Renaming a workspace is seg-faulting xfsettingsd with the below output and BT. Issue is 100% repro. distribution: manjaro WM: wingo package version: xfce4-settings 4.11.3-1 (xfsettingsd:3574): GLib-GObject-CRITICAL **: g_value_set_string: assertion 'G_VALUE_HOLDS_STRING (value)' failed (xfsettingsd:3574): GLib-GObject-CRITICAL **: g_type_get_qdata: assertion 'node != NULL' failed (xfsettingsd:3574): GLib-GObject-CRITICAL **: g_type_get_qdata: assertion 'node != NULL' failed (xfsettingsd:3574): GLib-GObject-CRITICAL **: g_type_get_qdata: assertion 'node != NULL' failed (xfsettingsd:3574): GLib-GObject-CRITICAL **: g_type_get_qdata: assertion 'node != NULL' failed ** (xfsettingsd:3574): WARNING **: Cannot marshal type "(null)" in variant ** (xfsettingsd:3574): CRITICAL **: Could not marshal argument 2 for SetProperty: type GValue, value ((GValue*) 0x7fffffffe4a0) (xfsettingsd:3574): GLib-GObject-CRITICAL **: g_value_get_string: assertion 'G_VALUE_HOLDS_STRING (value)' failed Program received signal SIGSEGV, Segmentation fault. 0x00007ffff493cd0a in strlen () from /usr/lib/libc.so.6 (gdb) bt #0 0x00007ffff493cd0a in strlen () from /usr/lib/libc.so.6 #1 0x000000000040ccb3 in ?? () #2 0x00007ffff51a0435 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #3 0x00007ffff51b29fc in ?? () from /usr/lib/libgobject-2.0.so.0 #4 0x00007ffff51bb228 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #5 0x00007ffff51bb48f in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #6 0x00007ffff51a0435 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #7 0x00007ffff51b29fc in ?? () from /usr/lib/libgobject-2.0.so.0 #8 0x00007ffff51bb228 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #9 0x00007ffff51bb48f in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #10 0x00007ffff79c4101 in xfconf_cache_set (cache=0x7fffe80036e0, property=property@entry=0x412a1f "/general/workspace_names", value=value@entry=0x7fffffffe4a0, error=error@entry=0x0) at xfconf-cache.c:819 #11 0x00007ffff79c4f3e in xfconf_channel_set_internal (channel=channel@entry=0x65b240, property=property@entry=0x412a1f "/general/workspace_names", value=value@entry=0x7fffffffe4a0) at xfconf-channel.c:408 #12 0x00007ffff79c6d21 in IA__xfconf_channel_set_arrayv (channel=0x65b240, property=0x412a1f "/general/workspace_names", values=0x6f6520) at xfconf-channel.c:1734 #13 0x000000000040d0b3 in ?? () #14 0x00007ffff6a9d753 in gdk_event_apply_filters (filters=0x0, event=<optimized out>, xevent=<optimized out>) at gdkevents-x11.c:356 #15 gdk_event_translate (display=0x648020, event=0x699810, xevent=0x7fffffffe6c0, return_exposes=return_exposes@entry=0) at gdkevents-x11.c:1052 #16 0x00007ffff6a9ed76 in _gdk_events_queue (display=display@entry=0x648020) at gdkevents-x11.c:2336 #17 0x00007ffff6a9ee1e in gdk_event_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at gdkevents-x11.c:2397 #18 0x00007ffff4ecfc7d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #19 0x00007ffff4ecff68 in ?? () from /usr/lib/libglib-2.0.so.0 #20 0x00007ffff4ed0292 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #21 0x00007ffff6e28417 in IA__gtk_main () at gtkmain.c:1257 #22 0x000000000040709c in ?? () #23 0x00007ffff48da000 in __libc_start_main () from /usr/lib/libc.so.6 #24 0x0000000000407276 in ?? ()
This crash can be reproduce by opening a terminal and running: xprop -root -f '_NET_DESKTOP_NAMES' 8u -set '_NET_DESKTOP_NAMES' 'hello' Which isn't really a valid command, but still it should not crash on invalid input.
(In reply to Alistair Buxton from comment #1) > This crash can be reproduce by opening a terminal and running: > > xprop -root -f '_NET_DESKTOP_NAMES' 8u -set '_NET_DESKTOP_NAMES' 'hello' > > Which isn't really a valid command, but still it should not crash on invalid > input. Just for my education, may I ask why it is not a valid command?
The atom is supposed to be an array of strings, terminated with an empty string. But xprop can't set array atoms, because you can't write a null character on the command line. The crash is exactly the same however.
I traced the crash down to this piece of code: if (g_strcmp0 (name_a, name_b) != 0) { /* set the old xfconf name to the new name */ g_value_unset (val_b); g_value_set_string (val_b, name_a); save_array = TRUE; } It changes the workspace name only if the new name is different to the old one. Except it doesn't. It actually inserts a null pointer into the configuration, which causes the crash next time the config is used.
Created attachment 5686 [PATCH] Fix two possible crashes when changing desktop names 1. Fix a crash when the _NET_DESKTOP_NAMES atom is changed on the root window. Do not unset the gvalue from xfconf when this happens, unless it is not already a string type. In this case reinitialize it as a string. Test case: xprop -root -f '_NET_DESKTOP_NAMES' 8u -set '_NET_DESKTOP_NAMES' 'hello' 2. Fix a crash when non-string values are put into the xfconf property. Do not attempt to use these values as strings. Instead, create a default value. The result is copied back into xfconf when the atom is updated. Test case: xfconf-query -c xfwm4 -p /general/workspace_names -t int -s 1 -t int -s 2 Fixes https://bugzilla.xfce.org/show_bug.cgi?id=11229
Created attachment 5687 Improved patch * Extra type check when setting is unnecessary because g_strcmp0 handles null, and because the rest of xfce code does it this way. * Fix some coding style. * Make the commit message list the two fixes in the order they appear in the diff.
Verified that the attached patch resolves the issue. Committed at http://git.xfce.org/xfce/xfce4-settings/commit/?id=3baa0287875895ef74f492c32a76a522e0b4edea
Nice, marking as resolved then.