Bug#911697: at-spi2-core: causes SIGSEGV because of improper quoting of G_LOG_DOMAIN

Jan Nordholz j.nordholz at tu-berlin.de
Wed Oct 24 01:01:56 BST 2018 

reopen 911697
retitle 911697 at-spi2-core: varying levels of quote removal during meson build process mess up compilation of G_LOG_DOMAIN macro
severity 911697 serious
thanks

Hi,

your build fix actually made it worse: now G_LOG_DOMAIN works properly for
the gtkdoc-scangobj stuff, but the extra quotes cause literal integer values
to be inserted wherever you expected a string pointer in the library proper:

jcn at inti:/tmp$ objdump -d /usr/lib/x86_64-linux-gnu/libatspi.so.0.0.1 | grep -A1 696e6422
[...]
   11326:       bf 22 64 6e 69          mov    $0x696e6422,%edi
   1132b:       e8 60 ea ff ff          callq  fd90 <g_log at plt>
[...]

This causes crashes in all programs using libatspi, even if only the usual
"cannot find a11y bus" message is going to be printed.

Sample stacktrace of evince (note the value of "log_domain" appearing at frame #8):
=====
(gdb) bt
#0  0x00007ffff6e7b136 in __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
#1  0x00007ffff71c63f8 in g_string_insert_len (string=0x55555561a400, pos=-1, val=0x696e6422 <error: Cannot access memory at address 0x696e6422>, len=-1) at ../../../../glib/gstring.c:436
#2  0x00007ffff71ab2a5 in g_log_writer_format_fields (log_level=log_level at entry=G_LOG_LEVEL_WARNING, fields=fields at entry=0x7fffffffd240, n_fields=n_fields at entry=4, use_color=1) at ../../../../glib/gmessages.c:2271
#3  0x00007ffff71ac1ae in g_log_writer_standard_streams (log_level=log_level at entry=G_LOG_LEVEL_WARNING, fields=fields at entry=0x7fffffffd240, n_fields=n_fields at entry=4, user_data=user_data at entry=0x0) at ../../../../glib/gmessages.c:2562
#4  0x00007ffff71ac2b2 in g_log_writer_default (log_level=log_level at entry=G_LOG_LEVEL_WARNING, fields=fields at entry=0x7fffffffd240, n_fields=n_fields at entry=4, user_data=user_data at entry=0x0) at ../../../../glib/gmessages.c:2666
#5  0x00007ffff71aa657 in g_log_structured_array (log_level=G_LOG_LEVEL_WARNING, fields=0x7fffffffd240, n_fields=4)
    at ../../../../glib/gmessages.c:1923
#6  0x00007ffff71aaa9d in g_log_default_handler (log_domain=log_domain at entry=0x696e6422 <error: Cannot access memory at address 0x696e6422>, log_level=log_level at entry=G_LOG_LEVEL_WARNING, message=message at entry=0x55555564c960 "Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files", unused_data=unused_data at entry=0x0) at ../../../../glib/gmessages.c:3111
#7  0x00007ffff71aacef in g_logv (log_domain=0x696e6422 <error: Cannot access memory at address 0x696e6422>, log_level=G_LOG_LEVEL_WARNING, format=<optimized out>, args=args at entry=0x7fffffffd380) at ../../../../glib/gmessages.c:1350
#8  0x00007ffff71aaedf in g_log (log_domain=log_domain at entry=0x696e6422 <error: Cannot access memory at address 0x696e6422>, log_level=log_level at entry=G_LOG_LEVEL_WARNING, format=format at entry=0x7ffff3ef2c38 "Error retrieving accessibility bus address: %s: %s")
    at ../../../../glib/gmessages.c:1413
#9  0x00007ffff3ee6342 in get_accessibility_bus_address_dbus () at ../atspi/atspi-misc.c:1533
=====

Suggesting a patch is beyond me though, I won't touch ninja/meson stuff. ;)


Jan

More information about the Pkg-a11y-devel mailing list