Bug 698246 – [mm 0.8] segfault in mm_sms_part_new_from_binary_pdu

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 698246 - [mm 0.8] segfault in mm_sms_part_new_from_binary_pdu


Summary:	[mm 0.8] segfault in mm_sms_part_new_from_binary_pdu


Status:	RESOLVED FIXED

Product:	NetworkManager
Classification:	Platform
Component:	ModemManager
Version:	git master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	NetworkManager maintainer(s)
QA Contact:	NetworkManager maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2013-04-17 22:10 UTC by Jan Alexander Steffens (heftig)
Modified:	2013-04-18 12:49 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Syslog excerpt (9.01 KB, text/plain) 2013-04-17 22:10 UTC, Jan Alexander Steffens (heftig)	Details
ModemManager debug log (289.25 KB, text/plain) 2013-04-18 10:47 UTC, phanisvara das	Details

Description Jan Alexander Steffens (heftig) 2013-04-17 22:10:34 UTC

Created attachment 241779 [details]
Syslog excerpt

+ Trace 231809

#0 __memcpy_ssse3_back
from /usr/lib/libc.so.6
#1 g_array_append_vals
from /usr/lib/libglib-2.0.so.0
#2 g_byte_array_append
from /usr/lib/libglib-2.0.so.0
#3 mm_sms_part_new_from_binary_pdu
#4 mm_sms_part_new_from_pdu
#5 ??
#6 g_simple_async_result_complete
from /usr/lib/libgio-2.0.so.0
#7 ??
#8 ??
#9 ??
#10 ??
#11 g_main_context_dispatch
from /usr/lib/libglib-2.0.so.0
#12 ??
from /usr/lib/libglib-2.0.so.0
#13 g_main_loop_run
from /usr/lib/libglib-2.0.so.0
#14 main


ModemManager b95dc3f2f56084b7cfd253beed62716e708bd67e
glib 2.36.1
glibc 2.17
gcc 4.8

Downstream bug report: https://bugs.archlinux.org/task/34795

Comment 1 Aleksander Morgado 2013-04-18 08:50:29 UTC

Could the user gather ModemManager debug logs?

https://live.gnome.org/NetworkManager/ModemManager/Debugging

I'd like to reproduce the issue myself with the exact SMS contents. If the user doesn't want to show his/her SMS contents in public, please email me the logs directly,

Comment 2 phanisvara das 2013-04-18 10:47:40 UTC

Created attachment 241813 [details]
ModemManager debug log

Comment 3 phanisvara das 2013-04-18 10:52:33 UTC

above are the logs as requested, from before i connected the ZTE modem until after MM died.

Comment 4 Aleksander Morgado 2013-04-18 11:19:26 UTC

Shit, we allow max 256 bytes for each debug log, so the CMGL replies get cut... need to fix that.

Can you do the following to get the CMGL reply manually?

First, disable and stop ModemManager:
 $> sudo systemctl disable ModemManager
 $> sudo systemctl stop ModemManager

Now, run minicom on the tty port:
 $> sudo minicom -D /dev/ttyUSB2

And inside minicom, run:
  AT+CMGF=0
  AT+CPMS="SM"
  AT+CMGL=4

And send back the results of those commands.

Comment 5 Aleksander Morgado 2013-04-18 11:24:05 UTC

Actually, it seems it isn't MM limiting the message size, may be syslog itself. So, instead of the minicom, you can try to copy & paste the output of ModemManager --debug itself, not the one you gather from syslog. Or the minicom output, whatever you prefer.

Comment 6 phanisvara das 2013-04-18 11:39:55 UTC

root@laptop phani]# minicom -D /dev/ttyUSB2

Welcome to minicom 2.6.2

OPTIONS: I18n 
Compiled on Mar  5 2013, 16:40:07.
Port /dev/ttyUSB2, 17:05:50

Press CTRL-A Z for help on special keys

AT+CMGF=0
OK
AT+CPMS="SM"
+CPMS: 25,30,50,100,50,100

OK
AT+CMGL=4
+CMGL: 0,1,,98
07911909410050210409D0B55C2C16030000213091211370225BD7F28F0C62A7D76510FD0D5ABBDF7750DA0CCABFEBA07B595E06CDC3F4F4B
+CMGL: 1,1,,82
07911939227268010405A12518F10000213091213524224BC472580E1AD6E7F477BB2C6781B2EFBA1C049A269BA0E0989EB687E9E9B71B248
+CMGL: 2,1,,130
0791190922005040040BD0B69AAD06B3010000213091817093227E552733D94C528B4490F2B92C4E41C8F03C9D2F83C27539081D9E87D3F93
+CMGL: 3,1,,41
07911909220050110009D035192E16030000213012813351221AF437399C7781A8E8B07B0DCABFEB2C90B4CC4E87DDE332
+CMGL: 4,1,,156
07911909220050110409D035192E16030000213012813361229DC472580E1AD6E7F477BB2C6781F2EFBA1C242F8FD161F9B90C32BFE5A0A62
+CMGL: 5,1,,139
0791190922005040040BD0B69AAD06B30100002130621230622289C42035E93CB240C6E014997C3A41E1BA1C347CB3D9E57319C44E9BCB205
+CMGL: 6,1,,140
0791190922005040040BD0B69AAD06B3010000214070914475228AC474980DAAD96A3119C8FC9683AA4E66B299A41689A0F1BBDD2EBBE9615
+CMGL: 7,1,,105
07911939097068510410D0D266CB568BC9663400002140015130752260C472580E1AD6E7F477BB2C6781CE653AC85867B341542AE8ED06C9B
+CMGL: 8,1,,105
07911939097068510410D0D266CB568BC9663400002140015140432260C472580E1AD6E7F477BB2C6781CE653AC85867B341542AE8ED06C9B
+CMGL: 9,1,,105
07911939227268510410D0D266CB568BC9663400002140414131602260C472580E1AD6E7F477BB2C6781CE653AC85867B341542AE8ED06C9B
+CMGL: 10,1,,144
07911939227268510410D0D266CB568BC966340000214061113010228CD2323B1D768FCBA0E3B4092A83CA6BF4DB0DA2BEE17538280603F56
+CMGL: 11,1,,120
07911939227268420404A1630000002140816000512278C8340B947FD7E5A0E65B9C6697414937BD2C7797E9A01768F86E8BDF206878BC063
+CMGL: 12,1,,144
07911939227268510410D0D266CB568BC966340000214081219223228CD2323B1D768FCBA0E3B4092A83CA6BF4DB0DA2BEE17538280603F56
+CMGL: 13,1,,99
07911939227268010405A12518F10000214012405571225EC472580E1AD6E7F477BB2C6781AE65103A6C2F83E4E5737A4E2FCBCB6450FE5D1
+CMGL: 14,1,,98
07911909220050114005D05501F0FFFF000021503080355222A0050003E20201A465763AEC1E9741F7349B0D9A97DD64103AEC26CFCB74D04
+CMGL: 15,1,,35
07911909220050114405D05501F0FFFF00002150308035132220050003E20202DE725018044D3A592038BB
+CMGL: 16,1,,99
07911939227268010405A12518F10000216050210503225EC472580E1AD6E7F477BB2C6781AE65103A6C2F83E4E5737A4E2FCBCB6450FE5D1
+CMGL: 17,1,,158
07911939097068510410D0D266CB568BC966340000216080518402229C41361BC47C8FC36C90B4CC4E87DDE332681866B3E720400C067FB57
+CMGL: 18,1,,114
07911909220050310410D0D266CB568BC966340000216061011523226AC472580E9296D9E9B07B5C068DEB73FABB5D96B340EEF71D242F8F3
+CMGL: 19,1,,114
07911939227268510410D0D266CB568BC966340000216091518480226AC472580E9296D9E9B07B5C068DEB73FABB5D96B340EEF71D242F8F3
+CMGL: 20,1,,129
07911939097068510410D0D266CB568BC966340000216002812462227BD3E6140400C5E02069999D0EBBC765D071DA049543A0A49B9C0E83B
+CMGL: 21,1,,131
07911989720022920405A15533F300002160723190242283C472580E1AD6E7F477BB2C6781B2EFBA1CD47C8BD3EC3248287F87C9E2B09B0CB
+CMGL: 22,1,,58
07911989720022920405A15533F300002170321241042230C472580E1AD6E7F477BB2C07B140CE37881CA68741E2303BEC1E97E7A0B41B949
+CMGL: 23,1,,151
07911909220050400409D0B55A0C060300002101321182832297D2323B1D768FCBA07B9ACD06CDCB6E32081D7693E7653A68FC769BD3E7BA0
+CMGL: 24,1,,58
07911989720022920405A15533F300002101321192032230C472580E1AD6E7F477BB2C07B140CE37881CA68741E2303BEC1E97E7A0B41B949

OK

Comment 7 Aleksander Morgado 2013-04-18 12:49:06 UTC

Fixed the segfault in commit 95274bfa2327a5fec59db33ca94463f4f9baff9c.

Opened a new bug 698298 for the actual PDU parsing issue. So now, MM shouldn't crash, but that specific SMS won't be included.

I'll mark it as fixed for now, please reopen if you still get it once the previous patch is applie.