Bug 449208

Summary: nm-applet crashes when clicking on "connection information"
Product: [Fedora] Fedora Reporter: Pavel Polischouk <pavel.polischouk>
Component: NetworkManagerAssignee: Dan Williams <dcbw>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 9CC: dcbw, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-11-02 22:06:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Detailed failure stack trace after stepping through the code
none
valgrind error report when clicking "connection information". none

Description Pavel Polischouk 2008-05-31 10:35:25 UTC 
Description of problem:
nm-applet segfaults when the user clicks on "connection information" menu option.

Version-Release number of selected component (if applicable):

NetworkManager-gnome-0.7.0-0.9.3.svn3623.fc9.i386
gtk2-2.12.9-5.fc9.i386
pango-1.20.1-1.fc9.i386
glibc-2.8-3.i686
glib2-2.16.3-5.fc9.i386

How reproducible:
Always

Steps to Reproduce:
1. Right-click on NM icon
2. Select "Connection Information"
  
Actual results:

Program received signal SIGSEGV, Segmentation fault.
0x00ac7053 in malloc_consolidate () from /lib/libc.so.6
(gdb) where
#0  0x00ac7053 in malloc_consolidate () from /lib/libc.so.6
#1  0x00ac8e1d in _int_malloc () from /lib/libc.so.6
#2  0x00acac55 in malloc () from /lib/libc.so.6
#3  0x001504b4 in g_malloc () from /lib/libglib-2.0.so.0
#4  0x00167013 in g_slice_alloc () from /lib/libglib-2.0.so.0
#5  0x00512c89 in pango_script_iter_new () from /usr/lib/libpango-1.0.so.0
#6  0x00500457 in ?? () from /usr/lib/libpango-1.0.so.0
#7  0x005014d8 in pango_itemize_with_base_dir () from /usr/lib/libpango-1.0.so.0
#8  0x00509cb9 in ?? () from /usr/lib/libpango-1.0.so.0
#9  0x0050b1bb in ?? () from /usr/lib/libpango-1.0.so.0
#10 0x07b687a7 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#11 0xbfd0adec in ?? ()
#12 0x00000000 in ?? ()

Expected results:
Crash shouldn't happen

Additional info:
Comment 1 Pavel Polischouk 2008-05-31 11:03:47 UTC 
Created attachment 307267 [details]
Detailed failure stack trace after stepping through the code

After stepping through the failing code with gdb, I got a different stack
trace, attached.
Comment 2 Dan Williams 2008-06-02 21:04:00 UTC 
Looks like memory corruption actually; could you run the applet through valgrind
and then click on Connection Information and attach the valgrind output?
Comment 3 Pavel Polischouk 2008-06-03 01:26:56 UTC 
Created attachment 308175 [details]
valgrind error report when clicking "connection information".

It's an invalid free(). When running under valgrind the crash didn't happen -
probably valgrind prevented the actual freeing wrong memory from happening, the
dialog opened properly.
Comment 4 Dan Williams 2008-06-03 16:55:49 UTC 
Nice catch and thanks!! for the valgrind log.  Should be fixed in an update to
NM since that code has been changed since svn3623 and as a side-effect the bug
has been removed.  The commit went in after what's in f9-updates-testing
(svn3675 I believe) so it won't be fixed there yet.
Comment 5 Dan Williams 2008-11-02 22:06:46 UTC 
Please test with latest NM updates (svn4022 or later), thanks!