https://bugzilla.novell.com/show_bug.cgi?id=746973
https://bugzilla.novell.com/show_bug.cgi?id=746973#c2
--- Comment #2 from Jared Hudson 2012-02-14 15:02:31 CST ---
Both of these segfaults occur in e-calendar-factory when clicking on calendar
requests in my email inbox.
Program received signal SIGSEGV, Segmentation fault.
0x00007f82b76ddd3e in link_before (link=0x65b9b0, before_this_link=0x61ecf0,
list=
0x7fff72b9dbf8) at dbus-list.c:122
(gdb) bt
#0 0x00007f82b76ddd3e in link_before (link=0x65b9b0,
before_this_link=0x61ecf0, list=
0x7fff72b9dbf8) at dbus-list.c:122
#1 _dbus_list_prepend (list=0x7fff72b9dbf8, data=<optimized out>) at
dbus-list.c:290
#2 0x00007f82b76ddd79 in _dbus_list_append (list=0x7fff72b9dbf8,
data=<optimized out>)
at dbus-list.c:262
#3 0x00007f82b76cd182 in _dbus_validate_signature_with_reason
(type_str=<optimized out>,
type_pos=<optimized out>, len=<optimized out>) at
dbus-marshal-validate.c:224
#4 0x00007f82b76cd4b7 in validate_body_helper (reader=0x7fff72b9de00,
byte_order=108,
walk_reader_to_end=0, total_depth=3, p=0x65a82d "(s(ib)bsbb)", end=0x65b000
"", new_p=
0x7fff72b9ddb8) at dbus-marshal-validate.c:533
#5 0x00007f82b76cd8b8 in validate_body_helper (reader=0x7fff72b9df90,
byte_order=108,
walk_reader_to_end=1, total_depth=2, p=0x65a82c "\v(s(ib)bsbb)",
end=0x65b000 "", new_p=
0x7fff72b9df08) at dbus-marshal-validate.c:613
#6 0x00007f82b76cd84a in validate_body_helper (reader=0x7fff72b9e060,
byte_order=108,
walk_reader_to_end=0, total_depth=1, p=0x65a828 "\b\001g", end=0x65b000 "",
new_p=
0x7fff72b9e058) at dbus-marshal-validate.c:644
#7 0x00007f82b76cd8ff in validate_body_helper (reader=0x7fff72b9e190,
byte_order=108,
walk_reader_to_end=1, total_depth=0, p=0x65a828 "\b\001g", end=0x65b000 "",
new_p=
0x7fff72b9e1c8) at dbus-marshal-validate.c:494
#8 0x00007f82b76cdb89 in _dbus_validate_body_with_reason (
expected_signature=<optimized out>, expected_signature_start=<optimized
out>, byte_order=
108, bytes_remaining=0x7fff72b9e318, value_str=<optimized out>,
value_pos=0, len=2048)
at dbus-marshal-validate.c:731
#9 0x00007f82b76ca92b in _dbus_header_load (header=0x6220c8, mode=
DBUS_VALIDATION_MODE_DATA_IS_UNTRUSTED, validity=0x7fff72b9e3c4,
byte_order=108,
fields_array_len=63, header_len=80, body_len=140, str=0x61f1f8, start=0,
len=2048)
---Type <return> to continue, or q <return> to quit---
at dbus-marshal-header.c:1007
#10 0x00007f82b76d2780 in load_message (body_len=140, header_len=80,
fields_array_len=<optimized out>, byte_order=108, message=0x6220c0,
loader=0x61f1f0)
at dbus-message.c:3996
#11 _dbus_message_loader_queue_messages (loader=0x61f1f0) at
dbus-message.c:4197
#12 0x00007f82b76da4d7 in _dbus_transport_get_dispatch_status
(transport=0x61f020)
at dbus-transport.c:1103
#13 0x00007f82b76da613 in _dbus_transport_queue_messages (transport=0x61f020)
at dbus-transport.c:1130
#14 0x00007f82b76c2eb4 in _dbus_connection_get_dispatch_status_unlocked
(connection=0x61f710)
at dbus-connection.c:4183
#15 0x00007f82b76c39ce in dbus_connection_get_dispatch_status
(connection=0x61f710)
at dbus-connection.c:4314
#16 0x00007f82b7906723 in message_queue_prepare (source=<optimized out>,
timeout=<optimized out>) at dbus-gmain.c:71
#17 0x00007f82b9cd1b22 in g_main_context_prepare () from
/usr/lib64/libglib-2.0.so.0
#18 0x00007f82b9cd292d in ?? () from /usr/lib64/libglib-2.0.so.0
#19 0x00007f82b9cd32c2 in g_main_loop_run () from /usr/lib64/libglib-2.0.so.0
#20 0x0000000000403763 in main (argc=1, argv=0x7fff72b9e728) at
e-data-cal-factory.c:1097
(gdb) list
117 else
118 {
119 link->next = before_this_link;
120 link->prev = before_this_link->prev;
121 before_this_link->prev = link;
122 link->prev->next = link;
123
124 if (before_this_link == *list)
125 *list = link;
126 }
(gdb) p link
$1 = (DBusList *) 0x65b9b0
(gdb) p link->prev
$2 = (DBusList *) 0x61ed20
(gdb) p link->prev->next
$3 = (DBusList *) 0x0
(gdb) p before_this_link->prev
$4 = (DBusList *) 0x61ecd8
(gdb) p before_this_link->prev->prev
$5 = (DBusList *) 0x0
gdb) p before_this_link->prev->prev->next
Cannot access memory at address 0x8
It looks like according to before_this_link->prev->prev, link->prev was NULL so
it leads to reason that assigning link to link->prev->next on line 122 would
have failed when the kernel tried to dereference link->prev->next
I'll attach a corefile for this as well.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.