valgrind log:
"==21810== Invalid read of size 4
==21810== at 0x8056A81: bubble_get_id (bubble.c:3100)
==21810== by 0x8064432: stack_notify_handler (stack.c:785)
==21810== by 0x806275C:
dbus_glib_marshal_stack_VOID__STRING_UINT_STRING_STRING_STRING_BOXED_BOXED_INT_POINTER
(stack-glue.h:102)
==21810== by 0x42410B5: object_registration_message (dbus-gobject.c:1899)
==21810== by 0x4279417: ??? (in /lib/i386-linux-gnu/libdbus-1.so.3.7.3)
==21810== by 0x426A45C: dbus_connection_dispatch (in
/lib/i386-linux-gnu/libdbus-1.so.3.7.3)
==21810== by 0x423DF0C: message_queue_dispatch (dbus-gmain.c:90)
==21810== by 0x4C505CD: g_main_context_dispatch (gmain.c:3058)
==21810== by 0x4C50977: g_main_context_iterate.isra.21 (gmain.c:3705)
==21810== by 0x4C50DDA: g_main_loop_run (gmain.c:3899)
==21810== by 0x4D85934: (below main) (libc-start.c:260)
==21810== Address 0x660aae0 is 160 bytes inside a block of size 184 free'd
==21810== at 0x402AC38: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==21810== by 0x4C5640F: g_free (gmem.c:197)
==21810== by 0x4C6CEFA: g_slice_free1 (gslice.c:1124)
==21810== by 0x4BE7ECC: g_type_free_instance (gtype.c:1932)
==21810== by 0x4BC950A: g_object_unref (gobject.c:3202)
==21810== by 0x8063D2D: stack_layout (display.c:308)
==21810== by 0x806455E: stack_notify_handler (stack.c:772)
==21810== by 0x806275C:
dbus_glib_marshal_stack_VOID__STRING_UINT_STRING_STRING_STRING_BOXED_BOXED_INT_POINTER
(stack-glue.h:102)
==21810== by 0x42410B5: object_registration_message (dbus-gobject.c:1899)
==21810== by 0x4279417: ??? (in /lib/i386-linux-gnu/libdbus-1.so.3.7.3)
==21810== by 0x426A45C: dbus_connection_dispatch (in
/lib/i386-linux-gnu/libdbus-1.so.3.7.3)
==21810== by 0x423DF0C: message_queue_dispatch (dbus-gmain.c:90)
==21810== by 0x4C505CD: g_main_context_dispatch (gmain.c:3058)
==21810== by 0x4C50977: g_main_context_iterate.isra.21 (gmain.c:3705)
==21810== by 0x4C50DDA: g_main_loop_run (gmain.c:3899)
==21810== by 0x4D85934: (below main) (libc-start.c:260)"
The issue is:
* the stack_notify_handler code does:
" stack_layout (self);
}
if (bubble)
dbus_g_method_return (context, bubble_get_id (bubble));"
* stack_layout() does:
" if (dnd_dont_disturb_user ()
&& (! bubble_is_urgent (bubble)))
...
g_object_unref (bubble);"
* so basically in the case where the bubble is not displayed the object
is unrefed, but bubble is not set to NULL which makes if (bubble) not
work as intended.
Not sure we can set bubble to NULL after the unref though since
stack_allocate_slot() has code that g_object_ref() bubble objects, so it
seems their ref count can be > 1 and it would be wrong to do bubble =
NULL before the ref reachs 0...
** Changed in: notify-osd (Ubuntu)
Importance: Medium => High
** Project changed: liferea => notify-osd
** Summary changed:
- notify-osd crashed with SIGSEGV while checking bubble private mode
G_TYPE_INSTANCE_GET_PRIVATE in bubble_get_id()
+ notify-osd sefaults in bubble_get_id() trying to access an unrefed object
** Changed in: notify-osd
Importance: Undecided => High
** Changed in: notify-osd
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1189281
Title:
notify-osd sefaults in bubble_get_id() trying to access an unrefed
object
To manage notifications about this bug go to:
https://bugs.launchpad.net/notify-osd/+bug/1189281/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
