Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#20136 - [synce-odccm] odccm crash in libdbus
Attached to Project:
Community Packages
Opened by Sergej Pupykin (sergej) - Saturday, 10 July 2010, 12:48 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 12 July 2010, 11:15 GMT
Opened by Sergej Pupykin (sergej) - Saturday, 10 July 2010, 12:48 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 12 July 2010, 11:15 GMT
|
DetailsIt seems there is a bug in dbus sanity checks, workaround is rebuild dbus-core with --disable-checks key.
Actually it aborts in _dbus_warn_check_failed which just should print warning, about incorrect function usage. In this example incorrect usage is in hal libhal_device_get_property_string() function. Here is the gdb log: # gdb odccm GNU gdb (GDB) 7.1 Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-unknown-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /home/sergej/community-my.svn/synce-odccm/trunk/src/odccm-0.13/src/odccm...done. (gdb) r -f -l 3 --local-ip 192.168.222.1 Starting program: /home/sergej/community-my.svn/synce-odccm/trunk/src/odccm-0.13/src/odccm -f -l 3 --local-ip 192.168.222.1 [Thread debugging using libthread_db enabled] ** (odccm:21852): DEBUG: _odccm_interface_address: waiting for IP address on ppp0 ** (odccm:21852): DEBUG: _odccm_interface_address: found matching interface ** (odccm:21852): DEBUG: PDA network interface discovered! udi='/devices/virtual/net/ppp0' process 21852: arguments to dbus_move_error() were incorrect, assertion "(dest) == NULL || !dbus_error_is_set ((dest))" failed in file dbus-errors.c line 278. This is normally a bug in some application using the D-Bus library. D-Bus not built with -rdynamic so unable to print a backtrace Program received signal SIGABRT, Aborted. 0x00007ffff64b3565 in raise () from /lib/libc.so.6 (gdb) bt #0 0x00007ffff64b3565 in raise () from /lib/libc.so.6 #1 0x00007ffff64b49e6 in abort () from /lib/libc.so.6 #2 0x00007ffff6c34775 in _dbus_abort () from /usr/lib/libdbus-1.so.3 #3 0x00007ffff6c3067a in _dbus_warn_check_failed () from /usr/lib/libdbus-1.so.3 #4 0x00007ffff67e35a0 in libhal_device_get_property_string () from /usr/lib/libhal.so.1 #5 0x000000000040799e in hal_device_is_pda (ctx=0x645600, udi=0x6457e4 "/org/freedesktop/Hal/devices/net_computer_0") at odccm-device-manager.c:512 #6 hal_device_added_cb (ctx=0x645600, udi=0x6457e4 "/org/freedesktop/Hal/devices/net_computer_0") at odccm-device-manager.c:536 #7 0x00007ffff67e23f0 in filter_func () from /usr/lib/libhal.so.1 #8 0x00007ffff6c1a936 in dbus_connection_dispatch () from /usr/lib/libdbus-1.so.3 #9 0x00007ffff6e52975 in message_queue_dispatch () from /usr/lib/libdbus-glib-1.so.2 #10 0x00007ffff72ceb33 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #11 0x00007ffff72cf310 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0 #12 0x00007ffff72cf982 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #13 0x0000000000408b28 in main (argc=1, argv=0x7fffffffe2e8) at odccm.c:207 |
This task depends upon
or write small test application which calls dbus_move_error and misses condition "(dest) == NULL || !dbus_error_is_set ((dest))"
gcc -o dbus-crash dbus-crash.c `pkg-config dbus-1 --cflags --libs`
http://dbus.freedesktop.org/doc/api/html/group__DBusErrors.html#g8bf93a2cbd05f95d6309ffaec567c6b1
Both src and dest must be initialized. src is reinitialized to an empty error. dest may not contain an existing error. If the destination is NULL, just frees and reinits the source error.
482 static int
483 hal_device_is_pda (LibHalContext *ctx, const char *udi, gchar **ret_ifname)
484 {
485 int result = 0;
486
487 DBusError error;
488 dbus_error_init (&error);
489
490 /* Be sure it is a network interface */
491 gchar *ifname = libhal_device_get_property_string (ctx, udi, "net.interface",
492 &error);
then in hal
1454 <------>dbus_error_init (&_error);
1455 <------>reply = dbus_connection_send_with_reply_and_block (ctx->connection,
1456 <------><------><------><------><------><------><------> message, -1,
1457 <------><------><------><------><------><------><------> &_error);
1458
1459 <------>dbus_message_unref (message);
1460
1461 <------>dbus_move_error (&_error, error);
"There are some rules. An error passed to a D-Bus function must always be unset; you can't pass in an error that's already set."
and
"An error only needs to be freed if it's been set, not if it's merely been initialized."
Synce-odccm just passes the same error object to the hal functions without checking or unsetting it. Instead of passing an error object without checking, it should just pass NULL everywhere.
I did not catch that libhal_device_get_property_string called multiple times.
Thanks.