[Bug 1988440] Re: Regression in 22.04: segmentation fault when language is spanish

Sergio Costas 1988440 at bugs.launchpad.net
Wed Sep 7 10:15:45 UTC 2022 

For Kinetic, the patch has already been sent to salsa.debian.org:
https://salsa.debian.org/efi-team/libxmlb/-/merge_requests/6

** Changed in: libxmlb (Ubuntu Jammy)
       Status: Fix Committed => In Progress

** Changed in: libxmlb (Ubuntu Focal)
       Status: Fix Committed => In Progress

** Changed in: libxmlb (Ubuntu Bionic)
       Status: Fix Committed => In Progress

** Changed in: libxmlb (Ubuntu Kinetic)
       Status: Fix Released => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libxmlb in Ubuntu.
Matching subscriptions: foundations-bugs-libxmlb
https://bugs.launchpad.net/bugs/1988440

Title:
  Regression in 22.04: segmentation fault when language is spanish

Status in snap-store-desktop:
  Fix Committed
Status in libxmlb package in Ubuntu:
  In Progress
Status in libxmlb source package in Bionic:
  In Progress
Status in libxmlb source package in Focal:
  In Progress
Status in libxmlb source package in Jammy:
  In Progress
Status in libxmlb source package in Kinetic:
  In Progress

Bug description:
  The discussion here describes the issue in full detail:
  https://forum.snapcraft.io/t/segment-fault-with-snap-store/31547

  The bug was caused by a double-free in libxmlb, triggered by some
  specific data combination.

  [Impact] This bug has been in the library since, at least, version
  0.1.8, the one used in Bionic. Although the patch attached here fixes
  the problem in the "snap-store" snap, the bug is still present in the
  libraries distributed as .deb in Ubuntu, and also in the GNOME-42
  extension snap. A patch has been sent both to the libxmlb repository
  (which has been accepted and merged) and to the Debian SALSA
  repository.

  [Test plan] To test this bug, just download the GIT repository
  https://github.com/sergio-costas/test_libxmlb2 and follow the
  instructions. If the bug is there, valgrind will show an access to an
  already freed memory block and six CRITICAL errors will be shown by
  GLib.

  [Where problems could occur] If another developer adds code that uses
  the 'xb_builder_xml_lang_prio_cb()' function and forgets to define a
  destruction function for the passed 'nodes_to_destroy' ptr_array,
  there would be a memory leak.

To manage notifications about this bug go to:
https://bugs.launchpad.net/snap-store-desktop/+bug/1988440/+subscriptions

More information about the foundations-bugs mailing list