03-08

This bug affects 7 people

Affects		Status	Importance	Assigned to	Milestone
	The Sound Menu	Fix Released	High	Charles Kerr	The Sound Menu 0.8.5
	indicator-sound (Ubuntu)	Fix Released	High	Unassigned

Bug Description

Removing Clementine via Ubuntu Software Center and generated the crash.

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: indicator-sound 0.8.3.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-18.28-generic 3.2.9
Uname: Linux 3.2.0-18-generic x86_64
NonfreeKernelModules: fglrx
ApportVersion: 1.94.1-0ubuntu1
Architecture: amd64
Date: Thu Mar 8 06:00:59 2012
ExecutablePath: /usr/lib/indicator-sound/indicator-sound-service
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120228.1)
ProcCmdline: /usr/lib/indicator-sound/indicator-sound-service
SegvAnalysis:
Segfault happened at: 0x7f66b74a1088 <g_utf8_validate+488>: movzbl (%rdi),%r8d
PC (0x7f66b74a1088) ok
source "(%rdi)" (0x00000021) not located in a known VMA region (needed readable region)!
destination "%r8d" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: indicator-sound
StacktraceTop:
g_utf8_validate () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
g_variant_new_string () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
g_variant_new_strv () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
g_settings_set_strv () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
?? ()
Title: indicator-sound-service crashed with SIGSEGV in g_utf8_validate()
UpgradeStatus: Upgraded to precise on 2012-03-07 (1 days ago)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

Tags:

Related branches

lp:~charlesk/indicator-sound/remove-interested-client

Merged into lp:indicator-sound/fifth

Conor Curran (community): Approve on 2012-03-27

lp:indicator-sound/fifth

lp:ubuntu/lucid/indicator-sound (Merged)

lp:ubuntu/precise/indicator-sound

Revision history for this message

Paul Wieczkowski (pwieczkowski-o) wrote on 2012-03-08:

Dependencies.txt Edit (4.4 KiB, text/plain; charset="utf-8")
Disassembly.txt Edit (1.0 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (233 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (33.9 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (815 bytes, text/plain; charset="utf-8")
Registers.txt Edit (722 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (2.4 KiB, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (4.1 KiB, text/plain; charset="utf-8")
XsessionErrors.txt Edit (360.9 KiB, text/plain; charset="utf-8")

Revision history for this message

Apport retracing service (apport) wrote on 2012-03-08:

StacktraceTop:
fast_validate (str=<optimized out>) at /build/buildd/glib2.0-2.31.20/./glib/gutf8.c:1461
g_utf8_validate (str=0x21 <Address 0x21 out of bounds>, max_len=-1, end=0x0) at /build/buildd/glib2.0-2.31.20/./glib/gutf8.c:1629
g_variant_new_string (string=0x21 <Address 0x21 out of bounds>) at /build/buildd/glib2.0-2.31.20/./glib/gvariant.c:1267
g_variant_new_strv (strv=0x1626330, length=6) at /build/buildd/glib2.0-2.31.20/./glib/gvariant.c:1494
g_settings_set_strv (settings=0x15f1850, key=0x4240aa "interested-media-players", value=<optimized out>) at /build/buildd/glib2.0-2.31.20/./gio/gsettings.c:1855

Revision history for this message

Apport retracing service (apport) wrote on 2012-03-08: Stacktrace.txt

Stacktrace.txt Edit (8.8 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2012-03-08: ThreadStacktrace.txt

ThreadStacktrace.txt Edit (13.4 KiB, text/plain)

Changed in indicator-sound (Ubuntu):
importance:	Undecided → Medium
summary:	- indicator-sound-service crashed with SIGSEGV in g_utf8_validate() + indicator-sound-service crashed with SIGSEGV in fast_validate()
tags:	removed: need-amd64-retrace

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-03-10:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in indicator-sound (Ubuntu):
status:	New → Confirmed

Conor Curran (cjcurran) on 2012-03-23

visibility:	private → public
Changed in indicator-sound:
status:	New → Confirmed
importance:	Undecided → Medium

Conor Curran (cjcurran) on 2012-03-26

Changed in indicator-sound:
assignee:	nobody → Conor Curran (cjcurran)

Charles Kerr (charlesk) on 2012-03-26

Changed in indicator-sound:
assignee:	Conor Curran (cjcurran) → Charles Kerr (charlesk)

Revision history for this message

Charles Kerr (charlesk) wrote on 2012-03-26:

This is more than just an isolated crash, I think we're corrupting memory and this crash is just one side-effect of it...

Changed in indicator-sound (Ubuntu):
importance:	Medium → High
Changed in indicator-sound:
importance:	Medium → High

Charles Kerr (charlesk) on 2012-03-26

Changed in indicator-sound:
status:	Confirmed → In Progress

Revision history for this message

Charles Kerr (charlesk) wrote on 2012-03-26:

...no, maybe I'm wrong about that. I was confusing g_settings_get_strv() with g_variant_get_strv() which have different behaviors, one returns a deep copy and the other returns a shallow copy.

Revision history for this message

Charles Kerr (charlesk) wrote on 2012-03-27:

Okay, the problem here is a pretty simple one, settings.set_strv() requires a NULL-terminated array of strings and the vala code doesn't add a null to the ArrayList. Moreover, it looks like ArrayList.add() doesn't allow null anyway.

I've reimplemented the two .set_strv() functions (remove_interested() and add_interested()) to use GVariantBuilder + .set_value() instead.

Revision history for this message

Charles Kerr (charlesk) wrote on 2012-03-27:

Fixing this bug exposes another one, Bug #965848

Charles Kerr (charlesk) on 2012-03-27

Changed in indicator-sound:
status:	In Progress → Fix Committed

Conor Curran (cjcurran) on 2012-03-27

Changed in indicator-sound:
milestone:	none → 0.8.5
Changed in indicator-sound (Ubuntu):
status:	Confirmed → In Progress

Conor Curran (cjcurran) on 2012-03-30

Changed in indicator-sound:
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-03-30:

#10

This bug was fixed in the package indicator-sound - 0.8.5.0-0ubuntu1

---------------
indicator-sound (0.8.5.0-0ubuntu1) precise; urgency=low

  * New upstream release.
    - Inconsistency between messaging menu and sound menu pips (LP: #933593)
    - indicator-sound-service crashed with SIGSEGV in
      fast_validate() (LP: #949837)
    - free-memory-read crash in indicator-sound-service's file
      monitoring (LP: #965848)
    - minor memory leaks in blacklist handling (LP: #960578)
    - FIX (LP: FIX)
  * -debian/patches/lp_945827.patch, debian/patches/lp_960846.patch
     - dropped, merged upstream
-- Ken VanDine <email address hidden> Fri, 30 Mar 2012 14:45:03 -0400

Changed in indicator-sound (Ubuntu):
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuindicator-sound package

indicator-sound-service crashed with SIGSEGV in fast_validate()

Bug Description

Related branches

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
indicator-sound package