Bug 422981

Summary: A signal handler can destroy uninitialized object
Product: Red Hat Enterprise Linux 5 Reporter: Masatake YAMATO <yamato>
Component: scimAssignee: Jens Petersen <petersen>
Status: CLOSED DUPLICATE QA Contact: QE Internationalization Bugs <qe-i18n-bugs>
Severity: low Docs Contact:
Priority: low    
Version: 5.0CC: tumeya
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-12-14 06:13:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
A patch fixing the issue. none

Description Masatake YAMATO 2007-12-13 08:56:15 UTC 
Description of problem:

I couldn't the way to reproduce the problem in my hand but
during the code reviewing on scim, I found lines potentially causing a bug.

scim-panel-gtk sets a signal which destroys _panel_agent object.  This
itself is o.k. However, when setting the handler, the object is not
initizlied. This is a bit dangerous: if a signal is received before
initializing the object, the signal handler may run the detructor on
uninitialized object.

The signal handler should check the object is initizlied or not 
before running the destructor.

Version-Release number of selected component (if applicable):

scim-1.4.4-20060716

How reproducible:

By reading source code, sorry.

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:


See scim-1.4.4-20060716/extras/panel/scim_panel_gtk.cpp:
------------------------------------------------------------------------
    signal(SIGQUIT, signalhandler);
    signal(SIGTERM, signalhandler);
    signal(SIGINT,  signalhandler);
    signal(SIGHUP,  signalhandler);

    gtk_init (&new_argc, &new_argv);

    ui_initialize ();

    // get current display.
    {
#if GDK_MULTIHEAD_SAFE
        const char *p = gdk_display_get_name (gdk_display_get_default ());
#else
        const char *p = getenv ("DISPLAY");
#endif
        if (p) display_name = String (p);
    }

    if (!initialize_panel_agent (config_name, display_name, should_resident)) {

------------------------------------------------------------------------

signalhandler calls "stop" method of _panel_agent. 
Howerver, _panel_agent is NULL unitil initialize_panel_agent
function is called. (I called this stop method "destructor" in 
the above description of  problem.)
Comment 1 Masatake YAMATO 2007-12-13 08:56:15 UTC 
Created attachment 286991 [details]
A patch fixing the issue.
Comment 2 Peng Huang 2007-12-14 06:13:29 UTC 

*** This bug has been marked as a duplicate of 246129 ***
Comment 3 Jens Petersen 2008-02-07 01:30:23 UTC 
Thanks, Yamato-san, for this valuable information.