! Please note that this is a snapshot of our old Bugzilla server, which is read only since May 29, 2020. Please go to gitlab.xfce.org for our new server !
Segfault after plugging in to a docking station
Status:
RESOLVED: FIXED
Priority:
Medium
Severity:
major
Product:
Xfce4-screensaver
Component:
General

Comments

Description Daniel Chabrowski 2019-10-29 17:47:34 CET 
Created attachment 9163 
Debug logs from xfce4-screensaver

Tested on xubuntu 19.10 and current master (ef74accfc7a421271027f999034a4ef88518867d)

Steps to reproduce:
1) Lock the screen when unplugged from the station
2) Dock the laptop in the station

Results:
Segmentation fault due to nullptr dereference, desktop unlocked.

Expected results:
Password prompt.

Additional information:
Program terminated with signal SIGSEGV, Segmentation fault.
986         gs_window_request_unlock (l->data);
(gdb) bt
#0  0x00005628362c2cc0 in on_display_monitor_added (display=0x5628369c80e0, monitor=0x562836dfc800, manager=0x562836a3f2c0) at gs-manager.c:986
#1  0x00007f525d160de3 in g_cclosure_marshal_VOID__OBJECTv () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#2  0x00007f525d15d936 in  () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#3  0x00007f525d17a36c in g_signal_emit_valist () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#4  0x00007f525d17a9b3 in g_signal_emit () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#5  0x00007f525d542fc8 in  () at /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
#6  0x00007f525d543d29 in  () at /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
#7  0x00007f525d544101 in  () at /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
#8  0x00007f525d535354 in  () at /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
#9  0x00007f525d53b889 in  () at /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
#10 0x00007f525d53b374 in  () at /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
#11 0x00007f525d503094 in gdk_display_get_event () at /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
#12 0x00007f525d53afe6 in  () at /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
#13 0x00007f525d07284d in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#14 0x00007f525d072ad0 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#15 0x00007f525d072dc3 in g_main_loop_run () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#16 0x00007f525d81cc2d in gtk_main () at /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#17 0x00005628362bd6ec in main (argc=<optimized out>, argv=<optimized out>) at xfce4-screensaver.c:118
Comment 1 Daniel Chabrowski 2019-10-29 18:09:28 CET 
For the record, it only happens when two (or more?) screens are connected to the docking station. Plugging in a screen directly to the laptop does not cause the issue, docking the laptop in the station with one screen also didn't cause segfault.
Comment 2 Daniel Chabrowski 2019-11-21 16:59:34 CET 
I did a little more digging and it seems that the bug was introduced in 2d8687b5. In my case manager_get_monitor_index returns 2 and that index is used in gs_manager_create_window_for_monitor to insert the window into the window list by g_slist_insert.

Docs for g_slist_insert:
position :the position to insert the element. If this is negative, or is larger than the number of elements in the list, the new element is added on to the end of the list.

Window ends up being added at index 1 and then later on g_slist_nth returns nullptr when we try to retrieve value at index 2 in on_display_monitor_added.
Comment 3 Michael Wyraz 2019-12-16 12:20:48 CET 
Same here, using extra/xfce4-screensaver 0.1.8-2 from archlinux.

Strace output is:

stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2298, ...}) = 0
write(2, "[window_show_cb] gs-manager.c:78"..., 72[window_show_cb] gs-manager.c:782 (11:55:37.549):	 Handling window show
) = 72
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2298, ...}) = 0
write(2, "[gs_job_set_command] gs-job.c:21"..., 83[gs_job_set_command] gs-job.c:219 (11:55:37.549):	 Setting command for job: 'NULL'
) = 83
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2298, ...}) = 0
write(2, "[add_dpms_timer] gs-manager.c:56"..., 115[add_dpms_timer] gs-manager.c:561 (11:55:37.549):	 Scheduling DPMS change after screensaver is idling for 5 minute
) = 115
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
+++ killed by SIGSEGV (core dumped) +++
Comment 4 Michael Wyraz 2019-12-16 12:21:38 CET 
IMO this is security relevant because it allows anyone to enforce unlocking by plugging 2 monitors at once.
Comment 5 Sean Davis editbugs 2020-03-22 11:39:49 CET 
Please test this in the latest git master. This issue should now be resolved.
Comment 6 Sean Davis editbugs 2020-03-23 00:51:01 CET 
Marking as resolved. This will be included in 0.1.9, due to be released momentarily.
Comment 7 Sean Davis editbugs 2020-03-23 00:52:37 CET 
*** Bug 15633 has been marked as a duplicate of this bug. ***
Comment 8 Daniel Chabrowski 2020-03-23 05:30:50 CET 
I no longer have the access to the docking station so I cannot confirm but thanks for fixing.

Bug #16102

Reported by:
Daniel Chabrowski
Reported on: 2019-10-29
Last modified on: 2020-03-23
Duplicates (1):
  • 15633 Stops working after system suspends and resumes

People

Assignee:
Sean Davis
CC List:
4 users

Version

Version:
0.1.8
Target Milestone:
---

Attachments

Debug logs from xfce4-screensaver (20.26 KB, text/plain)
2019-10-29 17:47 CET , Daniel Chabrowski 		no flags

Additional information