Bug 702600 - [abrt] polkit-0.101-6.fc15: expand_properties: Process /usr/libexec/polkit-1/polkitd was killed by signal 11 (SIGSEGV)
Summary: [abrt] polkit-0.101-6.fc15: expand_properties: Process /usr/libexec/polkit-1/...
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: polkit
Version: 15
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: David Zeuthen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:9189ea9f9bfa7b8f22626707350...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-05-06 10:09 UTC by Radek Novacek
Modified: 2016-12-01 00:29 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-08-04 09:39:10 UTC
Type: ---

Attachments (Terms of Use)
File: dsos (4.65 KB, text/plain)
2011-05-06 10:09 UTC, Radek Novacek 		no flags Details
File: maps (7.31 KB, text/plain)
2011-05-06 10:09 UTC, Radek Novacek 		no flags Details
File: backtrace (70.79 KB, text/plain)
2011-05-06 10:09 UTC, Radek Novacek 		no flags Details
Policy file with action that causes crash (517 bytes, text/plain)
2011-05-06 10:10 UTC, Radek Novacek 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Radek Novacek 2011-05-06 10:09:06 UTC 
abrt version: 2.0.1
comment: This crash happens when I'm trying to authenticate action. IMHO polkitd should test if the result of polkit_action_description_get_message (called from line 1829 in polkitbackendinteractiveauthority.c) is NULL. It tries to iterate through the returned string in funtion expand_properties, which leads to SEGFAULT.
executable: /usr/libexec/polkit-1/polkitd
cmdline: /usr/libexec/polkit-1/polkitd
component: polkit
uid: 0
crash_function: expand_properties
kernel: 2.6.38.5-22.fc15.x86_64
architecture: x86_64
reason: Process /usr/libexec/polkit-1/polkitd was killed by signal 11 (SIGSEGV)
package: polkit-0.101-6.fc15
username: root
os_release: Fedora release 15 (Lovelock)
time: 1304667358
rating: 4

Binary file: coredump, 19177472 bytes
Text file: dsos, 4758 bytes
Text file: maps, 7487 bytes
Text file: backtrace, 72486 bytes

environ
-----
DBUS_STARTER_ADDRESS=systemd:,guid=3870e294cef3da40af26d73b00000013
DBUS_STARTER_BUS_TYPE=system

build_ids
-----
f7cbee207cff3d722ba99fd5bc99067724d9e1c1
2c35820baaea8571d8a8dc977f23cc7f629ddcb4
404116310d8673e393ba901722a96c3deeb7356a
9ef41f9ca0eabaf3a03dd77eb180e202ab4fe956
21ad5b8ca30ad4dbb2190cfd19b03c69958ad013
8bc1fd5e82867883904388142d7c9822544fb136
a22a12708374979fd036729b9685f1959b67deb8
a7158bee1dfaecfbd81d16bc6b31b082b0d5244a
685086f359feb667f15a0a31912dc0fc295ba250
21fc8fbde60da73f6470caf5552eaeb2610a2269
e5f626726497a81807681ed0088dbce6d6a1f17b
a68305835b0b790f438310c5117b2e9ff972248f
6e3ce20a172ec5ded5e7793864f790b74ebb961f
47239178b9bf55e8ac8f1193fcc76615d82d56f6
a69d0d7987b68ddabd066b5b438010155eb287bb
415dd94df0672c555dd4b2a4ef9dbf530694c82c
b3900bee00b584ef0bfe2adc2f9b9aed93870bc0
48aea888319e1848137073c9cbde54a4c2a731c9
Comment 1 Radek Novacek 2011-05-06 10:09:08 UTC 
Created attachment 497314 [details]
File: dsos
Comment 2 Radek Novacek 2011-05-06 10:09:11 UTC 
Created attachment 497315 [details]
File: maps
Comment 3 Radek Novacek 2011-05-06 10:09:14 UTC 
Created attachment 497316 [details]
File: backtrace
Comment 4 Radek Novacek 2011-05-06 10:10:45 UTC 
Created attachment 497318 [details]
Policy file with action that causes crash
Comment 5 Radek Novacek 2011-05-06 10:15:33 UTC 
When I add some message to the action definition in policy file, crash doesn't happened. But I think this issue still should be fixed.
Comment 6 Radek Novacek 2011-08-04 08:28:45 UTC 
Ping, any progress?
Comment 7 David Zeuthen 2011-08-04 09:39:10 UTC 
Fixed upstream and is in the 0.102 release which will hit Fedora eventually.

http://cgit.freedesktop.org/PolicyKit/commit/?id=675e4337d7f83ffaf9612cadf7f365c545c51243
Note You need to log in before you can comment on or make changes to this bug.