Bug 449208 - nm-applet crashes when clicking on "connection information"
Summary: nm-applet crashes when clicking on "connection information"
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager
Version: 9
Hardware: i386
OS: Linux
low
high
Target Milestone: ---
Assignee: Dan Williams
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-05-31 10:35 UTC by Pavel Polischouk
Modified: 2008-11-02 22:06 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-11-02 22:06:46 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
Detailed failure stack trace after stepping through the code (18.37 KB, text/plain)
2008-05-31 11:03 UTC, Pavel Polischouk 		no flags Details
valgrind error report when clicking "connection information". (1.66 KB, text/plain)
2008-06-03 01:26 UTC, Pavel Polischouk 		no flags Details
View All

Description Pavel Polischouk 2008-05-31 10:35:25 UTC 
Description of problem:
nm-applet segfaults when the user clicks on "connection information" menu option.

Version-Release number of selected component (if applicable):

NetworkManager-gnome-0.7.0-0.9.3.svn3623.fc9.i386
gtk2-2.12.9-5.fc9.i386
pango-1.20.1-1.fc9.i386
glibc-2.8-3.i686
glib2-2.16.3-5.fc9.i386

How reproducible:
Always

Steps to Reproduce:
1. Right-click on NM icon
2. Select "Connection Information"
  
Actual results:

Program received signal SIGSEGV, Segmentation fault.
0x00ac7053 in malloc_consolidate () from /lib/libc.so.6
(gdb) where
#0  0x00ac7053 in malloc_consolidate () from /lib/libc.so.6
#1  0x00ac8e1d in _int_malloc () from /lib/libc.so.6
#2  0x00acac55 in malloc () from /lib/libc.so.6
#3  0x001504b4 in g_malloc () from /lib/libglib-2.0.so.0
#4  0x00167013 in g_slice_alloc () from /lib/libglib-2.0.so.0
#5  0x00512c89 in pango_script_iter_new () from /usr/lib/libpango-1.0.so.0
#6  0x00500457 in ?? () from /usr/lib/libpango-1.0.so.0
#7  0x005014d8 in pango_itemize_with_base_dir () from /usr/lib/libpango-1.0.so.0
#8  0x00509cb9 in ?? () from /usr/lib/libpango-1.0.so.0
#9  0x0050b1bb in ?? () from /usr/lib/libpango-1.0.so.0
#10 0x07b687a7 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#11 0xbfd0adec in ?? ()
#12 0x00000000 in ?? ()

Expected results:
Crash shouldn't happen

Additional info:
Comment 1 Pavel Polischouk 2008-05-31 11:03:47 UTC 
Created attachment 307267 [details]
Detailed failure stack trace after stepping through the code

After stepping through the failing code with gdb, I got a different stack
trace, attached.
Comment 2 Dan Williams 2008-06-02 21:04:00 UTC 
Looks like memory corruption actually; could you run the applet through valgrind
and then click on Connection Information and attach the valgrind output?
Comment 3 Pavel Polischouk 2008-06-03 01:26:56 UTC 
Created attachment 308175 [details]
valgrind error report when clicking "connection information".

It's an invalid free(). When running under valgrind the crash didn't happen -
probably valgrind prevented the actual freeing wrong memory from happening, the
dialog opened properly.
Comment 4 Dan Williams 2008-06-03 16:55:49 UTC 
Nice catch and thanks!! for the valgrind log.  Should be fixed in an update to
NM since that code has been changed since svn3623 and as a side-effect the bug
has been removed.  The commit went in after what's in f9-updates-testing
(svn3675 I believe) so it won't be fixed there yet.
Comment 5 Dan Williams 2008-11-02 22:06:46 UTC 
Please test with latest NM updates (svn4022 or later), thanks!
Note You need to log in before you can comment on or make changes to this bug.