[Bug 1988440] Re: Regression in 22.04: segmentation fault when language is spanish

Sergio Costas 1988440 at bugs.launchpad.net
Mon Apr 29 11:15:35 UTC 2024 

Hmmm... the bugs are in the test_xmlb.c file, not in the library! These
variables are defined as autofree/autoptr

    g_autofree gchar *blobfn = NULL;
    g_autoptr(GPtrArray) parent_appdata = g_ptr_array_new_with_free_func (g_free);
    g_autoptr(GPtrArray) parent_appstream = g_ptr_array_new_with_free_func (g_free);

but then, they are assigned static values:

    blobfn = ("/tmp/components.xmlb");

    g_ptr_array_add (parent_appstream, "test_files/xmls1");
    g_ptr_array_add (parent_appstream, "test_files/xmls4");
    g_ptr_array_add (parent_appstream, "test_files/xmls5");
    g_ptr_array_add (parent_appstream, "test_files/yaml6");
    g_ptr_array_add (parent_appdata, "test_files/metainfo1");
    g_ptr_array_add (parent_appdata, "test_files/metainfo2");
    g_ptr_array_add (parent_appdata, "test_files/appdata2");

That's why the test fails. It's not a problem in libxmlb. I'll fix this.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libxmlb in Ubuntu.
Matching subscriptions: foundations-bugs-libxmlb
https://bugs.launchpad.net/bugs/1988440

Title:
  Regression in 22.04: segmentation fault when language is spanish

Status in snap-store-desktop:
  Fix Released
Status in libxmlb package in Ubuntu:
  Fix Released
Status in libxmlb source package in Bionic:
  Won't Fix
Status in libxmlb source package in Focal:
  Fix Committed
Status in libxmlb source package in Jammy:
  Fix Committed
Status in libxmlb source package in Kinetic:
  Won't Fix

Bug description:
  The discussion here describes the issue in full detail:
  https://forum.snapcraft.io/t/segment-fault-with-snap-store/31547

  The bug was caused by a double-free in libxmlb, triggered by some
  specific data combination.

  [Impact] This bug has been in the library since, at least, version
  0.1.8, the one used in Bionic. Although the patch attached here fixes
  the problem in the "snap-store" snap, the bug is still present in the
  libraries distributed as .deb in Ubuntu, and also in the GNOME-42
  extension snap. A patch has been sent both to the libxmlb repository
  (which has been accepted and merged) and to the Debian SALSA
  repository.

  [Test plan] To test this bug, just download the GIT repository
  https://github.com/sergio-costas/test_libxmlb2 and follow the
  instructions. If the bug is there, valgrind will show an access to an
  already freed memory block and six CRITICAL errors will be shown by
  GLib.

  [Where problems could occur] If another developer adds code that uses
  the 'xb_builder_xml_lang_prio_cb()' function and forgets to define a
  destruction function for the passed 'nodes_to_destroy' ptr_array,
  there would be a memory leak.

To manage notifications about this bug go to:
https://bugs.launchpad.net/snap-store-desktop/+bug/1988440/+subscriptions

More information about the foundations-bugs mailing list