I've disassembled the offending library code and looking at the register
dump we can learn a little more....
Firstly, I now think the problem is *not* in
ply_event_loop_process_pending_events() - it's in
ply_event_loop_handle_timeouts(). The reason for the confusion is that
it appears that gcc has optimized ply_event_loop_handle_timeouts() by
inlining it into ply_event_loop_process_pending_events(). So, if we now
look at ply_event_loop_handle_timeouts(), we can see the code that's
causing plymouthd to die:
1216 while (node != NULL)
1217 {
1218 ply_list_node_t *next_node;
1219 ply_event_loop_timeout_watch_t *watch;
1220
1221 watch = (ply_event_loop_timeout_watch_t *) ply_list_node_get_data
(node);
1222 next_node = ply_list_get_next_node (loop->timeout_watches, node);
1223
1224 if (watch->timeout <= now) /* XXX: crash is triggered here */
1225 {
The offending line is 1224. In assembler this equates to:
test %ecx,0x4(%esi)
... where ecx=0x1 and esi = 0x0.
In pseudo-C-code though what is actually happening in plymouthd is:
if ( NULL->timeout <= 1)
So the problem is that the timeout watch is NULL. Looking at the C code
shows that no check is performed on 'watch' being NULL or not - it's
just blindly dereferenced which causes the SIGSEGV. However, I can't yet
see how watch is ever NULL, unless it's that pesky alloca causing
undefined behaviour maybe.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/849414
Title:
plymouthd crashed with SIGSEGV in
ply_event_loop_process_pending_events()
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/849414/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
