← Back to team overview

dx-packages team mailing list archive

[Bug 2015183] Re: Invalid read of size 8 in gnome-shell from accountsservice: free_fetch_user_request (act-user-manager.c:1717) from on_find_user_by_name_finished (act-user-manager.c:1192)

 

** Description changed:

  I don't experience crashes but valgrind gnome-shell reports:
  
- ==15231== Invalid read of size 8
- ==15231==    at 0x4D2D599: g_type_check_instance_is_fundamentally_a (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7600.1)
- ==15231==    by 0x4D149EA: g_object_set_data (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7600.1)
- ==15231==    by 0x363DCFD9: free_fetch_user_request (act-user-manager.c:1717)
- ==15231==    by 0x363E3E7F: on_find_user_by_name_finished (act-user-manager.c:1192)
- ==15231==    by 0x4BCE612: ??? (in /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.7600.1)
- ==15231==    by 0x4BD2042: ??? (in /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.7600.1)
- ==15231==    by 0x4C382AB: ??? (in /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.7600.1)
- ==15231==    by 0x4BCE612: ??? (in /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.7600.1)
- ==15231==    by 0x4BD2042: ??? (in /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.7600.1)
- ==15231==    by 0x4C28801: ??? (in /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.7600.1)
- ==15231==    by 0x4BCE612: ??? (in /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.7600.1)
- ==15231==    by 0x4BCE64C: ??? (in /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.7600.1)
- ==15231==  Address 0x3063be20 is 0 bytes inside a block of size 64 free'd
- ==15231==    at 0x484620F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
- ==15231==    by 0x4D2C66B: g_type_free_instance (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7600.1)
- ==15231==    by 0x4D1A0A6: g_object_notify (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7600.1)
- ==15231==    by 0x363E3519: UnknownInlinedFun (act-user.c:562)
- ==15231==    by 0x363E3519: UnknownInlinedFun (act-user.c:557)
- ==15231==    by 0x363E3519: _act_user_update_from_object_path (act-user.c:1346)
- ==15231==    by 0x363E3C3F: fetch_user_incrementally (act-user-manager.c:1804)
- ==15231==    by 0x363E3E7F: on_find_user_by_name_finished (act-user-manager.c:1192)
- ==15231==    by 0x4BCE612: ??? (in /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.7600.1)
- ==15231==    by 0x4BD2042: ??? (in /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.7600.1)
- ==15231==    by 0x4C382AB: ??? (in /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.7600.1)
- ==15231==    by 0x4BCE612: ??? (in /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.7600.1)
- ==15231==    by 0x4BD2042: ??? (in /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.7600.1)
- ==15231==    by 0x4C28801: ??? (in /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.7600.1)
- ==15231==  Block was alloc'd at
- ==15231==    at 0x4848A13: calloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
- ==15231==    by 0x4DB5550: g_malloc0 (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7600.1)
- ==15231==    by 0x4D31B7C: g_type_create_instance (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7600.1)
- ==15231==    by 0x4D1920F: ??? (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7600.1)
- ==15231==    by 0x4D1A7B7: g_object_new_with_properties (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7600.1)
- ==15231==    by 0x4D1B560: g_object_new (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7600.1)
- ==15231==    by 0x363DE5F1: create_new_user (act-user-manager.c:707)
- ==15231==    by 0x363E41D8: act_user_manager_get_user (act-user-manager.c:1896)
- ==15231==    by 0x5DDE8B5: ??? (in /usr/lib/x86_64-linux-gnu/libffi.so.8.1.2)
- ==15231==    by 0x5DDB34C: ??? (in /usr/lib/x86_64-linux-gnu/libffi.so.8.1.2)
- ==15231==    by 0x5DDDF32: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.8.1.2)
- ==15231==    by 0x4F28BD8: ??? (in /usr/lib/x86_64-linux-gnu/libgjs.so.0.0.0)
+ ==33999== Invalid read of size 8
+ ==33999==    at 0x4D2D599: g_type_check_instance_is_fundamentally_a (gtype.c:4164)
+ ==33999==    by 0x4D149EA: g_object_set_data (gobject.c:4242)
+ ==33999==    by 0x363DCFD9: free_fetch_user_request (act-user-manager.c:1717)
+ ==33999==    by 0x363E3E7F: on_find_user_by_name_finished (act-user-manager.c:1192)
+ ==33999==    by 0x4BCE612: g_task_return_now (gtask.c:1309)
+ ==33999==    by 0x4BD2042: UnknownInlinedFun (gtask.c:1378)
+ ==33999==    by 0x4BD2042: g_task_return (gtask.c:1335)
+ ==33999==    by 0x4C382AB: reply_cb (gdbusproxy.c:2571)
+ ==33999==    by 0x4BCE612: g_task_return_now (gtask.c:1309)
+ ==33999==    by 0x4BD2042: UnknownInlinedFun (gtask.c:1378)
+ ==33999==    by 0x4BD2042: g_task_return (gtask.c:1335)
+ ==33999==    by 0x4C28801: g_dbus_connection_call_done (gdbusconnection.c:5885)
+ ==33999==    by 0x4BCE612: g_task_return_now (gtask.c:1309)
+ ==33999==    by 0x4BCE64C: complete_in_idle_cb (gtask.c:1323)
+ ==33999==  Address 0xb966c30 is 0 bytes inside a block of size 64 free'd
+ ==33999==    at 0x484620F: free (vg_replace_malloc.c:872)
+ ==33999==    by 0x4D2C66B: g_type_free_instance (gtype.c:2062)
+ ==33999==    by 0x4D1A0A6: UnknownInlinedFun (gobject.c:1556)
+ ==33999==    by 0x4D1A0A6: g_object_notify (gobject.c:1602)
+ ==33999==    by 0x363E3519: UnknownInlinedFun (act-user.c:562)
+ ==33999==    by 0x363E3519: UnknownInlinedFun (act-user.c:557)
+ ==33999==    by 0x363E3519: _act_user_update_from_object_path (act-user.c:1346)
+ ==33999==    by 0x363E3C3F: fetch_user_incrementally (act-user-manager.c:1804)
+ ==33999==    by 0x363E3E7F: on_find_user_by_name_finished (act-user-manager.c:1192)
+ ==33999==    by 0x4BCE612: g_task_return_now (gtask.c:1309)
+ ==33999==    by 0x4BD2042: UnknownInlinedFun (gtask.c:1378)
+ ==33999==    by 0x4BD2042: g_task_return (gtask.c:1335)
+ ==33999==    by 0x4C382AB: reply_cb (gdbusproxy.c:2571)
+ ==33999==    by 0x4BCE612: g_task_return_now (gtask.c:1309)
+ ==33999==    by 0x4BD2042: UnknownInlinedFun (gtask.c:1378)
+ ==33999==    by 0x4BD2042: g_task_return (gtask.c:1335)
+ ==33999==    by 0x4C28801: g_dbus_connection_call_done (gdbusconnection.c:5885)
+ ==33999==  Block was alloc'd at
+ ==33999==    at 0x4848A13: calloc (vg_replace_malloc.c:1328)
+ ==33999==    by 0x4DB5550: g_malloc0 (gmem.c:163)
+ ==33999==    by 0x4D31B7C: g_type_create_instance (gtype.c:1965)
+ ==33999==    by 0x4D1920F: g_object_new_internal (gobject.c:2246)
+ ==33999==    by 0x4D1A7B7: g_object_new_with_properties (gobject.c:2409)
+ ==33999==    by 0x4D1B560: g_object_new (gobject.c:2055)
+ ==33999==    by 0x363DE5F1: create_new_user (act-user-manager.c:707)
+ ==33999==    by 0x363E41D8: act_user_manager_get_user (act-user-manager.c:1896)
+ ==33999==    by 0x5DDE8B5: ffi_call_unix64 (unix64.S:104)
+ ==33999==    by 0x5DDB34C: ffi_call_int.lto_priv.0 (ffi64.c:673)
+ ==33999==    by 0x5DDDF32: ffi_call (ffi64.c:710)
+ ==33999==    by 0x4F28BD8: Gjs::Function::invoke(JSContext*, JS::CallArgs const&, JS::Handle<JSObject*>, _GIArgument*) (function.cpp:995)
+ ==33999== 
+ 
  
  ProblemType: Bug
  DistroRelease: Ubuntu 23.04
  Package: accountsservice 22.08.8-1ubuntu5
  ProcVersionSignature: Ubuntu 6.2.0-18.18-generic 6.2.6
  Uname: Linux 6.2.0-18-generic x86_64
  ApportVersion: 2.26.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: pass
  Date: Tue Apr  4 14:29:55 2023
  InstallationDate: Installed on 2022-11-28 (126 days ago)
  InstallationMedia: Ubuntu 23.04 "Lunar Lobster" - Alpha amd64 (20221126)
  SourcePackage: accountsservice
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to accountsservice in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/2015183

Title:
  Invalid read of size 8 in gnome-shell from accountsservice:
  free_fetch_user_request (act-user-manager.c:1717) from
  on_find_user_by_name_finished (act-user-manager.c:1192)

Status in accountsservice package in Ubuntu:
  New

Bug description:
  I don't experience crashes but valgrind gnome-shell reports:

  ==33999== Invalid read of size 8
  ==33999==    at 0x4D2D599: g_type_check_instance_is_fundamentally_a (gtype.c:4164)
  ==33999==    by 0x4D149EA: g_object_set_data (gobject.c:4242)
  ==33999==    by 0x363DCFD9: free_fetch_user_request (act-user-manager.c:1717)
  ==33999==    by 0x363E3E7F: on_find_user_by_name_finished (act-user-manager.c:1192)
  ==33999==    by 0x4BCE612: g_task_return_now (gtask.c:1309)
  ==33999==    by 0x4BD2042: UnknownInlinedFun (gtask.c:1378)
  ==33999==    by 0x4BD2042: g_task_return (gtask.c:1335)
  ==33999==    by 0x4C382AB: reply_cb (gdbusproxy.c:2571)
  ==33999==    by 0x4BCE612: g_task_return_now (gtask.c:1309)
  ==33999==    by 0x4BD2042: UnknownInlinedFun (gtask.c:1378)
  ==33999==    by 0x4BD2042: g_task_return (gtask.c:1335)
  ==33999==    by 0x4C28801: g_dbus_connection_call_done (gdbusconnection.c:5885)
  ==33999==    by 0x4BCE612: g_task_return_now (gtask.c:1309)
  ==33999==    by 0x4BCE64C: complete_in_idle_cb (gtask.c:1323)
  ==33999==  Address 0xb966c30 is 0 bytes inside a block of size 64 free'd
  ==33999==    at 0x484620F: free (vg_replace_malloc.c:872)
  ==33999==    by 0x4D2C66B: g_type_free_instance (gtype.c:2062)
  ==33999==    by 0x4D1A0A6: UnknownInlinedFun (gobject.c:1556)
  ==33999==    by 0x4D1A0A6: g_object_notify (gobject.c:1602)
  ==33999==    by 0x363E3519: UnknownInlinedFun (act-user.c:562)
  ==33999==    by 0x363E3519: UnknownInlinedFun (act-user.c:557)
  ==33999==    by 0x363E3519: _act_user_update_from_object_path (act-user.c:1346)
  ==33999==    by 0x363E3C3F: fetch_user_incrementally (act-user-manager.c:1804)
  ==33999==    by 0x363E3E7F: on_find_user_by_name_finished (act-user-manager.c:1192)
  ==33999==    by 0x4BCE612: g_task_return_now (gtask.c:1309)
  ==33999==    by 0x4BD2042: UnknownInlinedFun (gtask.c:1378)
  ==33999==    by 0x4BD2042: g_task_return (gtask.c:1335)
  ==33999==    by 0x4C382AB: reply_cb (gdbusproxy.c:2571)
  ==33999==    by 0x4BCE612: g_task_return_now (gtask.c:1309)
  ==33999==    by 0x4BD2042: UnknownInlinedFun (gtask.c:1378)
  ==33999==    by 0x4BD2042: g_task_return (gtask.c:1335)
  ==33999==    by 0x4C28801: g_dbus_connection_call_done (gdbusconnection.c:5885)
  ==33999==  Block was alloc'd at
  ==33999==    at 0x4848A13: calloc (vg_replace_malloc.c:1328)
  ==33999==    by 0x4DB5550: g_malloc0 (gmem.c:163)
  ==33999==    by 0x4D31B7C: g_type_create_instance (gtype.c:1965)
  ==33999==    by 0x4D1920F: g_object_new_internal (gobject.c:2246)
  ==33999==    by 0x4D1A7B7: g_object_new_with_properties (gobject.c:2409)
  ==33999==    by 0x4D1B560: g_object_new (gobject.c:2055)
  ==33999==    by 0x363DE5F1: create_new_user (act-user-manager.c:707)
  ==33999==    by 0x363E41D8: act_user_manager_get_user (act-user-manager.c:1896)
  ==33999==    by 0x5DDE8B5: ffi_call_unix64 (unix64.S:104)
  ==33999==    by 0x5DDB34C: ffi_call_int.lto_priv.0 (ffi64.c:673)
  ==33999==    by 0x5DDDF32: ffi_call (ffi64.c:710)
  ==33999==    by 0x4F28BD8: Gjs::Function::invoke(JSContext*, JS::CallArgs const&, JS::Handle<JSObject*>, _GIArgument*) (function.cpp:995)
  ==33999== 

  
  ProblemType: Bug
  DistroRelease: Ubuntu 23.04
  Package: accountsservice 22.08.8-1ubuntu5
  ProcVersionSignature: Ubuntu 6.2.0-18.18-generic 6.2.6
  Uname: Linux 6.2.0-18-generic x86_64
  ApportVersion: 2.26.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: pass
  Date: Tue Apr  4 14:29:55 2023
  InstallationDate: Installed on 2022-11-28 (126 days ago)
  InstallationMedia: Ubuntu 23.04 "Lunar Lobster" - Alpha amd64 (20221126)
  SourcePackage: accountsservice
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2015183/+subscriptions



References