GNOME Bugzilla – Bug 637741
Libsoup crashes on canceling message, if client is waiting for a response
Last modified: 2011-11-22 08:25:27 UTC
Using sync session I sent a request to a server, it takes a long time for server to process the request. Libsoup thread is waiting on soup_socket_read_until at read_metadata function.. At the same time I called soup_session_cancel_message from another thread, which calls soup_message_io_cleanup, which clears priv->io_data of msg.Libsoup thread receive EOF on soup_socket_read_until, which causes to call io_error, which tries to access io, which in another thread was set to NULL. Segmentation fault occurs. Fix, which helps. diff --git a/libsoup/soup-message-io.c b/libsoup/soup-message-io.c index d78aa39..cb2b9b4 100644 --- a/libsoup/soup-message-io.c +++ b/libsoup/soup-message-io.c @@ -186,6 +186,9 @@ io_error (SoupSocket *sock, SoupMessage *msg, GError *error) SoupMessagePrivate *priv = SOUP_MESSAGE_GET_PRIVATE (msg); SoupMessageIOData *io = priv->io_data; + if (!io) + return; + if (error && error->domain == G_TLS_ERROR) { soup_message_set_status_full (msg, SOUP_STATUS_SSL_FAILED,
I've also changed this to get it finally working, but I don't know if I didnt broke something else: --- a/libsoup/soup-session.c +++ b/libsoup/soup-session.c @@ -1638,7 +1638,7 @@ cancel_message (SoupSession *session, SoupMessage *msg, guint status_code) soup_message_set_status (msg, status_code); if (soup_message_io_in_progress (msg)) - soup_message_io_finished (msg); + soup_message_io_stop (msg); else item->state = SOUP_MESSAGE_FINISHING;
Created attachment 177957 [details] [review] soup-message-io: don't watch for SoupSocket::disconnect The IO code was explicitly handling the SoupSocket::disconnect signal, but this is actually redundant; if the socket gets disconnected we'll get either an error (if writing) or an eof (if reading), and the code will do the right thing with that. Watching ::disconnected too just results in processing the same error twice and having to be extra careful to do it idempotently.
Created attachment 177958 [details] [review] soup_session_cancel_message: fix up, especially in sync sessions Cancelling a message from another thread had some race conditions that could sometimes cause crashes. Fix things up a bit by using GCancellable to interrupt the I/O, rather than calling soup_message_io_finished() directly. Also added a test for this case to tests/misc-test, although unfortunately due to the raciness of the bug, it only failed sporadically even before the fix (but seems to fail never now).
(In reply to comment #1) > I've also changed this to get it finally working, but I don't know if I didnt > broke something else: "make check" is a good way to test for that. Anyway, can you try the attached patches?
Downstream bug report about the same: https://bugzilla.redhat.com/show_bug.cgi?id=675754
+ Trace 225893
Thread 1 (Thread 3228)
this should be fixed in 2.34.0
*** Bug 603368 has been marked as a duplicate of this bug. ***