Bug 747865 – segfault when providing a NULL output to 'settings_set_display'

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 747865 - segfault when providing a NULL output to 'settings_set_display'


Summary:	segfault when providing a NULL output to 'settings_set_display'


Status:	RESOLVED DUPLICATE of bug 749844

Product:	gnome-settings-daemon
Classification:	Core
Component:	wacom
Version:	3.16.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Carlos Garnacho
QA Contact:	gnome-settings-daemon-maint

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2015-04-14 17:25 UTC by Jason Gerecke
Modified:	2015-06-25 21:08 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Proposed fix (1.50 KB, patch) 2015-04-14 17:30 UTC, Jason Gerecke	none	Details \| Review

Description Jason Gerecke 2015-04-14 17:25:01 UTC

If an input device is not associated with any output devices, the 'settings_set_display' function in 'plugins/common/gsd-device-mapper.c' tries to store an array of NULL strings into gsettings and segfaults. This can happen, for example, if a display-less Wacom tablet (e.g. Intuos) is connected to a multi-head system and is not mapped to a specific output.

See: https://bugs.archlinux.org/task/44548

Backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4f1df78 in g_bit_lock () from /usr/lib/libglib-2.0.so.0
(gdb) bt

+ Trace 234970

#0 g_bit_lock
from /usr/lib/libglib-2.0.so.0
#1 ??
from /usr/lib/libglib-2.0.so.0
#2 g_variant_serialiser_needed_size
from /usr/lib/libglib-2.0.so.0
#3 ??
from /usr/lib/libglib-2.0.so.0
#4 ??
from /usr/lib/libglib-2.0.so.0
#5 g_variant_serialiser_needed_size
from /usr/lib/libglib-2.0.so.0
#6 ??
from /usr/lib/libglib-2.0.so.0
#7 ??
from /usr/lib/libglib-2.0.so.0
#8 g_variant_serialiser_needed_size
from /usr/lib/libglib-2.0.so.0
#9 ??
from /usr/lib/libglib-2.0.so.0
#10 ??
from /usr/lib/libglib-2.0.so.0
#11 g_variant_serialiser_needed_size
from /usr/lib/libglib-2.0.so.0
#12 ??
from /usr/lib/libglib-2.0.so.0
#13 ??
from /usr/lib/libglib-2.0.so.0
#14 g_variant_serialiser_needed_size
from /usr/lib/libglib-2.0.so.0
#15 ??
from /usr/lib/libglib-2.0.so.0
#16 g_variant_get_size
from /usr/lib/libglib-2.0.so.0
#17 ??
from /usr/lib/gio/modules/libdconfsettings.so
#18 ??
from /usr/lib/gio/modules/libdconfsettings.so
#19 ??
from /usr/lib/gio/modules/libdconfsettings.so
#20 ??
from /usr/lib/gio/modules/libdconfsettings.so
#21 ??
from /usr/lib/libgio-2.0.so.0
#22 ??
from /usr/lib/libgio-2.0.so.0
#23 g_settings_set_value
from /usr/lib/libgio-2.0.so.0
#24 settings_set_display
at gsd-device-mapper.c line 384
#25 input_info_remap
at gsd-device-mapper.c line 557
#26 mapper_apply_helper_info
at gsd-device-mapper.c line 604
#27 mapper_recalculate_candidates
at gsd-device-mapper.c line 631
#28 _device_mapper_update_outputs
at gsd-device-mapper.c line 853
#29 on_rr_screen_ready
at gsd-device-mapper.c line 882
#30 ??
from /usr/lib/libgio-2.0.so.0
#31 ??
from /usr/lib/libgio-2.0.so.0
#32 ??
from /usr/lib/libgnome-desktop-3.so.10
#33 g_simple_async_result_complete
from /usr/lib/libgio-2.0.so.0
#34 ??
from /usr/lib/libgio-2.0.so.0
#35 g_main_context_dispatch
from /usr/lib/libglib-2.0.so.0
#36 ??
from /usr/lib/libglib-2.0.so.0
#37 g_main_loop_run
from /usr/lib/libglib-2.0.so.0
#38 gtk_main
from /usr/lib/libgtk-3.so.0
#39 main
at main.c line 427

Comment 1 Jason Gerecke 2015-04-14 17:30:42 UTC

Created attachment 301565 [details] [review]
Proposed fix

From my understanding of the code, passing NULL into 'settings_set_display' is valid and essentially means "no associated output". The Wacom plugin code that this is based on reset the array back to its default of ['', '', ''] for this no-output case. The attached patch calls 'g_settings_reset' to do this here as well.

Comment 2 Jason Gerecke 2015-06-25 21:08:22 UTC


*** This bug has been marked as a duplicate of bug 749844 ***