Bug 652512 – nm-applet crash in g_hash_table_foreach()

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 652512 - nm-applet crash in g_hash_table_foreach()


Summary:	nm-applet crash in g_hash_table_foreach()


Status:	RESOLVED FIXED

Product:	glib
Classification:	Platform
Component:	general
Version:	2.29.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtkdev
QA Contact:	gtkdev

URL:
Whiteboard:

Duplicates:	652509 (view as bug list)
Depends on:
Blocks:

Reported:	2011-06-13 21:53 UTC by Mathieu Trudel-Lapierre
Modified:	2011-06-20 12:51 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
backtrace (17.31 KB, text/plain) 2011-06-14 17:19 UTC, Jiri Klimes	Details

Description Mathieu Trudel-Lapierre 2011-06-13 21:53:54 UTC

From downstream bug report: https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/795871

It seems as though glib 2.29.6 has nm-applet crash in g_hash_table_foreach(). I've spent most of my afternoon trying to track it down to something, but the best I can tell is that the hash_table is NULL when accessed, thought I'm unable to comprehend why.

AFAICT the same applies in the git master branch, though after reverting to glib 2.29.4 it works properly.

Backtrace is below.

+ Trace 227468

#0 g_hash_table_foreach
at /build/buildd/glib2.0-2.29.6/./glib/ghash.c line 1343
#1 hashtable_iterator
at dbus-gvalue-utils.c line 608
#2 marshal_map
at dbus-gvalue.c line 1716
#3 dbus_g_proxy_marshal_args_to_message
at dbus-gproxy.c line 2244
#4 dbus_g_proxy_begin_call_internal
at dbus-gproxy.c line 2277
#5 dbus_g_proxy_begin_call
at dbus-gproxy.c line 2531
#6 org_freedesktop_NetworkManager_add_and_activate_connection_async
at nm-client-bindings.h line 175
#7 nm_client_add_and_activate_connection
at nm-client.c line 772
#8 applet_menu_item_activate_helper_new_connection
at applet.c line 525
#9 wireless_new_auto_connection
at applet-device-wifi.c line 539
#10 applet_menu_item_activate_helper
at applet.c line 604
#11 g_closure_invoke
at /build/buildd/glib2.0-2.29.6/./gobject/gclosure.c line 771
#12 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.29.6/./gobject/gsignal.c line 3256
#13 g_signal_emit_valist
at /build/buildd/glib2.0-2.29.6/./gobject/gsignal.c line 2987
#14 g_signal_emit
at /build/buildd/glib2.0-2.29.6/./gobject/gsignal.c line 3044
#15 item_activated
at ../../libdbusmenu-gtk/parser.c line 937
#16 g_closure_invoke
at /build/buildd/glib2.0-2.29.6/./gobject/gclosure.c line 771
#17 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.29.6/./gobject/gsignal.c line 3256
#18 g_signal_emit_valist
at /build/buildd/glib2.0-2.29.6/./gobject/gsignal.c line 2987
#19 g_signal_emit
at /build/buildd/glib2.0-2.29.6/./gobject/gsignal.c line 3044
#20 dbusmenu_menuitem_handle_event
at /build/buildd/libdbusmenu-0.4.3/./libdbusmenu-glib/menuitem.c line 1708
#21 event_local_handler
at /build/buildd/libdbusmenu-0.4.3/./libdbusmenu-glib/server.c line 1500
#22 g_timeout_dispatch
at /build/buildd/glib2.0-2.29.6/./glib/gmain.c line 3955
#23 g_main_dispatch
at /build/buildd/glib2.0-2.29.6/./glib/gmain.c line 2477
#24 g_main_context_dispatch
at /build/buildd/glib2.0-2.29.6/./glib/gmain.c line 3050
#25 g_main_context_iterate
at /build/buildd/glib2.0-2.29.6/./glib/gmain.c line 3128
#26 g_main_loop_run
at /build/buildd/glib2.0-2.29.6/./glib/gmain.c line 3336
#27 main
at main.c line 106

Comment 1 Matthias Clasen 2011-06-13 22:13:43 UTC

I think you are most likely getting hit by 

Author: Matthias Clasen <mclasen@redhat.com>  2011-05-20 15:07:08
Committer: Matthias Clasen <mclasen@redhat.com>  2011-05-20 15:07:08
Parent: afc5319a273d2154cb725110f170a7e7c6b87076 (Be more careful when calling destroy notifies)
Child:  4ddb84999d47816624f9ae7dcba181cbccd5c4d9 (g_key_file_has_key_full: Clarify the docs)
Branches: master, remotes/origin/g-property, remotes/origin/master, wip/typecheck-performance
Follows: 2.29.4
Precedes: 2.29.6

    Enforce rules about modifying hash tables in callbacks
    
    We have the infrastructure to do this, so lets do it.
    Also add tests for find and foreach to the testsuite.
    Bug 650688

Which would make this an application bug.

Comment 2 Mathieu Trudel-Lapierre 2011-06-14 00:39:31 UTC

Seemed to me like it was the case, but I looked hard for code that would modify hash tables that way in nm-applet and couldn't find any. There was another bug about dbusmenu though, but that's another library and ubuntu-specific.

Now, I can't seem to reproduce the issue, so I think you might as well close it. Sorry for the trouble.

Comment 3 Mathieu Trudel-Lapierre 2011-06-14 13:04:48 UTC

Matthias, wouldn't building with --disable-debug workaround the issue? I've tried a build with that locally and still get crashes.

Comment 4 Matthias Clasen 2011-06-14 15:03:56 UTC

Either way, more debugging is needed. Unless you have a testcase that involves nothing but a hash table, I still think this is a problem between nm and dbus-glib.

Comment 5 Jiri Klimes 2011-06-14 17:19:33 UTC

Created attachment 189929 [details]
backtrace


I've run nm-applet in the debugger with glib2-2.29.8-1.

The problem is in nm_client_add_and_activate_connection(). There is a partial connection (not NULL) pass to it. But nm_connection_to_hash() return NULL and thus NULL hash is passed to org_freedesktop_NetworkManager_add_and_activate_connection_async()

Comment 6 Jiri Klimes 2011-06-14 17:45:53 UTC

Fixed in master:
b4a72d1ad794aef4c623fd530fc38ceb9b95456d

Comment 7 Jiri Klimes 2011-06-20 12:51:25 UTC

*** Bug 652509 has been marked as a duplicate of this bug. ***