Bug 205731

Summary: gam_server segfault in gam_queue_event
Product: [Fedora] Fedora Reporter: Denis Leroy <denis>
Component: gaminAssignee: Alexander Larsson <alexl>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: john
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-08 12:51:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 150224    
Attachments:
Description Flags
Core file from /usr/libexec/gam_server none

Description Denis Leroy 2006-09-08 09:12:10 UTC 
On my freshly updated Rawhide VM, found attached core file from
/usr/libexec/gam_server. This is gamin 0.1.7-6.fc6.

(gdb) bt
#0  0x08050eda in gam_queue_event (conn=0x1, reqno=7, event=32, 
    path=0x8bb8368 "fedora-soundconverter.desktop;45012a5b", len=38) at
gam_connection.c:631
#1  0x0804b3b9 in gam_server_emit_one_event (
    path=0x8bb8350
"/usr/share/applications/fedora-soundconverter.desktop;45012a5b", 
    node_is_dir=1, event=GAMIN_EVENT_CREATED, sub=0x8bb0ec0, force=1) at
gam_server.c:346
#2  0x08052a47 in gam_inotify_event_callback (
    fullpath=0x8bb8350
"/usr/share/applications/fedora-soundconverter.desktop;45012a5b", mask=256, 
    subdata=0x8bb0ec0) at gam_inotify.c:135
#3  0x08053310 in ih_event_callback (event=0x8bb5340, sub=0x8bb0e50) at
inotify-helper.c:213
#4  0x08055433 in ip_event_dispatch (dir_list=0x8bae520, pair_dir_list=0x0,
event=0x8bb5340)
    at inotify-path.c:325
#5  0x080555a3 in ip_event_callback (event=0x8bb5340) at inotify-path.c:375
#6  0x08054563 in ik_process_eq_callback (user_data=0x0) at inotify-kernel.c:673
#7  0x0093c916 in g_source_get_current_time () from /lib/libglib-2.0.so.0
#8  0x0093c342 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#9  0x0093f31f in g_main_context_check () from /lib/libglib-2.0.so.0
#10 0x0093f6c9 in g_main_loop_run () from /lib/libglib-2.0.so.0
#11 0x0804bafd in main (argc=1, argv=0xbfe1ee24) at gam_server.c:647
#12 0x0077ff2c in __libc_start_main () from /lib/libc.so.6
#13 0x0804a311 in _start ()

The path argument ("soundconverter.desktop") was from a built RPM I was
installing at the time. Will try to reproduce and post more info.
Comment 1 Denis Leroy 2006-09-08 09:12:10 UTC 
Created attachment 135831 [details]
Core file from /usr/libexec/gam_server
Comment 2 Alexander Larsson 2006-09-08 11:19:51 UTC 
Seems inotify related. John, got any idea about this one?
Comment 3 Alexander Larsson 2006-09-08 11:22:10 UTC 
It fails on the line:
	g_assert (conn->eq);

But it doesn't actually call into the assert, so i guess the problem is
dereferenceing conn. Maybe we can actually believe the conn=0x1 part from gdb.
Comment 4 Alexander Larsson 2006-09-08 11:25:48 UTC 
Actually, it seems like sub->listener points to some bogus memory area in
gam_server_emit_one_event(). (Although sub itself seems to be ok):
Comment 5 Alexander Larsson 2006-09-08 11:59:36 UTC 
running gam_server in valgrind immediately turned up this:
 static
 gchar *ih_sub_get_filename (gchar *pathname)
 {
-       gchar *out;
-       // FIXME: return filename here
-       return out;
+       return g_path_get_basename (pathname);
 }

I dunno if that is the cause of the problem though.
Comment 6 Alexander Larsson 2006-09-08 12:51:41 UTC 
There were some other bugs too. I fixed them in upstream cvs and in
gamin-0.1.7-7.fc6.
Comment 7 Alexander Larsson 2006-09-08 12:54:23 UTC 
This fixed a lot more of the gamin test suite too...
Comment 8 Denis Leroy 2006-09-08 12:57:59 UTC 
Thanks for the quick response.
Comment 9 John McCutchan 2006-09-08 15:51:55 UTC 
Wow, I totally missed that when I committed. Thanks for the quick fix!