Ubuntu
hal package

HAL crashes from QueryCapability DBUS method.

Bug #30198 reported by Scott Robinson
8
Affects Status Importance Assigned to Milestone
hal (Ubuntu)
Fix Released
High
Martin Pitt

Bug Description

A user can construct a script to crash HAL anytime it emits a device addition or removal signal.

The script calls back to HAL requesting further information while it's already in a signal.

Revision history for this message
Scott Robinson (scott-ubuntu) wrote : Example crasher script.

Look at the header of this script for how it works. But, put simply:

1. Run it.
2. Insert or remove something hotpluggable.
3. Marvel as HAL dies.

Revision history for this message
Scott Robinson (scott-ubuntu) wrote : Re: HAL crashes from nested dbus callbacks.

This crash occurs in dapper, hal version 0.5.6-1ubuntu1.

Revision history for this message
Scott Robinson (scott-ubuntu) wrote : hald crash output.

The debugging output from hald when the crash occurs.

Revision history for this message
Scott Robinson (scott-ubuntu) wrote : Re: HAL crashes from nested dbus callbacks.

The bug is in hald/hald_dbus.c:device_query_capability. Specifically, lines 1576-1589. The code is treating the property "info.capabilities" as a string that needs to be parsed.

However, it's actually a strlist. Thus, an assertion occurs when the hal_device_property_get_string is attempted.

It seems likely this code is stale...

Revision history for this message
Scott Robinson (scott-ubuntu) wrote : Bug fix patch.

Fixed in upstream CVS, but no new version has been released. The upstream bugfix is a pretty ugly duplication of code.

The attached patch is much cleaner. Drop it in debian/patches.

Revision history for this message
Tormod Volden (tormodvolden) wrote : Re: HAL crashes from nested dbus callbacks.

hald died for me when I un/replugged a USB mouse. Thought this could be related.

Your script does crash my hald - as if I needed a script for that :) Nice-looking patch AFAICS.

Changed in hal:
status: Unconfirmed → Confirmed
Matthew Garrett (mjg59)
Changed in hal:
assignee: nobody → pitti
Revision history for this message
Scott Robinson (scott-ubuntu) wrote : Re: [Bug 30198] HAL crashes from QueryCapability DBUS method.

On Mon, Feb 06, 2006 at 07:11:51PM -0000, Matthew Garrett wrote:
> Public bug report changed:
> https://launchpad.net/malone/bugs/30198
>
> Task: ubuntu hal
> Severity: Normal => Major
> Assignee: (unassigned) => Martin Pitt

Sorry about subscribing you. I saw the Hal update and noticed you
were distinctly different than the person notifications were going
toward...

I figured the active maintainer would probably be the best bet.

Scott.

--
http://quadhome.com/ - Personal webpage

Revision history for this message
Martin Pitt (pitti) wrote :

 hal (0.5.6-1ubuntu3) dapper; urgency=low
 .
   * Add debian/patches/dbus-query-capability.patch:
     - Use hal_device_has_capability() instead of broken "info.capabilities"
       parsing.
     - Malone #30198, thanks to Scott Robinson for the patch.

Changed in hal:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.