After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 676023 - Invalid read when preparing the aggregator
Invalid read when preparing the aggregator
Status: RESOLVED FIXED
Product: folks
Classification: Platform
Component: general
git master
Other Linux
: Normal normal
: Unset
Assigned To: folks-maint
folks-maint
Depends on:
Blocks:
 
 
Reported: 2012-05-14 11:21 UTC by Guillaume Desmottes
Modified: 2012-05-14 23:22 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
test app (439 bytes, text/x-csrc)
2012-05-14 11:21 UTC, Guillaume Desmottes
Details

Description Guillaume Desmottes 2012-05-14 11:21:59 UTC
Created attachment 213993 [details]
test app

Try running this test app in valgrind with Folks master:


==17086== Invalid read of size 4
==17086==    at 0x5279E6F: tp_proxy_prepare_async (proxy.c:1931)
==17086==    by 0x4C286C1: _tpf_persona_store_notify_connection_cb_async_co (tpf-persona-store.vala:672)
==17086==    by 0x4C28293: _tpf_persona_store_notify_connection_cb_async (tpf-persona-store.vala:41)
==17086==    by 0x4C2818B: _tpf_persona_store_notify_connection_cb (tpf-persona-store.vala:663)
==17086==    by 0x4C26AE9: tpf_persona_store_real_prepare_co (tpf-persona-store.vala:507)
==17086==    by 0x4C25F03: tpf_persona_store_real_prepare (tpf-persona-store.vala:41)
==17086==    by 0x4EA2122: folks_persona_store_prepare (persona-store.vala:281)
==17086==    by 0x4E8F1D1: _folks_individual_aggregator_backend_persona_store_added_cb (individual-aggregator.vala:794)
==17086==    by 0x4E8DFC1: _folks_individual_aggregator_add_backend_co (individual-aggregator.vala:666)
==17086==    by 0x4E8DAE5: _folks_individual_aggregator_add_backend (individual-aggregator.vala:76)
==17086==    by 0x4E8E213: _folks_individual_aggregator_backend_available_cb (individual-aggregator.vala:693)
==17086==    by 0x4E8B0F4: __folks_individual_aggregator_backend_available_cb_folks_backend_store_backend_available (individual-aggregator.vala:363)
==17086==    by 0x5570B80: g_cclosure_marshal_VOID__OBJECTv (gmarshal.c:1312)
==17086==    by 0x556C223: _g_closure_invoke_va (gclosure.c:840)
==17086==    by 0x5587BFF: g_signal_emit_valist (gsignal.c:3207)
==17086==    by 0x5588F0E: g_signal_emit_by_name (gsignal.c:3389)
==17086==    by 0x4E60E1C: _folks_backend_store_backend_load_if_needed_co (backend-store.vala:362)
==17086==    by 0x4E60B0D: _folks_backend_store_backend_load_if_needed_ready (backend-store.vala:358)
==17086==    by 0x5B8AAB8: g_simple_async_result_complete (gsimpleasyncresult.c:767)
==17086==    by 0x8B20791: folks_backends_tp_backend_real_prepare_co (tp-backend.vala:88)
==17086==  Address 0x6666b60 is 0 bytes after a block of size 16 alloc'd
==17086==    at 0x4A05BB4: calloc (vg_replace_malloc.c:467)
==17086==    by 0x58107AB: standard_calloc (gmem.c:104)
==17086==    by 0x581083D: g_malloc0 (gmem.c:189)
==17086==    by 0x5810AFA: g_malloc0_n (gmem.c:385)
==17086==    by 0x4C2861B: _tpf_persona_store_notify_connection_cb_async_co (tpf-persona-store.vala:672)
==17086==    by 0x4C28293: _tpf_persona_store_notify_connection_cb_async (tpf-persona-store.vala:41)
==17086==    by 0x4C2818B: _tpf_persona_store_notify_connection_cb (tpf-persona-store.vala:663)
==17086==    by 0x4C26AE9: tpf_persona_store_real_prepare_co (tpf-persona-store.vala:507)
==17086==    by 0x4C25F03: tpf_persona_store_real_prepare (tpf-persona-store.vala:41)
==17086==    by 0x4EA2122: folks_persona_store_prepare (persona-store.vala:281)
==17086==    by 0x4E8F1D1: _folks_individual_aggregator_backend_persona_store_added_cb (individual-aggregator.vala:794)
==17086==    by 0x4E8DFC1: _folks_individual_aggregator_add_backend_co (individual-aggregator.vala:666)
==17086==    by 0x4E8DAE5: _folks_individual_aggregator_add_backend (individual-aggregator.vala:76)
==17086==    by 0x4E8E213: _folks_individual_aggregator_backend_available_cb (individual-aggregator.vala:693)
==17086==    by 0x4E8B0F4: __folks_individual_aggregator_backend_available_cb_folks_backend_store_backend_available (individual-aggregator.vala:363)
==17086==    by 0x5570B80: g_cclosure_marshal_VOID__OBJECTv (gmarshal.c:1312)
==17086==    by 0x556C223: _g_closure_invoke_va (gclosure.c:840)
==17086==    by 0x5587BFF: g_signal_emit_valist (gsignal.c:3207)
==17086==    by 0x5588F0E: g_signal_emit_by_name (gsignal.c:3389)
==17086==    by 0x4E60E1C: _folks_backend_store_backend_load_if_needed_co (backend-store.vala:362)
==17086== 
==17086== Invalid read of size 4
==17086==    at 0x528E945: _tp_quark_array_copy (util.c:1066)
==17086==    by 0x527705A: tp_proxy_prepare_request_new (proxy.c:361)
==17086==    by 0x5279EEA: tp_proxy_prepare_async (proxy.c:1986)
==17086==    by 0x4C286C1: _tpf_persona_store_notify_connection_cb_async_co (tpf-persona-store.vala:672)
==17086==    by 0x4C28293: _tpf_persona_store_notify_connection_cb_async (tpf-persona-store.vala:41)
==17086==    by 0x4C2818B: _tpf_persona_store_notify_connection_cb (tpf-persona-store.vala:663)
==17086==    by 0x4C26AE9: tpf_persona_store_real_prepare_co (tpf-persona-store.vala:507)
==17086==    by 0x4C25F03: tpf_persona_store_real_prepare (tpf-persona-store.vala:41)
==17086==    by 0x4EA2122: folks_persona_store_prepare (persona-store.vala:281)
==17086==    by 0x4E8F1D1: _folks_individual_aggregator_backend_persona_store_added_cb (individual-aggregator.vala:794)
==17086==    by 0x4E8DFC1: _folks_individual_aggregator_add_backend_co (individual-aggregator.vala:666)
==17086==    by 0x4E8DAE5: _folks_individual_aggregator_add_backend (individual-aggregator.vala:76)
==17086==    by 0x4E8E213: _folks_individual_aggregator_backend_available_cb (individual-aggregator.vala:693)
==17086==    by 0x4E8B0F4: __folks_individual_aggregator_backend_available_cb_folks_backend_store_backend_available (individual-aggregator.vala:363)
==17086==    by 0x5570B80: g_cclosure_marshal_VOID__OBJECTv (gmarshal.c:1312)
==17086==    by 0x556C223: _g_closure_invoke_va (gclosure.c:840)
==17086==    by 0x5587BFF: g_signal_emit_valist (gsignal.c:3207)
==17086==    by 0x5588F0E: g_signal_emit_by_name (gsignal.c:3389)
==17086==    by 0x4E60E1C: _folks_backend_store_backend_load_if_needed_co (backend-store.vala:362)
==17086==    by 0x4E60B0D: _folks_backend_store_backend_load_if_needed_ready (backend-store.vala:358)
==17086==  Address 0x6666b60 is 0 bytes after a block of size 16 alloc'd
==17086==    at 0x4A05BB4: calloc (vg_replace_malloc.c:467)
==17086==    by 0x58107AB: standard_calloc (gmem.c:104)
==17086==    by 0x581083D: g_malloc0 (gmem.c:189)
==17086==    by 0x5810AFA: g_malloc0_n (gmem.c:385)
==17086==    by 0x4C2861B: _tpf_persona_store_notify_connection_cb_async_co (tpf-persona-store.vala:672)
==17086==    by 0x4C28293: _tpf_persona_store_notify_connection_cb_async (tpf-persona-store.vala:41)
==17086==    by 0x4C2818B: _tpf_persona_store_notify_connection_cb (tpf-persona-store.vala:663)
==17086==    by 0x4C26AE9: tpf_persona_store_real_prepare_co (tpf-persona-store.vala:507)
==17086==    by 0x4C25F03: tpf_persona_store_real_prepare (tpf-persona-store.vala:41)
==17086==    by 0x4EA2122: folks_persona_store_prepare (persona-store.vala:281)
==17086==    by 0x4E8F1D1: _folks_individual_aggregator_backend_persona_store_added_cb (individual-aggregator.vala:794)
==17086==    by 0x4E8DFC1: _folks_individual_aggregator_add_backend_co (individual-aggregator.vala:666)
==17086==    by 0x4E8DAE5: _folks_individual_aggregator_add_backend (individual-aggregator.vala:76)
==17086==    by 0x4E8E213: _folks_individual_aggregator_backend_available_cb (individual-aggregator.vala:693)
==17086==    by 0x4E8B0F4: __folks_individual_aggregator_backend_available_cb_folks_backend_store_backend_available (individual-aggregator.vala:363)
==17086==    by 0x5570B80: g_cclosure_marshal_VOID__OBJECTv (gmarshal.c:1312)
==17086==    by 0x556C223: _g_closure_invoke_va (gclosure.c:840)
==17086==    by 0x5587BFF: g_signal_emit_valist (gsignal.c:3207)
==17086==    by 0x5588F0E: g_signal_emit_by_name (gsignal.c:3389)
==17086==    by 0x4E60E1C: _folks_backend_store_backend_load_if_needed_co (backend-store.vala:362)
==17086==
Comment 1 Philip Withnall 2012-05-14 23:22:51 UTC
Fixed in master, thanks.

commit 6b29928ae3e979b488802e60deb29a02450f30f2
Author: Philip Withnall <philip@tecnocode.co.uk>
Date:   Tue May 15 00:21:46 2012 +0100

    Bug 676023 — Invalid read when preparing the aggregator
    
    Properly 0-terminate an array passed to tp_proxy_prepare_async().
    
    Closes: https://bugzilla.gnome.org/show_bug.cgi?id=676023

 NEWS                                          |    1 +
 backends/telepathy/lib/tpf-persona-store.vala |    3 ++-
 2 files changed, 3 insertions(+), 1 deletions(-)