Ubuntu
unity8 package

unity8 crashed with SIGSEGV in operator()

Bug #1211595 reported by inferrna
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unity8 (Ubuntu)
Fix Released
High
Paweł Stołowski

Bug Description

Tested with autopilot

ProblemType: Crash
DistroRelease: Ubuntu 13.10
Package: unity8 7.81.3+13.10.20130809.1-0ubuntu1
ProcVersionSignature: Ubuntu 3.10.0-6.17-generic 3.10.3
Uname: Linux 3.10.0-6-generic x86_64
ApportVersion: 2.12-0ubuntu3
Architecture: amd64
Date: Mon Aug 12 13:59:48 2013
ExecutablePath: /usr/bin/unity8
ExecutableTimestamp: 1376062921
InstallationDate: Installed on 2013-08-12 (0 days ago)
InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Alpha amd64 (20130811)
MarkForUpload: True
ProcCmdline: /usr/bin/unity8 -testability -geometry 1280x800 -frameless -mousetouch
ProcCwd: /home/ilia
SegvAnalysis:
 Segfault happened at: 0x7fb8977728a6: cmpq $0x0,0xe8(%rax)
 PC (0x7fb8977728a6) ok
 source "$0x0" ok
 destination "0xe8(%rax)" (0x000000e8) not located in a known VMA region (needed writable region)!
SegvReason: writing NULL VMA
Signal: 11
SourcePackage: unity8
StacktraceTop:
 ?? () from /usr/lib/x86_64-linux-gnu/unity8/qml/Unity/libUnity-qml.so
 ?? () from /usr/lib/x86_64-linux-gnu/unity8/qml/Unity/libUnity-qml.so
 QSortFilterProxyModel::filterAcceptsRow(int, QModelIndex const&) const () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
 QSortFilterProxyModelQML::filterAcceptsRow(int, QModelIndex const&) const () from /usr/lib/x86_64-linux-gnu/unity8/qml/Utils/libUtils-qml.so
 ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
Title: unity8 crashed with SIGSEGV in QSortFilterProxyModel::filterAcceptsRow()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm autopilot cdrom dip lpadmin plugdev sambashare sudo

Related branches

lp:~stolowski/unity8/results-nullptr-fix
PS Jenkins bot (community): Approve (continuous-integration)
Michal Hruby (community): Approve
Diff: 30 lines (+12/-1)
1 file modified
plugins/Unity/categories.cpp (+12/-1)
lp:ubuntu/trusty/unity8
Revision history for this message
inferrna (inferrna) wrote :
information type: Private → Private Security
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 operator() (this=0xd8) at /usr/include/c++/4.8/functional:2466
 operator() (this=0xc0) at /usr/include/Nux-4.0/NuxCore/Property-inl.h:149
 Categories::getResults (this=0x2200180, index=0) at /build/buildd/unity8-7.81.3+13.10.20130812.1/plugins/Unity/categories.cpp:65
 Categories::data (this=<optimized out>, index=..., role=<optimized out>) at /build/buildd/unity8-7.81.3+13.10.20130812.1/plugins/Unity/categories.cpp:152
 QSortFilterProxyModel::filterAcceptsRow (this=<optimized out>, source_row=0, source_parent=...) at itemmodels/qsortfilterproxymodel.cpp:2694

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in unity8 (Ubuntu):
importance: Undecided → Medium
summary: - unity8 crashed with SIGSEGV in QSortFilterProxyModel::filterAcceptsRow()
+ unity8 crashed with SIGSEGV in operator()
tags: removed: need-amd64-retrace
Revision history for this message
Seth Arnold (seth-arnold) wrote : Bug is not a security issue

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

information type: Private Security → Public
Michal Hruby (mhr3)
Changed in unity8 (Ubuntu):
status: New → Confirmed
Changed in unity8:
assignee: nobody → Pawel Stolowski (stolowski)
importance: Undecided → High
status: New → In Progress
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

Fix committed into lp:unity8 at revision None, scheduled for release in unity8, milestone ubuntu-13.09

Changed in unity8:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity8 - 7.81.3+13.10.20130924.2-0ubuntu1

---------------
unity8 (7.81.3+13.10.20130924.2-0ubuntu1) saucy; urgency=low

  [ Michal Hruby ]
  * Fix the signal prototypes on music grid renderer. (LP: #1228390)

  [ Michael Zanetti ]
  * use less auto variables, align coding style, constify and Qt'ify API
    in AccountsService plugin.

  [ Nick Dedekind ]
  * Re-enable MenuContentActivator in Indicators.

  [ Albert Astals ]
  * LVWPH: Update the section header on list change events.

  [ Pawel Stolowski ]
  * Check results model ptr returned by GetResultsFromCategory method
    from UnityCore. (LP: #1228097, #1211595)

  [ Ubuntu daily release ]
  * Automatic snapshot from revision 340
 -- Ubuntu daily release <email address hidden> Tue, 24 Sep 2013 14:40:01 +0000

Changed in unity8 (Ubuntu):
status: Confirmed → Fix Released
Michał Sawicz (saviq)
Changed in unity8:
status: Fix Committed → Fix Released
Michał Sawicz (saviq)
Changed in unity8 (Ubuntu):
assignee: nobody → Paweł Stołowski (stolowski)
importance: Medium → High
no longer affects: unity8
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.