Crash in gdbus schedule_callbacks() due to missing NULL check before g_str_equal()
I got a crash in tracker-extract-3
triggered by what seems to be an "empty" PropertiesChanged
signal emitted by tracker-miner-fs3
:
#0 __strcmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:287
#1 0x00007fd94584e2ab in schedule_callbacks
(connection=connection@entry=0x55b0381e6e10 [GDBusConnection], signal_data_array=0x55b0384c45a0, message=message@entry=0x7fd918004130 [GDBusMessage], sender=sender@entry=0x0) at ../gio/gdbusconnection.c:3931
#2 0x00007fd94584e5f4 in distribute_signals (connection=0x55b0381e6e10 [GDBusConnection], message=0x7fd918004130 [GDBusMessage]) at ../gio/gdbusconnection.c:4009
#3 on_worker_message_received (worker=<optimized out>, message=0x7fd918004130 [GDBusMessage], user_data=0x55b0381e6e10) at ../gio/gdbusconnection.c:2312
#4 on_worker_message_received (worker=<optimized out>, message=<optimized out>, user_data=0x55b0381e6e10) at ../gio/gdbusconnection.c:2232
#5 0x00007fd945865fd7 in _g_dbus_worker_emit_message_received (worker=0x55b0384c1a50, message=0x7fd918004130 [GDBusMessage]) at ../gio/gdbusprivate.c:490
#6 _g_dbus_worker_emit_message_received (worker=0x55b0384c1a50, message=0x7fd918004130 [GDBusMessage]) at ../gio/gdbusprivate.c:486
#7 _g_dbus_worker_queue_or_deliver_received_message (worker=0x55b0384c1a50, message=0x7fd918004130 [GDBusMessage]) at ../gio/gdbusprivate.c:518
#8 _g_dbus_worker_do_read_cb (input_stream=<optimized out>, res=<optimized out>, user_data=0x55b0384c1a50) at ../gio/gdbusprivate.c:803
#9 0x00007fd9457f59dc in g_task_return_now (task=0x7fd918003c70 [GTask]) at ../gio/gtask.c:1361
#10 0x00007fd9457f5a15 in complete_in_idle_cb (task=task@entry=0x7fd918003c70) at ../gio/gtask.c:1375
#11 0x00007fd945978dad in g_idle_dispatch (source=0x7fd918004240, callback=0x7fd9457f5a00 <complete_in_idle_cb>, user_data=0x7fd918003c70) at ../glib/gmain.c:6150
#12 0x00007fd94597268c in g_main_dispatch (context=0x55b0384c1eb0) at ../glib/gmain.c:3344
#13 g_main_context_dispatch_unlocked (context=0x55b0384c1eb0) at ../glib/gmain.c:4152
#14 0x00007fd9459d3788 in g_main_context_iterate_unlocked.isra.0 (context=0x55b0384c1eb0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4217
#15 0x00007fd945978647 in g_main_loop_run (loop=0x55b038470e20) at ../glib/gmain.c:4419
#16 0x00007fd94585de42 in gdbus_shared_thread_func (user_data=0x55b03825a7e0) at ../gio/gdbusprivate.c:284
#17 0x00007fd9459a28a3 in g_thread_proxy (data=0x55b038267400) at ../glib/gthread.c:835
#18 0x00007fd9453e41b7 in start_thread (arg=<optimized out>) at pthread_create.c:447
#19 0x00007fd94546639c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
(gdb) frame 1
#1 0x00007fd94584e2ab in schedule_callbacks (connection=connection@entry=0x55b0381e6e10 [GDBusConnection], signal_data_array=0x55b0384c45a0, message=message@entry=0x7fd918004130 [GDBusMessage],
sender=sender@entry=0x0) at ../gio/gdbusconnection.c:3931
3931 else if (!g_str_equal (signal_data->arg0, arg0))
(gdb) print signal_data->arg0
$1 = (gchar *) 0x55b0384d0190 "org.freedesktop.Tracker3.Files"
(gdb) print arg0
$2 = <optimized out>
(gdb) print message->arg0_cache
$3 = (GVariant *) 0x0
(gdb) print signal_data->interface_name
$4 = (gchar *) 0x55b0384cc410 "org.freedesktop.DBus.Properties"
(gdb) print signal_data->member
$5 = (gchar *) 0x55b0384d0060 "PropertiesChanged"
(gdb) print signal_data->object_path
$6 = (gchar *) 0x55b0384d0db0 "/org/freedesktop/Tracker3/Files"
So while I can't get the arg0
value from gdb, from looking at message->arg0_cache
g_dbus_message_get_arg0()
would have returned NULL
. All other branches except the one running g_str_equal()
check arg0
for NULL
.