Bug 702600

Summary: [abrt] polkit-0.101-6.fc15: expand_properties: Process /usr/libexec/polkit-1/polkitd was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Radek Novacek <rnovacek>
Component: polkitAssignee: David Zeuthen <davidz>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: davidz, mclasen, ovasik
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:9189ea9f9bfa7b8f22626707350e306cafd20f0f
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-04 09:39:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: dsos
none
File: maps
none
File: backtrace
none
Policy file with action that causes crash none

Description Radek Novacek 2011-05-06 10:09:06 UTC 
abrt version: 2.0.1
comment: This crash happens when I'm trying to authenticate action. IMHO polkitd should test if the result of polkit_action_description_get_message (called from line 1829 in polkitbackendinteractiveauthority.c) is NULL. It tries to iterate through the returned string in funtion expand_properties, which leads to SEGFAULT.
executable: /usr/libexec/polkit-1/polkitd
cmdline: /usr/libexec/polkit-1/polkitd
component: polkit
uid: 0
crash_function: expand_properties
kernel: 2.6.38.5-22.fc15.x86_64
architecture: x86_64
reason: Process /usr/libexec/polkit-1/polkitd was killed by signal 11 (SIGSEGV)
package: polkit-0.101-6.fc15
username: root
os_release: Fedora release 15 (Lovelock)
time: 1304667358
rating: 4

Binary file: coredump, 19177472 bytes
Text file: dsos, 4758 bytes
Text file: maps, 7487 bytes
Text file: backtrace, 72486 bytes

environ
-----
DBUS_STARTER_ADDRESS=systemd:,guid=3870e294cef3da40af26d73b00000013
DBUS_STARTER_BUS_TYPE=system

build_ids
-----
f7cbee207cff3d722ba99fd5bc99067724d9e1c1
2c35820baaea8571d8a8dc977f23cc7f629ddcb4
404116310d8673e393ba901722a96c3deeb7356a
9ef41f9ca0eabaf3a03dd77eb180e202ab4fe956
21ad5b8ca30ad4dbb2190cfd19b03c69958ad013
8bc1fd5e82867883904388142d7c9822544fb136
a22a12708374979fd036729b9685f1959b67deb8
a7158bee1dfaecfbd81d16bc6b31b082b0d5244a
685086f359feb667f15a0a31912dc0fc295ba250
21fc8fbde60da73f6470caf5552eaeb2610a2269
e5f626726497a81807681ed0088dbce6d6a1f17b
a68305835b0b790f438310c5117b2e9ff972248f
6e3ce20a172ec5ded5e7793864f790b74ebb961f
47239178b9bf55e8ac8f1193fcc76615d82d56f6
a69d0d7987b68ddabd066b5b438010155eb287bb
415dd94df0672c555dd4b2a4ef9dbf530694c82c
b3900bee00b584ef0bfe2adc2f9b9aed93870bc0
48aea888319e1848137073c9cbde54a4c2a731c9
Comment 1 Radek Novacek 2011-05-06 10:09:08 UTC 
Created attachment 497314 [details]
File: dsos
Comment 2 Radek Novacek 2011-05-06 10:09:11 UTC 
Created attachment 497315 [details]
File: maps
Comment 3 Radek Novacek 2011-05-06 10:09:14 UTC 
Created attachment 497316 [details]
File: backtrace
Comment 4 Radek Novacek 2011-05-06 10:10:45 UTC 
Created attachment 497318 [details]
Policy file with action that causes crash
Comment 5 Radek Novacek 2011-05-06 10:15:33 UTC 
When I add some message to the action definition in policy file, crash doesn't happened. But I think this issue still should be fixed.
Comment 6 Radek Novacek 2011-08-04 08:28:45 UTC 
Ping, any progress?
Comment 7 David Zeuthen 2011-08-04 09:39:10 UTC 
Fixed upstream and is in the 0.102 release which will hit Fedora eventually.

http://cgit.freedesktop.org/PolicyKit/commit/?id=675e4337d7f83ffaf9612cadf7f365c545c51243