Bug 596115 – reproducible SEGV at-spi-registryd for karmic when turning on Assistive Technologies and logging out

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 596115 - reproducible SEGV at-spi-registryd for karmic when turning on Assistive Technologies and logging out


Summary:	reproducible SEGV at-spi-registryd for karmic when turning on Assistive Techn...


Status:	RESOLVED DUPLICATE of bug 578334

Product:	at-spi
Classification:	Platform
Component:	general
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Li Yuan
QA Contact:	Li Yuan

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2009-09-23 20:11 UTC by Martin Olsson
Modified:	2010-03-02 07:21 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
full gdb backtrace etc (9.03 KB, text/plain) 2009-09-23 20:11 UTC, Martin Olsson	Details

Description Martin Olsson 2009-09-23 20:11:39 UTC

Created attachment 143827 [details]
full gdb backtrace etc

Three users downstream have reported the same bug:
https://bugs.launchpad.net/ubuntu/+source/at-spi/+bug/420053

Repro steps:
1. install the current snapshot of ubuntu karmic
2. tick the checkbox "system::prefs::assistive techs::enable assistive tech"
3. (optionally attach gdb from an ssh shell logged in from another computer)
4. log out
5. SEGV in process "at-spi-registryd" function "_SmcProcessMessage".


Exact location is src/sm_process.c:324 (the function pointer call in the last
statement in the snippet below)

*smcConn->callbacks.save_complete.callback is NULL when the programs jumps to
it.

...
    case SM_SaveComplete:

        if (!smcConn->save_yourself_in_progress)
        {
            _IceErrorBadState (iceConn, _SmcOpcode,
                SM_SaveComplete, IceCanContinue);
        }
        else
        {
            CHECK_SIZE_MATCH (iceConn, _SmcOpcode, opcode,
                length, SIZEOF (smSaveCompleteMsg),
                IceFatalToProtocol);

            smcConn->save_yourself_in_progress = False;

            (*smcConn->callbacks.save_complete.callback) (smcConn,
                smcConn->callbacks.save_complete.client_data);
        }
        break;
...

Comment 1 Li Yuan 2009-11-09 06:22:09 UTC


*** This bug has been marked as a duplicate of bug 578334 ***