Ubuntu
dbus package

update-notifier crashed with SIGSEGV in dbus_connection_send_with_reply()

Bug #139017 reported by Jaakan Shorter on 2007-09-12

Affects		Status	Importance	Assigned to	Milestone
	D-Bus	Fix Released	Medium	freedesktop-bugs #12673
	dbus (Ubuntu)	Fix Released	Medium	Unassigned

Bug Description

Binary package hint: update-notifier

crashed after tonights update and reboot

ProblemType: Crash
Architecture: amd64
Date: Tue Sep 11 19:47:14 2007
DistroRelease: Ubuntu 7.10
ExecutablePath: /usr/bin/update-notifier
NonfreeKernelModules: cdrom
Package: update-notifier 0.59.5
PackageArchitecture: amd64
ProcCmdline: update-notifier
ProcCwd: /home/jaakan
ProcEnviron:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
LANG=en_US.UTF-8
SHELL=/bin/bash
Signal: 11
SourcePackage: update-notifier
StacktraceTop:
dbus_connection_send_with_reply ()
dbus_connection_send_with_reply_and_block ()
?? () from /usr/lib/libdbus-1.so.3
dbus_bus_remove_match ()
libhal_ctx_shutdown () from /usr/lib/libhal.so.1
Title: update-notifier crashed with SIGSEGV in dbus_connection_send_with_reply()
Uname: Linux AMD64 2.6.22-11-generic #1 SMP Fri Sep 7 04:31:16 GMT 2007 x86_64 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip floppy lpadmin plugdev scanner video

Tags:

Revision history for this message

Jaakan Shorter (jaakanshorter) wrote on 2007-09-12:

Dependencies.txt Edit (7.9 KiB, text/plain; charset="utf-8")
Disassembly.txt Edit (1.4 KiB, text/plain; charset="utf-8")
ProcMaps.txt Edit (37.7 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (679 bytes, text/plain; charset="utf-8")
Registers.txt Edit (966 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (1.1 KiB, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (1.1 KiB, text/plain; charset="utf-8")

Revision history for this message

Apport retracing service (apport) wrote on 2007-09-12: Symbolic stack trace

Stacktrace.txt (retraced) Edit (3.6 KiB, text/plain)

StacktraceTop:dbus_connection_send_with_reply_and_block (connection=0x2, message=0x899a10, timeout_milliseconds=-1, error=0x7fff73e9e5f0) at dbus-connection.c:3252
send_no_return_values (connection=0x2, msg=0x899a10, error=0x2aeb3cd1d481) at dbus-bus.c:1360
dbus_bus_remove_match (connection=0x2,
libhal_ctx_shutdown (ctx=0x8a3110, error=0x7fff73e9e630) at libhal.c:3229
up_do_filter_dbus_msg (connection=<value optimized out>, message=<value optimized out>, user_data=<value optimized out>) at hal.c:251

Revision history for this message

Apport retracing service (apport) wrote on 2007-09-12: Symbolic threaded stack trace

ThreadStacktrace.txt (retraced) Edit (3.7 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2007-09-12: Stack trace with source code

StacktraceSource.txt Edit (3.8 KiB, text/plain)

Changed in update-notifier:
importance:	Undecided → Medium

Revision history for this message

In freedesktop.org Bugzilla #12673, Kimmo Hämäläinen (kimmo-hamalainen) wrote on 2007-10-04:

This crash would happen if NULL was passed as the pending_return argument and the connection was disconnected. I'll attach a patch.

Revision history for this message

In freedesktop.org Bugzilla #12673, Kimmo Hämäläinen (kimmo-hamalainen) wrote on 2007-10-04:

Created an attachment (id=11897)
proposed patch

Revision history for this message

In freedesktop.org Bugzilla #12673, Hp-pobox (hp-pobox) wrote on 2007-10-04:

Shouldn't it add an "if (pending_return)" instead of removing the assignment? (Was it already assigned to earlier in the code?)

Revision history for this message

In freedesktop.org Bugzilla #12673, Kimmo Hämäläinen (kimmo-hamalainen) wrote on 2007-10-04:

(In reply to comment #2)
> Shouldn't it add an "if (pending_return)" instead of removing the assignment?
> (Was it already assigned to earlier in the code?)

There is already a NULL assignment before that:

if (pending_return)
*pending_return = NULL;

CONNECTION_LOCK (connection);

   if (!_dbus_connection_get_is_connected_unlocked (connection))
    {
      CONNECTION_UNLOCK (connection);

*pending_return = NULL;

return TRUE;
}

Revision history for this message

Michael Vogt (mvo) wrote on 2007-10-08:

Thanks for your bugreport.

This looks like a crash in dbus itself.

Changed in update-notifier:
status:	New → Incomplete

Revision history for this message

In freedesktop.org Bugzilla #12673, Johnp-redhat (johnp-redhat) wrote on 2008-01-15:

#10

committed, thanks

Revision history for this message

wolfger (wolfger) wrote on 2008-03-06:

#11

Not seeing why this bug was marked "incomplete". You should only set "incomplete" if:
-you have to ask the reporter questions
-you ask the submitter to provide any necessary information in a comment

I am marking it "confirmed" in the hopes somebody will pay attention to it, since there seems to be plenty of information provided.

Changed in dbus:
status:	Incomplete → New

Revision history for this message

James Westby (james-w) wrote on 2008-07-04:

#12

Hi,

This should be fixed in Intrepid now.

Thanks,

James

Changed in dbus:
status:	New → Fix Released

Bug Watch Updater (bug-watch-updater) on 2008-07-08

Changed in dbus:
status:	Unknown → Fix Released

Bug Watch Updater (bug-watch-updater) on 2010-09-14

Changed in dbus:
importance:	Unknown → Medium

Bug Watch Updater (bug-watch-updater) on 2011-01-25

Changed in dbus:
importance:	Medium → Unknown

Bug Watch Updater (bug-watch-updater) on 2011-02-05

Changed in dbus:
importance:	Unknown → Medium

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

freedesktop-bugs #12673
[RESOLVED FIXED] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntudbus package

update-notifier crashed with SIGSEGV in dbus_connection_send_with_reply()

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
dbus package