Bug 449208 - nm-applet crashes when clicking on "connection information"
nm-applet crashes when clicking on "connection information"
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: NetworkManager (Show other bugs)
9
i386 Linux
low Severity high
: ---
: ---
Assigned To: Dan Williams
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-31 06:35 EDT by Pavel Polischouk
Modified: 2008-11-02 17:06 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-02 17:06:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Detailed failure stack trace after stepping through the code (18.37 KB, text/plain)
2008-05-31 07:03 EDT, Pavel Polischouk
no flags Details
valgrind error report when clicking "connection information". (1.66 KB, text/plain)
2008-06-02 21:26 EDT, Pavel Polischouk
no flags Details

  None (edit)
Description Pavel Polischouk 2008-05-31 06:35:25 EDT
Description of problem:
nm-applet segfaults when the user clicks on "connection information" menu option.

Version-Release number of selected component (if applicable):

NetworkManager-gnome-0.7.0-0.9.3.svn3623.fc9.i386
gtk2-2.12.9-5.fc9.i386
pango-1.20.1-1.fc9.i386
glibc-2.8-3.i686
glib2-2.16.3-5.fc9.i386

How reproducible:
Always

Steps to Reproduce:
1. Right-click on NM icon
2. Select "Connection Information"
  
Actual results:

Program received signal SIGSEGV, Segmentation fault.
0x00ac7053 in malloc_consolidate () from /lib/libc.so.6
(gdb) where
#0  0x00ac7053 in malloc_consolidate () from /lib/libc.so.6
#1  0x00ac8e1d in _int_malloc () from /lib/libc.so.6
#2  0x00acac55 in malloc () from /lib/libc.so.6
#3  0x001504b4 in g_malloc () from /lib/libglib-2.0.so.0
#4  0x00167013 in g_slice_alloc () from /lib/libglib-2.0.so.0
#5  0x00512c89 in pango_script_iter_new () from /usr/lib/libpango-1.0.so.0
#6  0x00500457 in ?? () from /usr/lib/libpango-1.0.so.0
#7  0x005014d8 in pango_itemize_with_base_dir () from /usr/lib/libpango-1.0.so.0
#8  0x00509cb9 in ?? () from /usr/lib/libpango-1.0.so.0
#9  0x0050b1bb in ?? () from /usr/lib/libpango-1.0.so.0
#10 0x07b687a7 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#11 0xbfd0adec in ?? ()
#12 0x00000000 in ?? ()

Expected results:
Crash shouldn't happen

Additional info:
Comment 1 Pavel Polischouk 2008-05-31 07:03:47 EDT
Created attachment 307267 [details]
Detailed failure stack trace after stepping through the code

After stepping through the failing code with gdb, I got a different stack
trace, attached.
Comment 2 Dan Williams 2008-06-02 17:04:00 EDT
Looks like memory corruption actually; could you run the applet through valgrind
and then click on Connection Information and attach the valgrind output?
Comment 3 Pavel Polischouk 2008-06-02 21:26:56 EDT
Created attachment 308175 [details]
valgrind error report when clicking "connection information".

It's an invalid free(). When running under valgrind the crash didn't happen -
probably valgrind prevented the actual freeing wrong memory from happening, the
dialog opened properly.
Comment 4 Dan Williams 2008-06-03 12:55:49 EDT
Nice catch and thanks!! for the valgrind log.  Should be fixed in an update to
NM since that code has been changed since svn3623 and as a side-effect the bug
has been removed.  The commit went in after what's in f9-updates-testing
(svn3675 I believe) so it won't be fixed there yet.
Comment 5 Dan Williams 2008-11-02 17:06:46 EST
Please test with latest NM updates (svn4022 or later), thanks!

Note You need to log in before you can comment on or make changes to this bug.