GNOME Bugzilla – Bug 580990
gnome-session can crash when badly name app is saved to session
Last modified: 2009-10-11 20:39:48 UTC
Please describe the problem: I have created a patch for OpenSolaris as that in http://bugzilla.gnome.org/show_bug.cgi?id=575546. When I run gnome-session-save multiple times, gnome-session can crash sometimes with a stack trace in the sys log file: Apr 30 11:10:28 htj gnome-session[4520]: [ID 124589 daemon.crit] ******************* START ******************************** Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 0: /usr/bin/gnome-session'fallback_get_backtrace+0x17 [0x8079157] Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 1: /usr/bin/gnome-session'gdm_signal_handler_backtrace+0x6a [0x807933a] Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 2: /usr/bin/gnome-session'signal_handler+0x31 [0x8079371] Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 3: /lib/libc.so.1'__sighndlr+0xf [0xfcd4d0af] Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 4: /lib/libc.so.1'call_user_handler+0x2af [0xfcd401af] Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 5: /usr/bin/gnome-session'prop_to_command+0x25 [0x806b5a5] Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 6: /usr/bin/gnome-session'xsmp_get_app_name+0x36 [0x806c1e6] Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 7: /usr/bin/gnome-session'gsm_client_get_app_name+0x5d [0x806a60d] Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 8: /usr/bin/gnome-session'is_client_blacklisted+0x18 [0x80869e8] Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 9: /usr/bin/gnome-session'save_one_client+0x42 [0x8086ad2] Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 10: /usr/lib/libglib-2.0.so.0.2000.0'g_hash_table_find+0x58 [0xfcfd3ffc] Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 11: /usr/bin/gnome-session'gsm_store_foreach+0x73 [0x807d313] Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 12: /usr/bin/gnome-session'gsm_session_save+0xa6 [0x8086d36] Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 13: /usr/bin/gnome-session'maybe_save_session+0x72 [0x8083372] Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 14: /usr/bin/gnome-session'end_phase+0x116 [0x8080ec6] Apr 30 11:10:28 htj gnome-session[4520]: [ID 883141 daemon.crit] Frame 15: /usr/bin/gnome-session'on_client_end_session_response+0x2af [0x808367f] ... Steps to reproduce: 1. 2. 3. Actual results: Expected results: Does this happen every time? Other information: The problem it seems to have caused by a bad SmProgram and it return a NULL structure which is not checked. (down stream bug http://defect.opensolaris.org/bz/show_bug.cgi?id=8554). And patch: diff -urN gnome-session-2.26.1/gnome-session/gsm-xsmp-client.c ../SUNWgnome-session-2.26.1.hacked/gnome-session-2.26.1/gnome-session/gsm-xsmp-client.c --- gnome-session-2.26.1/gnome-session/gsm-xsmp-client.c 2009-04-30 16:31:31.198605588 +0100 +++ ../SUNWgnome-session-2.26.1.hacked/gnome-session-2.26.1/gnome-session/gsm-xsmp-client.c 2009-04-30 16:47:46.285472714 +0100 @@ -784,6 +784,9 @@ char *name; prop = find_property (GSM_XSMP_CLIENT (client), SmProgram, NULL); + if (!prop) + return NULL; + name = prop_to_command (prop); return name;
I'll close as dup of bug 590828 because the patch is attached as a patch (which is useful when searching for patches ;-)) and I commented there already. *** This bug has been marked as a duplicate of bug 590828 ***