After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 662271 - SIGSEGV running dconf update
SIGSEGV running dconf update
Status: RESOLVED FIXED
Product: dconf
Classification: Core
Component: dconf
0.10.x
Other OpenBSD
: Normal major
: ---
Assigned To: dconf-maint
dconf-maint
Depends on:
Blocks:
 
 
Reported: 2011-10-20 07:14 UTC by Antoine Jacoutot
Modified: 2011-11-01 13:49 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
dconf update: don't access before start of string (1.13 KB, patch)
2011-10-31 23:14 UTC, Allison Karlitskaya (desrt) 		committed Details | Review

Description Antoine Jacoutot 2011-10-20 07:14:57 UTC 
Hi.

Sometimes when running 'dconf update', it crashes with a segfault.


(gdb) run update
Starting program: /usr/local/bin/dconf update

Program received signal SIGSEGV, Segmentation fault.
[Switching to process 11569, thread 0x202719000]
string_get (self=0x20c3f4000 "/org/gnome/settings-daemon/plugins/font/active", index=-1) at dconf-update.c:64
64              return result;
(gdb) bt full

+ Trace 228866

  • #0 string_get
    at dconf-update.c line 64
  • #1 get_parent
    at dconf-update.c line 147
  • #0 string_get
    at dconf-update.c line 64
  • #1 get_parent
    at dconf-update.c line 147
  • #2 read_directory
    at dconf-update.c line 505
  • #3 maybe_update_from_directory
    at dconf-update.c line 646
  • #4 update_all
    at dconf-update.c line 760
  • #5 dconf_update
    at dconf-update.c line 788
  • #6 _vala_main
    at dconf.c line 1015
  • #7 ___start
  • #8 ?? 






Comment 1


Allison Karlitskaya (desrt)





          2011-10-31 23:14:25 UTC
        



Created attachment 200372 [details] [review]
dconf update: don't access before start of string

Fix a crash caused by attempting to dereference index -1 of a string.

This is very obviously a bug, but has only become a problem on OpenBSD
where the allocator will apparently hand out addresses at the very start
of a page with invalid memory immediately before.

Problem caught by Antoine Jacoutot.


test please?






Comment 2


Antoine Jacoutot





          2011-11-01 13:28:42 UTC
        



> test please?

Thanks Ryan, this patch fixes the crash for me.






Comment 3


Allison Karlitskaya (desrt)





          2011-11-01 13:49:47 UTC
        



Attachment 200372 [details] pushed as 0941519 - dconf update: don't access before start of string

Thanks for testing.