GNOME Bugzilla – Bug 787010
gnome-control-center hotspot panel segfaults in nm-remote-connection updated_cb()
Last modified: 2017-10-06 13:27:04 UTC
Using current 1.8 on Ubuntu, the new g-c-c segfaults after enabling wifi hotspot and switching screens with that warning (gnome-control-center:17933): GLib-GObject-CRITICAL **: g_type_instance_get_private: assertion 'instance != NULL && instance->g_class != NULL' failed backtrace
+ Trace 237910
in fact it looks like the problem could be from g-c-c (using current trunk, 3.25.91+), corresponding valgrind log ==17370== Invalid read of size 8 ==17370== at 0x27CC14: nm_device_wifi_refresh_ui (in /tmp/gnome-control-center/shell/gnome-control-center) ==17370== by 0x27C6ED: get_secrets_cb (in /tmp/gnome-control-center/shell/gnome-control-center) ==17370== by 0xBE63715: g_simple_async_result_complete (gsimpleasyncresult.c:801) ==17370== by 0x9C71D81: get_secrets_cb (nm-remote-connection.c:456) ==17370== by 0xBE75022: g_task_return_now (gtask.c:1145) ==17370== by 0xBE75A45: g_task_return (gtask.c:1203) ==17370== by 0xBEB3E9A: reply_cb (gdbusproxy.c:2589) ==17370== by 0xBE75022: g_task_return_now (gtask.c:1145) ==17370== by 0xBE75A45: g_task_return (gtask.c:1203) ==17370== by 0xBEA8B01: g_dbus_connection_call_done (gdbusconnection.c:5722) ==17370== by 0xBE75022: g_task_return_now (gtask.c:1145) ==17370== by 0xBE75058: complete_in_idle_cb (gtask.c:1159) ==17370== Address 0x38f7e848 is 184 bytes inside a block of size 200 free'd ==17370== at 0x4C2ED3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17370== by 0xC1B8B32: g_type_free_instance (gtype.c:1937) ==17370== by 0xC3F6DDA: g_ptr_array_foreach (garray.c:1512) ==17370== by 0xC3F6E6F: ptr_array_free (garray.c:1098) ==17370== by 0x274535: cc_wifi_panel_finalize (in /tmp/gnome-control-center/shell/gnome-control-center) ==17370== by 0xC198DA1: g_object_unref (gobject.c:3314) ==17370== by 0xA530A6B: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2200.19) ==17370== by 0xA57BB6D: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2200.19) ==17370== by 0xC193F9C: g_closure_invoke (gclosure.c:804) ==17370== by 0xC1A6EA1: signal_emit_unlocked_R (gsignal.c:3751) ==17370== by 0xC1AF504: g_signal_emit_valist (gsignal.c:3391) ==17370== by 0xC1AFF1E: g_signal_emit (gsignal.c:3447)
Created attachment 360842 [details] [review] network/wifi: Use cancellables for NM async operations Our NM async callbacks already handle being cancelled and we already have a cancellable in the base NetObject class, we just weren't wiring it up to the async calls. Do that to prevent use after free crashes.
Pushing to gnome-3-26 and master Attachment 360842 [details] pushed as ee3fa31 - network/wifi: Use cancellables for NM async operations
the patch seems to work fine, thanks