GNOME Bugzilla – Bug 546256
Never try to unescape (http/dav) URIs
Last modified: 2018-09-21 16:24:06 UTC
the bug has been opened on https://bugs.launchpad.net/ubuntu/+source/rhythmbox/+bug/254617 Binary package hint: rhythmbox Rhythmbox 0.11.6 crashes on initial startup after upgrade. The problem appears to be in the URI canonicalisation as this is the last message in the debug log: (11:07:41) [0x96cb408] [rb_shell_constructor] rb-shell.c:1418: loading database (11:07:41) [0x96cb408] [rb_shell_constructor] rb-shell.c:1421: shell: syncing window state (11:07:41) [0xa4bbac0] [rhythmdb_tree_parser_start_element] rhythmdb-tree.c:379: loading database version 1.4 (140) (11:07:41) [0xa4bbac0] [rhythmdb_tree_parser_start_element] rhythmdb-tree.c:392: old version of rhythmdb, performing URI canonicalisation for all entries (DB version 1.4) zsh: segmentation fault rhythmbox -d --dry-run The problem appears to be with a single podcast entry in the rhythmdb.xml. I'll attach the snipplet here. 0.11.6svn20080731-0ubuntu3" the debug stracktrace: "#0 g_mount_spec_canonicalize_path (path=0x0) at gmountspec.c:480 canon = <value optimized out> start = <value optimized out> p = <value optimized out> q = <value optimized out>
+ Trace 204557
This appears to be a bug in gvfs. 'gvfs-info http://feeds.feedburner.com/~r/omahm/~5/http%5A%2F%2Fbinaryzone.ziphoid.com%2FOMAHM_Show3_Follintastic.mp3' crashes in the same way, as far as I can tell. Replacing the %2Fs in the URI stops it crashing. http_from_uri() returns with info->path == NULL if g_vfs_decode_uri() fails. It's not particularly clear who should handle path being NULL thereafter. It currently crashes because g_mount_spec_canonicalize_path() doesn't handle NULL input.
*** Bug 546625 has been marked as a duplicate of this bug. ***
Yep, we shouldn't be returning a non-NULL MountInfo with path set to NULL in case of g_vfs_decode_uri () failing. Of course its also a bug (another one) that we try to unescpae the path in the first place. The actual problem is that we try to unescape %2F resulting in / which we forbid in g_vfs_decode_uri. We shouldn't be doing that, at least not for http. So the correct fix is to 1) never return MountInfo with path == NULL and also not to try to unescape the path in the first place. I'll cook up a patch that does both.
A patch for the first part is attached to bug 539967
*** Bug 539967 has been marked as a duplicate of this bug. ***
*** Bug 555070 has been marked as a duplicate of this bug. ***
This happens in gnome-terminal too, with the following URL: http://github.com/eatnumber1/pcsx2-overlay/tree/master%2Flayman-local.cfg?raw=true
*** Bug 564393 has been marked as a duplicate of this bug. ***
*** Bug 564327 has been marked as a duplicate of this bug. ***
any news here?
*** Bug 569767 has been marked as a duplicate of this bug. ***
I raise severity to Critical if it matters, Iwonder if it shouldn't be put to urgent, as it makes crash application on a well defined URLs
Should be a 2.26 showstopper, imo
I second this
I have committed a patch to fix the crash. Of course that only fixed the symptom not the real cause. I will rename that bug and change the severity since the second part, namely "also not to try to unescape the path in the first place." is not done yet. That crash should be gone though.
*** Bug 588241 has been marked as a duplicate of this bug. ***
*** Bug 581032 has been marked as a duplicate of this bug. ***
*** Bug 625413 has been marked as a duplicate of this bug. ***
*** Bug 563367 has been marked as a duplicate of this bug. ***
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/gvfs/issues/54.