! Please note that this is a snapshot of our old Bugzilla server, which is read only since May 29, 2020. Please go to gitlab.xfce.org for our new server !
xfce4-settings-helper segfaults
Status:
RESOLVED: DUPLICATE
Priority:
Medium
Severity:
normal
Product:
Xfce4-settings
Component:
Settings Helper

Comments

Description David Mohr 2009-01-16 02:21:02 CET 
xfce4-settings-helper segfaults on my machine (i386).

Backtrace:
(gdb) bt
#0  0xb777d38b in strlen () from /lib/i686/cmov/libc.so.6
#1  0x0804ee30 in xfce_workspaces_helper_set_names_prop (helper=<value optimized out>, screen=0x865e2d8, names=0x8680350) at workspaces.c:162
#2  0x0804f217 in xfce_workspaces_helper_init (helper=0x8644338) at workspaces.c:121
#3  0xb795a873 in IA__g_type_create_instance (type=140992144) at /tmp/buildd/glib2.0-2.16.6/gobject/gtype.c:1575
#4  0xb7940085 in g_object_constructor (type=140992144, n_construct_properties=0, construct_params=0x0) at /tmp/buildd/glib2.0-2.16.6/gobject/gobject.c:1046
#5  0xb79408b6 in IA__g_object_newv (object_type=140992144, n_parameters=0, parameters=0x0) at /tmp/buildd/glib2.0-2.16.6/gobject/gobject.c:937
#6  0xb794148e in IA__g_object_new_valist (object_type=140992144, first_property_name=0x0, var_args=0xbfc9ea18 "") at /tmp/buildd/glib2.0-2.16.6/gobject/gobject.c:986
#7  0xb79415fe in IA__g_object_new (object_type=140992144, first_property_name=0x0) at /tmp/buildd/glib2.0-2.16.6/gobject/gobject.c:795
#8  0x0804bac2 in main (argc=1, argv=0xbfc9eb44) at main.c:315

gdb tells me something funny is happening to names:
(gdb) print names
$1 = (gchar **) 0x8680350
(gdb) print names[i]
No symbol "i" in current context.
(gdb) print names[0]
$2 = (gchar *) 0x1 <Address 0x1 out of bounds>
Comment 1 David Mohr 2009-01-16 02:40:54 CET 
Created attachment 2084 
Patch to fix the segfault when there is more than one screen

The problem is that char * names is freed at the end of the loop. So if there is more than one screen, it will access invalid memory the next time around.

I don't know if the correct solution is to keep the value of names from before the loop, or just to set it to null (as the patch does), since I don't use workspaces.
Comment 2 David Mohr 2009-01-16 02:42:32 CET 
I forgot to mention, the problem is in xfce_workspaces_helper_init (xfce4-settings-helper/workspaces.c:76 in beta3).
Comment 3 Stephan Arts editbugs 2009-01-19 19:36:10 CET 
I think I fixed it in revision 29278, could you check?
Comment 4 Brian J. Tarricone (not reading bugmail) 2009-01-19 20:12:01 CET 
Hmm, I'm not sure I like that fix, since the names list gets modified in the loop... but I guess it's ok for now.
Comment 5 Nick Schermer editbugs 2009-01-27 06:08:44 CET 

*** This bug has been marked as a duplicate of bug 4853 ***

Bug #4813

Reported by:
David Mohr
Reported on: 2009-01-16
Last modified on: 2009-07-14

People

Assignee:
Stephan Arts
CC List:
2 users

Version

Version:
4.6.0
Target Milestone:
Xfce 4.6

Attachments

Patch to fix the segfault when there is more than one screen (356 bytes, patch)
2009-01-16 02:40 CET , David Mohr 		no flags

Additional information