Bug 166349

Summary: Rawhide evince crashes on startup with DBus registration problem
Product: [Fedora] Fedora Reporter: Dave Malcolm <dmalcolm>
Component: dbusAssignee: John (J5) Palmieri <johnp>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: jkeck, oliva, sangu.fedora
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-08-19 20:41:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Dave Malcolm 2005-08-19 17:08:41 UTC
Rawhide evince crashes on startup; on investigation appears to be a crash in
dbus-glib code:

evince-0.3.4-1
dbus-0.35.2-1
dbus-glib-0.35.2-1
poppler-0.4.0-2

(gdb) bt
#0  0x00d2200f in dbus_g_connection_register_g_object (connection=0x9e5b23c, 
    at_path=0x8099179 "/org/gnome/evince/Evince", object=0x9e3eeb8)
    at dbus-gobject.c:1433
#1  0x0805e71f in ev_application_register_service ()
#2  0x080797b6 in main ()

static void
export_signals (DBusGConnection *connection, const DBusGObjectInfo *info,
GObject *object)
{
  GType gtype;
  const char *sigdata;
  const char *iface;
  const char *signame;

  gtype = G_TYPE_FROM_INSTANCE (object);

  sigdata = info->exported_signals;
  
  while (*sigdata != '\0')

Crash appears to be reading through a bogus sigdata in the while loop, though my
debuginfo is too optimised for me to be sure.

info appears to have this value, retreived by lookup_object_info:
(gdb) p *$3
$5 = {format_version = 0, method_infos = 0x8098fe0, n_method_infos = 2, 
  data = 0x8098f60 "org.gnome.evince.Application", exported_signals = 0x0, 
  exported_properties = 0x0}

So the export_signals code appears not to handle this NULL case.

Don't know whether it's an evince or an underlying DBus bug though (is
exported_signals allowed to be NULL)

Comment 1 Dave Malcolm 2005-08-19 17:56:14 UTC
*** Bug 166264 has been marked as a duplicate of this bug. ***

Comment 2 Dave Malcolm 2005-08-19 18:21:11 UTC
Duplicate of bug filed here: http://bugzilla.gnome.org/show_bug.cgi?id=313724

Comment 3 Kristian Høgsberg 2005-08-19 20:41:50 UTC
Fixed in rawhide.