from what i can see we have:
static void
nm_supplicant_info_set_call (NMSupplicantInfo *info, DBusGProxyCall *call)
{
if (call) {
nm_call_store_add (info->store, G_OBJECT (info->proxy),
(gpointer) call);
info->call = call;
}
}
which overwrites any preexisting info->call without cancelling any previously
added still running call. In consequence calls already running won't be
cancelled on destroy of NMSupplicantInfo.
This eventually causes a callback bumping into on the freed
NMSupplicantInfo and crashes, e.g.
#11 0xb7e40e41 in _dbus_pending_call_complete (pending=0x81ef5d0) at
dbus-pending-call.c:198
user_data = (void *) 0x40
Solution might be to use a GSList *calls in SupplicantInfo to track the
calls and cancel all in nm_supplicant_info_destroy.
** Changed in: network-manager (Ubuntu)
Status: New => Triaged
** Visibility changed to: Public
** Summary changed:
- NetworkManager crashed with SIGSEGV in g_str_hash()
+ MASTER NetworkManager crashed with SIGSEGV in g_str_hash()
** Changed in: network-manager (Ubuntu)
Importance: Medium => High
--
MASTER NetworkManager crashed with SIGSEGV in g_str_hash()
https://bugs.launchpad.net/bugs/263392
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
