GNOME Bugzilla – Bug 785674
Regression around 1.8.2: segfault when opening "Edit" dialog
Last modified: 2018-01-16 08:20:51 UTC
Steps to reproduce on my system: - Run 'nm-connection-editor' - Select any network (in my case, a home WLAN for which the computer doesn't have the password yet; but *all other* networks are also affected) - Click the 'Edit' button Expected behavior: Not sure how, but it should open the configuration dialog eventually. Actual behavior: Segfault in src/libnma/nma-cert-chooser-button.c:95 Relevant part of gdb's output: #0 0xb76b121e in modules_initialized (object=0x0, res=0x8104d8e0, user_data=0x81058178) at src/libnma/nma-cert-chooser-button.c:95 self = 0x81058178 [NMACertChooserButton] error = 0x0 modules = 0x0 iter = {stamp = -2134551640, user_data = 0x80c553c8, user_data2 = 0x1, user_data3 = 0x80f8af20} And line 95 is: 93 if (!modules) { 94 /* The Front Fell Off. */ 95 g_critical ("Error getting registered modules: %s", error->message); 96 g_error_free (error); 97 } It tries to access the 'message' field of 'error', which is null. So there is a soft-error (no modules found), which is then handled badly at some point ('error' ends up being null-but-accessed). 'error' probably should be written by 'gck_modules_initialize_registered_finish', and I have no idea why it doesn't. Not sure if the problem is with gck or with libnma's usage of it. Assuming it's libnma's fault, is this the right place to report bugs? Can someone look into it and maybe even fix it? Cheers, Ben PS: Already report downstream in the Debian BTS as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865013#41
I forgot to mention: This is *not* related to any of the existing bugs, for the following reasons: - 781580: Different kind of behavior. Here: segfault; there: disabled buttons. - 768986: Crashes in a different place. - 733034: May have the same underlying cause, but sounds different enough. - 755663: Here: broken existing feature; there: proposed/missing feature.
I believe I am having a related (or the same issue). With network-manager-gnome 1.8.10, I also get a crash on clicking the "Edit" icon for any network. I have discovered this only occurs when I have the opensc-pkcs11 package installed. I get this message before the segfault: (nm-connection-editor:29856): Gck-WARNING **: couldn't get slot info: An error occurred on the device [1] 29856 segmentation fault (core dumped) nm-connection-editor My full backtrace:
+ Trace 238335
Other information that may be useful: pwndbg> info locals slot_info = <optimized out> ret_value = 0x0 pwndbg> up f 0 7ffff7ba931e modules_initialized+254 ► f 1 7ffff7ba931e modules_initialized+254 f 2 7ffff54c9af4 process_completed.isra+164 f 3 7ffff54c9af4 process_completed.isra+164 f 4 7ffff54ca43c _gck_call_async_go+60 f 5 7ffff66c5735 g_type_create_instance+485 f 6 7ffff66a65d8 f 7 7ffff66a8450 g_object_new_valist+976 f 8 7ffff66a87c9 g_object_new+153 f 9 7ffff7ba9e22 nma_cert_chooser_button_new+98 f 10 7ffff7baa63e init+254 f 11 7ffff7ba5eab constructor+235 pwndbg> info locals slot = 0x55555612ac60 self = <optimized out> slots = 0x555555a4d660 = {0x55555612ac60, 0x55555612ab80, 0x55555612aa90, 0x555555f419f0, 0x55555612adf0, 0x55555612ae40} list_iter = 0x555555a4d660 = {0x55555612ac60, 0x55555612ab80, 0x55555612aa90, 0x555555f419f0, 0x55555612adf0, 0x55555612ae40} error = 0x0 modules = 0x555555a37d80 = {0x555556002cb0, 0x555556002c20, 0x555556002b90} iter = { stamp = 0x396ba989, user_data = 0x7fffdc049a10, user_data2 = 0x1, user_data3 = 0x7ffff639c261 } model = 0x555555e34f80 info = <optimized out> label = <optimized out>
Hmm, I think these are definitely distinct issues. Here's what I observe with 1.8.10: Thread 1 "nm-connection-e" received signal SIGSEGV, Segmentation fault. 0x00007ffff7bab4d3 in modules_initialized (object=<optimized out>, res=0x555555f34080, user_data=user_data@entry=0x555555f36360) at src/libnma/nma-cert-chooser-button.c:98 98 src/libnma/nma-cert-chooser-button.c: Datei oder Verzeichnis nicht gefunden. (gdb) info locals self = 0x555555f36360 slots = <optimized out> list_iter = <optimized out> error = 0x0 modules = 0x0 iter = {stamp = 1441177200, user_data = 0x7ffff63daa03 <g_queue_pop_tail+51>, user_data2 = 0x1, user_data3 = 0x7ffff639e261} model = <optimized out> info = <optimized out> label = <optimized out> (gdb) So it still crashes for me during the error-handling. Cheers, Ben
Cause: Apparently it's perfectly okay if the list of modules is empty (e.g., NULL). However, the code assume that this indicates an error, tries to print the NULL error, and crashes. Checking for NULL before printing it fixes the issue. I'm not sure though whether an empty modules list is okay or not. See attached patch which implements this. It applies cleanly to current master.
Created attachment 366805 [details] [review] Patch to fix the crash-on-warning Fixes #785674. Cause: Apparently it's perfectly okay if the list of modules is empty (e.g., NULL). However, the code assume that this indicates an error, tries to print the NULL error, and crashes. Checking for NULL before printing it fixes the issue. I'm not sure though whether an empty modules list is okay or not. Signed-off-by: Ben Wiederhake <BenWiederhake.GitHub@gmx.de>
(In reply to BenWiederhake.GitHub from comment #5) > Created attachment 366805 [details] [review] [review] > Patch to fix the crash-on-warning Thank you. Applied, with a small change. https://git.gnome.org/browse/network-manager-applet/commit/?id=a37483c1a364ef3cc1cfa29e7ad51ca108d75674
@David Tomaschik: So it looks like you're experiencing a different bug, and you should open a new issue about it. I don't know what the underlying issue actually is, but a quick and dirty work-around might be to change this (line 69): if (g_str_has_prefix (slot_info->slot_description, "/")) to this: if (!slot_info || g_str_has_prefix (slot_info->slot_description, "/")) Again, this is quick and dirty, and just masks that there is a problem during `gck_slot_get_info`. Cheers, Ben