Bug 662418 – totem-pl-parser-2.32.6 fails tests (disc crash in cd_cache_new)

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 662418 - totem-pl-parser-2.32.6 fails tests (disc crash in cd_cache_new)


Summary:	totem-pl-parser-2.32.6 fails tests (disc crash in cd_cache_new)


Status:	RESOLVED FIXED

Product:	totem-pl-parser
Classification:	Core
Component:	General
Version:	2.32.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	totem-pl-parser-maint
QA Contact:	totem-pl-parser-maint

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2011-10-21 18:58 UTC by Pawel Hajdan, Jr.
Modified:	2012-02-01 16:52 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Pawel Hajdan, Jr. 2011-10-21 18:58:10 UTC

portage@localhost ~/dev-libs/totem-pl-parser-2.32.6/work/totem-pl-parser-2.32.6/plparse/tests $ dbus-launch libtool --mode=execute gdb ./disc
[...]
Reading symbols from /var/tmp/portage/dev-libs/totem-pl-parser-2.32.6/work/totem-pl-parser-2.32.6/plparse/tests/.libs/disc...done.
(gdb) run
Starting program: /var/tmp/portage/dev-libs/totem-pl-parser-2.32.6/work/totem-pl-parser-2.32.6/plparse/tests/.libs/disc 
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
cd_cache_new (dev=0x156d7c <Address 0x156d7c out of bounds>, error=0xbfffe6dc) at totem-disc.c:333
333	  if (dev[0] == '/') {
(gdb) bt

+ Trace 228885

#0 cd_cache_new
at totem-disc.c line 333
#1 totem_cd_detect_type_with_url
at totem-disc.c line 750
#2 test_disc
at disc.c line 36
#3 main
at disc.c line 137

Comment 1 Bastien Nocera 2012-02-01 15:23:10 UTC

What parameters did you pass to the disc binary? It's only supposed to go in that branch of the loop if the device_paths[] array is non-NULL.

http://git.gnome.org/browse/totem-pl-parser/tree/plparse/tests/disc.c?h=gnome-2-32&id=4e4100d3f96f0e68caf9dadb575cbaa69e382c7c#n137

Comment 2 Pawel Hajdan, Jr. 2012-02-01 16:17:08 UTC

(In reply to comment #1)
> What parameters did you pass to the disc binary?

iirc I didn't pass any (and the above dump of communication with gdb seems to confirm that, e.g. "run" with no arguments).

> It's only supposed to go in
> that branch of the loop if the device_paths[] array is non-NULL.
> 
> http://git.gnome.org/browse/totem-pl-parser/tree/plparse/tests/disc.c?h=gnome-2-32&id=4e4100d3f96f0e68caf9dadb575cbaa69e382c7c#n137

I think there is some corruption going on there (possibly an uninitialized pointer):

0xb7fcaeaa in totem_cd_detect_type_with_url (device=0x156d7c <Address 0x156d7c out of bounds>, mrl=0xbfffe6d8, error=0xbfffe6dc)

And this device out-of-bounds address is coming right from device_paths, which is supposed to be NULL. How about this hypothesis: it's not really NULL, but garbage?

I'm not familiar with g_option_context_parse, but it's not obvious whether it resets device_paths to NULL if it's not passed.

Would you like me to do some further tests?

Comment 3 Bastien Nocera 2012-02-01 16:52:07 UTC

(In reply to comment #2)
<snip>
> I'm not familiar with g_option_context_parse, but it's not obvious whether it
> resets device_paths to NULL if it's not passed.

Doh. That should fix it:
http://git.gnome.org/browse/totem-pl-parser/commit/?id=235ad19dbfee68174e2e17b56386f95a6eb6aa46