Bug 366331 – returns GNOME_VFS_OK for some broken responses

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 366331 - returns GNOME_VFS_OK for some broken responses


Summary:	returns GNOME_VFS_OK for some broken responses


Status:	RESOLVED WONTFIX

Product:	gnome-vfs
Classification:	Deprecated
Component:	Module: http
Version:	cvs (head)
Hardware:	Other All

Importance:	High critical
Target Milestone:	---
Assigned To:	gnome-vfs maintainers
QA Contact:	gnome-vfs maintainers

URL:
Whiteboard:	gnome[unmaintained]

Duplicates:	370490 384047 400055 401282 402885 403239 406030 414164 435873 476416 (view as bug list)
Depends on:
Blocks:

Reported:	2006-10-28 14:58 UTC by jgargal
Modified:	2018-08-17 13:52 UTC

See Also:
GNOME target:	---
GNOME version:	2.15/2.16

Attachments
simple patch (570 bytes, patch) 2006-10-29 07:10 UTC, Jonathan Matthew	none	Details \| Review
Clean up the resolve_result function a bit. (2.41 KB, patch) 2006-11-07 05:11 UTC, Christian Kellner	accepted-commit_after_freeze	Details \| Review

Description jgargal 2006-10-28 14:58:58 UTC

What were you doing when the application crashed?
Estaba escuchando Vaughanradio (http://www.vaughanradio.com/vaughanradio.pls)


Distribution: Ubuntu 6.10 (edgy)
Gnome Release: 2.16.1 2006-10-02 (Ubuntu)
BugBuddy Version: 2.16.0

Memory status: size: 68046848 vsize: 0 resident: 68046848 share: 0 rss: 19468288 rss_rlim: 0
CPU usage: start_time: 1162047453 rtime: 0 utime: 79 stime: 0 cutime:74 cstime: 0 timeout: 5 it_real_value: 0 frequency: 3

Backtrace was generated from '/usr/bin/rhythmbox'

(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1229191504 (LWP 12170)]
[New Thread -1243255904 (LWP 12181)]
[New Thread -1252283488 (LWP 12180)]
(no debugging symbols found)
0xffffe410 in __kernel_vsyscall ()

+ Trace 79309

Thread 2 (Thread -1243255904 (LWP 12181))

#0 __kernel_vsyscall
#1 __waitpid_nocancel
from /lib/tls/i686/cmov/libpthread.so.0
#2 gnome_gtk_module_info_get
from /usr/lib/libgnomeui-2.so.0
#3 <signal handler called>
#4 __kernel_vsyscall
#5 raise
from /lib/tls/i686/cmov/libc.so.6
#6 abort
from /lib/tls/i686/cmov/libc.so.6
#7 g_logv
from /usr/lib/libglib-2.0.so.0
#8 g_log
from /usr/lib/libglib-2.0.so.0
#9 g_realloc
from /usr/lib/libglib-2.0.so.0
#10 totem_pl_parser_can_parse_from_filename
from /usr/lib/libtotem-plparser.so.1
#11 totem_pl_parser_can_parse_from_filename
from /usr/lib/libtotem-plparser.so.1
#12 totem_pl_parser_can_parse_from_filename
from /usr/lib/libtotem-plparser.so.1
#13 totem_pl_parser_can_parse_from_filename
from /usr/lib/libtotem-plparser.so.1
#14 totem_pl_parser_can_parse_from_filename
from /usr/lib/libtotem-plparser.so.1
#15 rb_shell_player_set_playing_source
#16 g_thread_create_full
from /usr/lib/libglib-2.0.so.0
#17 start_thread
from /lib/tls/i686/cmov/libpthread.so.0
#18 clone
from /lib/tls/i686/cmov/libc.so.6

Comment 1 Jonathan Matthew 2006-10-29 00:03:41 UTC

The server hosting that stream is hopelessly broken.  It seems to randomly skip the trailing blank line that marks the end of the HTTP response headers.

Comment 2 Jonathan Matthew 2006-10-29 07:08:58 UTC

Here's what's happening:
- ne_request.c:read_response_headers fails because the response appears to have more than MAX_HEADER_FIELDS headers, returning NE_ERROR; this is after it has parsed the (200) status code.
- http-neon-method.c:resolve_result returns GNOME_VFS_OK because it got a 200 response code and there is no socket error set
- http-neon-method.c:http_transfer_start_read() sets handle->transfer_state = TRANSFER_ERROR and handle->last_error = GNOME_VFS_OK
- future do_read() calls see the transfer state and return GNOME_VFS_OK (last_error) without setting *bytes_read
- totem-pl-parser.c:my_gnome_vfs_get_mime_type_with_data doesn't initialize bytes_read before calling gnome_vfs_read(), so later on it tries to allocate a random (large) number of bytes, which usually fails, so it dies.

Simple test case:  gnomevfs-cat http://212.81.130.17
will mostly segfault, depending on the uninitialized value of bytes_read.

Comment 3 Jonathan Matthew 2006-10-29 07:10:45 UTC

Created attachment 75593 [details] [review]
simple patch

This ensures that resolve_result() does not return GNOME_VFS_OK when the incoming result is NE_ERROR.

Comment 4 Bastien Nocera 2006-10-29 09:21:41 UTC

Added a work-around in Totem's playlist parser as well, in both HEAD and gnome-2-16

2006-10-29  Bastien Nocera  <hadess@hadess.net>

        * src/plparse/totem-pl-parser.c:
        (my_gnome_vfs_get_mime_type_with_data): initialise bytes_read
        to avoid problems with gnome-vfs not initialising it
        (See bug #366331)

Comment 5 Jonathan Matthew 2006-11-04 14:12:50 UTC

*** Bug 370490 has been marked as a duplicate of this bug. ***

Comment 6 Christian Kellner 2006-11-07 03:49:41 UTC

-> me

Comment 7 Christian Kellner 2006-11-07 05:11:56 UTC

Created attachment 76128 [details] [review]
Clean up the resolve_result function a bit.

I think this is fine to commit but I wanna be sure and apply that only after the branching.

Comment 8 Jonathan Matthew 2006-12-09 21:58:39 UTC

*** Bug 384047 has been marked as a duplicate of this bug. ***

Comment 9 Kjartan Maraas 2007-01-24 19:37:41 UTC

Christian, ping?

Comment 10 André Klapper 2007-01-25 03:02:28 UTC

*** Bug 400055 has been marked as a duplicate of this bug. ***

Comment 11 André Klapper 2007-01-29 02:31:58 UTC

*** Bug 401282 has been marked as a duplicate of this bug. ***

Comment 12 Alex Lancaster 2007-02-01 04:36:29 UTC

*** Bug 402885 has been marked as a duplicate of this bug. ***

Comment 13 Alex Lancaster 2007-02-01 21:53:16 UTC

*** Bug 403239 has been marked as a duplicate of this bug. ***

Comment 14 Alex Lancaster 2007-02-09 12:14:48 UTC

*** Bug 406030 has been marked as a duplicate of this bug. ***

Comment 15 James "Doc" Livingston 2007-03-03 10:30:00 UTC

*** Bug 414164 has been marked as a duplicate of this bug. ***

Comment 16 Jonathan Matthew 2007-05-04 22:32:05 UTC

*** Bug 435873 has been marked as a duplicate of this bug. ***

Comment 17 Jonathan Matthew 2007-09-13 10:07:55 UTC

*** Bug 476416 has been marked as a duplicate of this bug. ***

Comment 18 Kjartan Maraas 2008-01-03 12:45:27 UTC

Christian, did you branch yet?

Comment 19 Tobias Mueller 2009-06-15 20:42:43 UTC

ahem, may I assume that this bug is OBSOLETE and the patch is not to be committed anymore?

Comment 20 Christian Kellner 2010-02-20 12:25:21 UTC

Mass re-assignin old gnome-vfs http bugs to gnome-vfs-maint@gnome.bugs so they disappear from my "My bugs" list. Sorry for the spam.

Comment 21 André Klapper 2018-08-17 13:52:14 UTC

gnome-vfs got deprecated in 2008.

gnome-vfs is not under active development anymore and had its last code changes
in 2011. Its codebase has been archived:
https://gitlab.gnome.org/Archive/gnome-vfs/commits/master

gio (in glib) and gvfs are its successors. See https://developer.gnome.org/gio/stable/ch33.html and https://people.gnome.org/~gicmo/gio-migration-guide/ for porting info.

Closing this report as WONTFIX as part of Bugzilla Housekeeping to reflect
reality. Feel free to open a task in GNOME Gitlab if the issue described in this task still applies to a recent + supported version of glib/gio/gvfs. Thanks!