** Description changed: app_indicator_init() in app-indicator.c calls g_bus_get() before setting self->priv. This creates a race condition where the bus_creation() callback can execute while self->priv still contains garbage. Suggested fix is to set self->priv before calling g_bus_get(). diff -ruN libappindicator-0.4.92/src/app-indicator.c libappindicator-0.4.92.new/src/app-indicator.c --- libappindicator-0.4.92/src/app-indicator.c 2012-03-21 11:11:43.967367303 -0700 +++ libappindicator-0.4.92.new/src/app-indicator.c 2013-02-07 13:51:54.773720789 -0800 @@ -611,6 +611,8 @@ - priv->sec_activate_target = NULL; - priv->sec_activate_enabled = FALSE; - + priv->sec_activate_target = NULL; + priv->sec_activate_enabled = FALSE; + + self->priv = priv; // Needs to be set BEFORE calling g_bus_get so our handler can read it. + - /* Start getting the session bus */ - g_object_ref(self); /* ref for the bus creation callback */ - g_bus_get(G_BUS_TYPE_SESSION, NULL, bus_creation, self); + /* Start getting the session bus */ + g_object_ref(self); /* ref for the bus creation callback */ + g_bus_get(G_BUS_TYPE_SESSION, NULL, bus_creation, self); @@ -618,8 +620,6 @@ - g_signal_connect(G_OBJECT(gtk_icon_theme_get_default()), - "changed", G_CALLBACK(theme_changed_cb), self); - + g_signal_connect(G_OBJECT(gtk_icon_theme_get_default()), + "changed", G_CALLBACK(theme_changed_cb), self); + - self->priv = priv; - - return; - } + return; + } ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: libappindicator1 (not installed) ProcVersionSignature: Ubuntu 3.2.0-32.51-generic 3.2.30 Uname: Linux 3.2.0-32-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.0.1-0ubuntu17.1 Architecture: amd64 Date: Mon Feb 11 17:20:25 2013 InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 (20121016) MarkForUpload: True ProcEnviron: - LC_CTYPE=en_US.UTF-8 - TERM=xterm - PATH=(custom, no user) - LANG=en_US.UTF-8 - SHELL=/bin/zsh + LC_CTYPE=en_US.UTF-8 + TERM=xterm + PATH=(custom, no user) + LANG=en_US.UTF-8 + SHELL=/bin/zsh SourcePackage: libappindicator UpgradeStatus: No upgrade log present (probably fresh install) + + [Impact] + This bug was the #2 cause of crashes in the Steam client. I believe this meets the SRU criteria: "Bugs which do not fit under above categories, but (1) have an obviously safe patch and (2) affect an application rather than critical infrastructure packages (like X.org or the kernel)." + + [Test Case] + As this is a race condition it is difficult to reproduce. However we have many crashdumps with a SIGSEGV referencing a garbage self->priv pointer in bus_creation(). After applying this fix, the crashes stopped. + + [Regression Potential] + Low
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1122596 Title: Race condition in app_indicator_init() causes application crash To manage notifications about this bug go to: https://bugs.launchpad.net/libappindicator/+bug/1122596/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
