After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 704523 - g_thread_create_full() can dereference NULL pointer
g_thread_create_full() can dereference NULL pointer
Status: RESOLVED FIXED
Product: glib
Classification: Platform
Component: gthread
2.36.x
Other Linux
: Normal normal
: ---
Assigned To: gtkdev
gtkdev
Depends on:
Blocks:
 
 
Reported: 2013-07-19 06:58 UTC by Milan Crha
Modified: 2013-07-22 07:56 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
proposed glib patch (526 bytes, patch)
2013-07-19 07:00 UTC, Milan Crha 		committed Details | Review

Description Milan Crha 2013-07-19 06:58:25 UTC 
Moving this from a downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=986124

The compatibility function g_thread_create_full() can dereference NULL 'thread' variable, if the actual thread creation fails and returns NULL.

Core was generated by `/usr/libexec/evolution-addressbook-factory'.
Program terminated with signal 11, Segmentation fault.
0  g_thread_create_full (func=<optimized out>, data=<optimized out>, stack_size=stack_size@entry=0, joinable=0, bound=bound@entry=0, priority=priority@entry=G_THREAD_PRIORITY_LOW, error=0x0) at deprecated/gthread-deprecated.c:377
377	      thread->joinable = FALSE;

+ Trace 232268

Thread 1 (Thread 0x7fef05d4a700 (LWP 27569))

  • #0 g_thread_create_full
    at deprecated/gthread-deprecated.c line 377
  • #1 g_thread_create
    at deprecated/gthread-deprecated.c line 342
  • #2 ews_active_job_done
    at e-ews-connection.c line 466
  • #3 ews_response_cb
    at e-ews-connection.c line 585
  • #4 process_queue_item
    at soup-session-async.c line 274
  • #5 run_queue
    at soup-session-async.c line 310
  • #6 idle_run_queue
    at soup-session-async.c line 343
  • #7 idle_run_queue
    at soup-session-async.c line 328
  • #8 g_main_dispatch
    at gmain.c line 2715
  • #9 g_main_context_dispatch
    at gmain.c line 3219
  • #10 g_main_context_iterate
    at gmain.c line 3290
  • #11 g_main_loop_run
    at gmain.c line 3484
  • #12 e_ews_soup_thread
    at e-ews-connection.c line 1424
  • #13 g_thread_proxy
    at gthread.c line 797
  • #14 start_thread
    at pthread_create.c line 308
  • #15 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 114 






Comment 1


Milan Crha





          2013-07-19 07:00:21 UTC
        



Created attachment 249581 [details] [review]
proposed glib patch

One-liner, to not dereference the NULL pointer.






Comment 2


Matthias Clasen





          2013-07-19 13:25:44 UTC
        



Review of attachment 249581 [details] [review]:

Looks ok to me. It'll only delay the inevitable a little bit for you, but it is nicer return NULL than to segfault inside glib.






Comment 3


Milan Crha





          2013-07-22 07:55:58 UTC
        



Created commit 64041ca in glib master (2.37.5+)