Bug#638871: g_dbus_connection_register_object does not set error on some conditions
Marcin Owsiany
porridge at debian.org
Mon Aug 22 15:15:16 UTC 2011
X-Debbugs-cc: libpanel-applet at packages.debian.org
Package: libglib2.0-0
Version: 2.28.6-1
The documentation for this function claims that the return value is 0
when "error" is set. However I have found a case where this is not true,
leading to a crash in libpanel-applet.
The code (in gnome-panel/libpanel-applet/panel-applet.c
panel_applet_register_object()) looks like this:
| applet->priv->object_id =
| g_dbus_connection_register_object (applet->priv->connection,
| applet->priv->object_path,
| introspection_data->interfaces[0],
| &interface_vtable,
| applet, NULL,
| &error);
| if (!applet->priv->object_id) {
| g_printerr ("Failed to register object %s: %s\n", applet->priv->object_path, error->message);
| g_error_free (error);
| }
And when an invalid object path is specified in the
applet->priv->object_path property, it leads to:
1) the following warning being issued:
(command_runner:1931): GLib-GIO-CRITICAL **:
g_dbus_connection_register_object: assertion `object_path != NULL &&
g_variant_is_object_path (object_path)' failed
and then:
2) Program received signal SIGSEGV, Segmentation fault.
0xb671726c in panel_applet_register_object (object=0x8536020)
at panel-applet.c:2457
At panel-applet.c:2457 error->message is being dereferenced. After
inspecting with gdb, I can see that:
- "error" is NULL
- applet->priv->object_id is 0
- applet->priv->object_path is an invalid (as far as
g_variant_is_object_path is concerned) string:
"/org/gnome/panel/applet/Id=CommandRunnetApplet/0"
--
Marcin Owsiany <porridge at debian.org> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
More information about the pkg-gnome-maintainers
mailing list