hald segfaults when helpers from DBus fail to run

Rohan McGovern rohan.pm at gmail.com
Thu Jan 19 21:07:22 PST 2006 

Hi,

hald ( 0.5.5.1, but probably 0.5.6 too ) will segmentation fault
if it fails to run a program invoked as a result of a DBus call.

Try:
(as root)
# chmod a-x /usr/sbin/hal-system-power-hibernate
(as user with sufficient dbus permissions)
# dbus-send --system --dest=org.freedesktop.Hal \
    --type=method_call /org/freedesktop/Hal/devices/computer \
    org.freedesktop.Hal.Device.SystemPowerManagement.Hibernate

On my system, HAL segfaults at this point:

14:52:44.870 [I] hald_dbus.c:2900: OK for method 'Hibernate' with signature
  '' on interface 'org.freedesktop.Hal.Device.SystemPowerManagement' for
  UDI '/org/freedesktop/Hal/devices/computer' and execpath
  'hal-system-power-hibernate'
14:52:44.871 [E] util.c:731: Couldn't spawn 'hal-system-power-hibernate'
   err=Failed to execute child process
   "hal-system-power-hibernate" (Permission denied)!
zsh: segmentation fault  hald --daemon=no --verbose=yes

Backtrace:
#0  0x0804deb6 in hal_device_num_properties ()
#1  0x0804d3ca in hal_util_helper_invoke_with_pipes ()
#2  0x0804d64b in hal_util_helper_invoke ()
#3  0x0804d375 in callout_do_next ()
#4  0x0804d5a1 in hal_util_helper_invoke_with_pipes ()
#5  0x08055626 in hald_dbus_filter_handle_methods ()
#6  0x08055800 in hald_dbus_filter_function ()
#7  0x4a9d5c0c in dbus_connection_dispatch () from /usr/lib/libdbus-1.so.1
#8  0x4a9fd583 in message_queue_dispatch () 
     from /usr/lib/libdbus-glib-1.so.1
#9  0x4bed90d6 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#10 0x4beda45e in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#11 0x4beda6b7 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#12 0x08051e40 in main ()

From looking at the source, the problem seems to originate from util.c line 
735: 

  callout_failed(ed);

callout_failed assumes that the data1 parameter passed to 
hal_util_helper_invoke_with_pipes is a pointer to Callout, but when called 
from hald_dbus_filter_handle_methods it is a pointer to DBusMesage.  This 
eventually results in hal_util_helper_invoke_with_pipes being called again 
with a pointer to a bogus HalDevice.

Since hal_util_helper_invoke_with_pipes isn't documented, I wasn't sure 
whether callout_failed or hald_dbus_filter_handle_methods is the one using 
the wrong type, so I didn't attempt a fix.  Also, my apologies if this is 
no longer an issue in HAL 0.5.6.

Rohan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/hal/attachments/20060120/13008485/attachment.pgp

More information about the hal mailing list