After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 784339 - Valgrind reports error for gnome-session
Valgrind reports error for gnome-session
Status: RESOLVED FIXED
Product: gnome-session
Classification: Core
Component: general
git master
Other Linux
: Normal normal
: ---
Assigned To: Session Maintainers
Session Maintainers
Depends on:
Blocks:
 
 
Reported: 2017-06-29 14:06 UTC by Tomas Popela
Modified: 2017-06-29 17:15 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
0001-Fix-use-of-uninitialised-variable-in-get_session_key.patch (1.75 KB, patch)
2017-06-29 14:07 UTC, Tomas Popela
committed Details | Review
0002-Fix-use-after-free-in-initialize_gio.patch (861 bytes, patch)
2017-06-29 14:08 UTC, Tomas Popela
committed Details | Review

Description Tomas Popela 2017-06-29 14:06:57 UTC
==1223== Invalid read of size 1
==1223==    at 0x4C36D46: setenv (vg_replace_strmem.c:2040)
==1223==    by 0x820F32A: g_setenv (genviron.c:288)
==1223==    by 0x114D61: initialize_gio (main.c:261)
==1223==    by 0x114D61: main (main.c:305)
==1223==  Address 0xfdfe5f0 is 0 bytes inside a block of size 6 free'd
==1223==    at 0x4C2FD18: free (vg_replace_malloc.c:530)
==1223==    by 0x8229B4D: g_free (gmem.c:189)
==1223==    by 0x114D44: initialize_gio (main.c:255)
==1223==    by 0x114D44: main (main.c:305)
==1223==  Block was alloc'd at
==1223==    at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
==1223==    by 0x8229A38: g_malloc (gmem.c:94)
==1223==    by 0x8242F6E: g_strdup (gstrfuncs.c:363)
==1223==    by 0x114CE7: initialize_gio (main.c:247)
==1223==    by 0x114CE7: main (main.c:305)
==1223== 
==1223== Invalid read of size 1
==1223==    at 0x4C36D54: setenv (vg_replace_strmem.c:2040)
==1223==    by 0x820F32A: g_setenv (genviron.c:288)
==1223==    by 0x114D61: initialize_gio (main.c:261)
==1223==    by 0x114D61: main (main.c:305)
==1223==  Address 0xfdfe5f1 is 1 bytes inside a block of size 6 free'd
==1223==    at 0x4C2FD18: free (vg_replace_malloc.c:530)
==1223==    by 0x8229B4D: g_free (gmem.c:189)
==1223==    by 0x114D44: initialize_gio (main.c:255)
==1223==    by 0x114D44: main (main.c:305)
==1223==  Block was alloc'd at
==1223==    at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
==1223==    by 0x8229A38: g_malloc (gmem.c:94)
==1223==    by 0x8242F6E: g_strdup (gstrfuncs.c:363)
==1223==    by 0x114CE7: initialize_gio (main.c:247)
==1223==    by 0x114CE7: main (main.c:305)
==1223== 
==1223== Invalid read of size 1
==1223==    at 0x4C31B82: strlen (vg_replace_strmem.c:458)
==1223==    by 0x85276C8: __add_to_environ (setenv.c:131)
==1223==    by 0x4C36E0F: setenv (vg_replace_strmem.c:2043)
==1223==    by 0x820F32A: g_setenv (genviron.c:288)
==1223==    by 0x114D61: initialize_gio (main.c:261)
==1223==    by 0x114D61: main (main.c:305)
==1223==  Address 0xfdfe5f0 is 0 bytes inside a block of size 6 free'd
==1223==    at 0x4C2FD18: free (vg_replace_malloc.c:530)
==1223==    by 0x8229B4D: g_free (gmem.c:189)
==1223==    by 0x114D44: initialize_gio (main.c:255)
==1223==    by 0x114D44: main (main.c:305)
==1223==  Block was alloc'd at
==1223==    at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
==1223==    by 0x8229A38: g_malloc (gmem.c:94)
==1223==    by 0x8242F6E: g_strdup (gstrfuncs.c:363)
==1223==    by 0x114CE7: initialize_gio (main.c:247)
==1223==    by 0x114CE7: main (main.c:305)
==1223== 
==1223== Invalid read of size 1
==1223==    at 0x4C31B94: strlen (vg_replace_strmem.c:458)
==1223==    by 0x85276C8: __add_to_environ (setenv.c:131)
==1223==    by 0x4C36E0F: setenv (vg_replace_strmem.c:2043)
==1223==    by 0x820F32A: g_setenv (genviron.c:288)
==1223==    by 0x114D61: initialize_gio (main.c:261)
==1223==    by 0x114D61: main (main.c:305)
==1223==  Address 0xfdfe5f1 is 1 bytes inside a block of size 6 free'd
==1223==    at 0x4C2FD18: free (vg_replace_malloc.c:530)
==1223==    by 0x8229B4D: g_free (gmem.c:189)
==1223==    by 0x114D44: initialize_gio (main.c:255)
==1223==    by 0x114D44: main (main.c:305)
==1223==  Block was alloc'd at
==1223==    at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
==1223==    by 0x8229A38: g_malloc (gmem.c:94)
==1223==    by 0x8242F6E: g_strdup (gstrfuncs.c:363)
==1223==    by 0x114CE7: initialize_gio (main.c:247)
==1223==    by 0x114CE7: main (main.c:305)
==1223== 
==1223== Invalid read of size 1
==1223==    at 0x4C361F8: __GI_mempcpy (vg_replace_strmem.c:1525)
==1223==    by 0x852773D: __add_to_environ (setenv.c:197)
==1223==    by 0x4C36E0F: setenv (vg_replace_strmem.c:2043)
==1223==    by 0x820F32A: g_setenv (genviron.c:288)
==1223==    by 0x114D61: initialize_gio (main.c:261)
==1223==    by 0x114D61: main (main.c:305)
==1223==  Address 0xfdfe5f5 is 5 bytes inside a block of size 6 free'd
==1223==    at 0x4C2FD18: free (vg_replace_malloc.c:530)
==1223==    by 0x8229B4D: g_free (gmem.c:189)
==1223==    by 0x114D44: initialize_gio (main.c:255)
==1223==    by 0x114D44: main (main.c:305)
==1223==  Block was alloc'd at
==1223==    at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
==1223==    by 0x8229A38: g_malloc (gmem.c:94)
==1223==    by 0x8242F6E: g_strdup (gstrfuncs.c:363)
==1223==    by 0x114CE7: initialize_gio (main.c:247)
==1223==    by 0x114CE7: main (main.c:305)
==1223== 
==1223== Invalid read of size 1
==1223==    at 0x4C3620A: __GI_mempcpy (vg_replace_strmem.c:1525)
==1223==    by 0x852773D: __add_to_environ (setenv.c:197)
==1223==    by 0x4C36E0F: setenv (vg_replace_strmem.c:2043)
==1223==    by 0x820F32A: g_setenv (genviron.c:288)
==1223==    by 0x114D61: initialize_gio (main.c:261)
==1223==    by 0x114D61: main (main.c:305)
==1223==  Address 0xfdfe5f3 is 3 bytes inside a block of size 6 free'd
==1223==    at 0x4C2FD18: free (vg_replace_malloc.c:530)
==1223==    by 0x8229B4D: g_free (gmem.c:189)
==1223==    by 0x114D44: initialize_gio (main.c:255)
==1223==    by 0x114D44: main (main.c:305)
==1223==  Block was alloc'd at
==1223==    at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
==1223==    by 0x8229A38: g_malloc (gmem.c:94)
==1223==    by 0x8242F6E: g_strdup (gstrfuncs.c:363)
==1223==    by 0x114CE7: initialize_gio (main.c:247)
==1223==    by 0x114CE7: main (main.c:305)
==1223== 
==1223== Conditional jump or move depends on uninitialised value(s)
==1223==    at 0x13742D: get_session_keyfile_if_valid (gsm-session-fill.c:179)
==1223==    by 0x13742D: find_valid_session_keyfile (gsm-session-fill.c:234)
==1223==    by 0x13742D: get_session_keyfile (gsm-session-fill.c:263)
==1223==    by 0x1377D0: gsm_session_fill (gsm-session-fill.c:323)
==1223==    by 0x12F6F2: create_manager (main.c:154)
==1223==    by 0x12F6F2: on_bus_acquired (main.c:166)
==1223==    by 0x7CB3333: connection_get_cb (gdbusnameowning.c:480)
==1223==    by 0x7C77533: g_task_return_now (gtask.c:1145)
==1223==    by 0x7C77F55: g_task_return (gtask.c:1203)
==1223==    by 0x7CA5FB1: bus_get_async_initable_cb (gdbusconnection.c:7303)
==1223==    by 0x7C77533: g_task_return_now (gtask.c:1145)
==1223==    by 0x7C77568: complete_in_idle_cb (gtask.c:1159)
==1223==    by 0x8220C26: g_idle_dispatch (gmain.c:5586)
==1223==    by 0x8224246: g_main_dispatch (gmain.c:3234)
==1223==    by 0x8224246: g_main_context_dispatch (gmain.c:3899)
==1223==    by 0x82245E7: g_main_context_iterate.isra.25 (gmain.c:3972)
==1223==
Comment 1 Tomas Popela 2017-06-29 14:07:55 UTC
Created attachment 354687 [details] [review]
0001-Fix-use-of-uninitialised-variable-in-get_session_key.patch
Comment 2 Tomas Popela 2017-06-29 14:08:30 UTC
Created attachment 354688 [details] [review]
0002-Fix-use-after-free-in-initialize_gio.patch
Comment 3 Ray Strode [halfline] 2017-06-29 14:25:59 UTC
Thanks, both seem obviously right!
Comment 4 Debarshi Ray 2017-06-29 15:59:09 UTC
Shouldn't these be backported to at least gnome-3-24?
Comment 5 Ray Strode [halfline] 2017-06-29 17:15:36 UTC
yea i probably should do a 3.24.2 with various accumulated fixed