-
Bug
-
Resolution: Won't Do
-
Undefined
-
None
-
rhel-8.8.0, rhel-9.2.0
-
None
-
None
-
Important
-
rhel-display-desktop-foundation
-
ssg_display
-
None
-
False
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
None
-
None
-
None
What were you trying to do that didn't work?
Segfault when:
- define DBUS_DISABLE_ASSERT (thus _dbus_accert is a no-op)
- _dbus_list_find_last return NULL (when counter is not in message->counters)
void
_dbus_message_remove_counter (DBusMessage *message,
DBusCounter *counter)
{
DBusList *link;
link = _dbus_list_find_last (&message->counters,
counter);
_dbus_assert (link != NULL);
_dbus_list_remove_link (&message->counters, link);
_dbus_counter_adjust_size (counter, - message->size_counter_delta);
#ifdef HAVE_UNIX_FD_PASSING
_dbus_counter_adjust_unix_fd (counter, - message->unix_fd_counter_delta);
#endif
_dbus_counter_notify (counter);
_dbus_counter_unref (counter);
}
Please provide the package NVR for which bug is seen:
dbus-1.12.20-7.el9_2.1.x86_64
Expected results
Handle NULL from _dbus_list_find_last more gracefully, such as:
Outputting following message in system journal:
"_dbus_message_counter_remove failed because counter is not found in message", then return.
Actual results
Segfault in _dbus_list_unlink like
#0 _dbus_list_unlink (list=0x558f17440000, link=link@entry=0x0) at ../../dbus/dbus-list.c:502 #1 0x00007f26c24a17cd in _dbus_list_remove_link (list=<optimized out>, link=0x0) at ../../dbus/dbus-list.c:530 #2 0x00007f26c2490115 in _dbus_message_remove_counter (message=0x558f1743ff90, counter=0x558f17268cc0) at ../../dbus/dbus-message.c:384 #3 0x00007f26c2483af4 in _dbus_connection_message_sent_unlocked (connection=<optimized out>, message=<optimized out>) at ../../dbus/dbus-connection.c:664 #4 0x00007f26c249e558 in do_writing (transport=0x558f172697b0) at ../../dbus/dbus-transport-socket.c:726
