After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 672863 - gupnp-universal-cp crashes if UPnP service does not implement any actions
gupnp-universal-cp crashes if UPnP service does not implement any actions
Status: RESOLVED FIXED
Product: gupnp-tools
Classification: Other
Component: General
unspecified
Other Linux
: Normal normal
: ---
Assigned To: GUPnP Maintainers
GUPnP Maintainers
Depends on:
Blocks:
 
 
Reported: 2012-03-26 17:34 UTC by Jens Georg
Modified: 2019-02-22 05:57 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
sample device description (721 bytes, text/xml)
2012-03-26 17:34 UTC, Jens Georg
  Details
Sample service description (404 bytes, text/xml)
2012-03-26 17:34 UTC, Jens Georg
  Details
It seems OK on my machine (49.37 KB, image/png)
2012-07-29 06:38 UTC, Riko Yamada
  Details
Don't crash on variable-only service (1.86 KB, patch)
2013-10-20 10:14 UTC, Jens Georg
committed Details | Review

Description Jens Georg 2012-03-26 17:34:16 UTC
Created attachment 210644 [details]
sample device description

If a UPnP service only has state variables and you try to click on one of them in the left tree view, you end up getting either garbage, information from other devices or a solid crash.

The culprit seems to be the g_object_unref (introspection) in device-treeview.c:528. If there are actions, they have to reference state variables, keeping the list of variables alive even after the introspection is unreffed.

To test, drop the description.xml and VariablesOnly.xml into gupnp/tests and call ./test-server description.xml, then try to browse the device's state variables in universal-cp.
Comment 1 Jens Georg 2012-03-26 17:34:44 UTC
Created attachment 210645 [details]
Sample service description
Comment 2 Riko Yamada 2012-07-29 06:38:13 UTC
Created attachment 219811 [details]
It seems OK on my machine

Please take a look at my attached screenshot. It seems to work well on my ubuntu-12.04-i386 with git-master gupnp-universal-cp build. I ran the programs several times without any crashes at all.
Comment 3 Jens Georg 2013-10-20 09:33:49 UTC
Ok, the crash is rather random; universal-cp either crashes or shows a random state variable from the service above the current one
Comment 4 Jens Georg 2013-10-20 09:41:50 UTC
The randomness is a GSlice sideeffect. Running with G_SLICE=always-malloc G_DEBUG=gc-friendly crashes "reliably"
Comment 5 Jens Georg 2013-10-20 09:46:14 UTC
==11892== Invalid read of size 8
==11892==    at 0x408934: show_state_variable_details (details-treeview.c:235)
==11892==    by 0x406DFA: on_something_selected (device-treeview.c:266)
==11892==    by 0x5E978E6: _g_closure_invoke_va (gclosure.c:840)
==11892==    by 0x5EB02DE: g_signal_emit_valist (gsignal.c:3234)
==11892==    by 0x5EB0F91: g_signal_emit (gsignal.c:3384)
==11892==    by 0x50DF73A: gtk_tree_view_real_set_cursor (gtktreeview.c:13231)
==11892==    by 0x50E325D: gtk_tree_view_button_press (gtktreeview.c:3142)
==11892==    by 0x4FCE37B: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:130)
==11892==    by 0x5E978E6: _g_closure_invoke_va (gclosure.c:840)
==11892==    by 0x5EB02DE: g_signal_emit_valist (gsignal.c:3234)
==11892==    by 0x5EB0F91: g_signal_emit (gsignal.c:3384)
==11892==    by 0x50FB5CD: gtk_widget_event_internal (gtkwidget.c:6714)
==11892==    by 0x4FCC22D: propagate_event (gtkmain.c:2399)
==11892==    by 0x4FCDF54: gtk_main_do_event (gtkmain.c:1712)
==11892==    by 0x55587B1: gdk_event_source_dispatch (gdkeventsource.c:364)
==11892==    by 0x611ED74: g_main_context_dispatch (gmain.c:3054)
==11892==    by 0x611F0B7: g_main_context_iterate.isra.22 (gmain.c:3701)
==11892==    by 0x611F529: g_main_loop_run (gmain.c:3895)
==11892==    by 0x4FCD274: gtk_main (gtkmain.c:1156)
==11892==    by 0x406457: main (main.c:134)
==11892==  Address 0x1b8aa990 is 0 bytes inside a block of size 128 free'd
==11892==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11892==    by 0x611B67C: g_list_foreach (glist.c:949)
==11892==    by 0x63EB540: gupnp_service_introspection_finalize (in /usr/lib/libgupnp-1.0.so.4.0.0)
==11892==    by 0x5E9C537: g_object_unref (gobject.c:3024)
==11892==    by 0x40731B: got_introspection (device-treeview.c:544)
==11892==    by 0x63E6954: got_scpd_url (in /usr/lib/libgupnp-1.0.so.4.0.0)
==11892==    by 0x5C3684B: soup_session_process_queue_item (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C36A44: async_run_queue (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C36AC3: got_connection (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C150C7: socket_connect_finished (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C39C39: async_connected (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x87B506A: g_task_return_now (gtask.c:1105)
==11892==    by 0x87B581D: g_task_return (gtask.c:1158)
==11892==    by 0x87AECFF: g_socket_client_async_connect_complete (gsocketclient.c:1414)
==11892==    by 0x87AF457: g_socket_client_connected_callback (gsocketclient.c:1557)
==11892==    by 0x87B506A: g_task_return_now (gtask.c:1105)
==11892==    by 0x87B581D: g_task_return (gtask.c:1158)
==11892==    by 0x87B0C2C: g_socket_connection_connect_callback (gsocketconnection.c:231)
==11892==    by 0x87A8DF5: socket_source_dispatch (gsocket.c:3165)
==11892==    by 0x611ED74: g_main_context_dispatch (gmain.c:3054)
==11892== 
==11892== Invalid read of size 4
==11892==    at 0x408957: show_state_variable_details (details-treeview.c:237)
==11892==    by 0x406DFA: on_something_selected (device-treeview.c:266)
==11892==    by 0x5E978E6: _g_closure_invoke_va (gclosure.c:840)
==11892==    by 0x5EB02DE: g_signal_emit_valist (gsignal.c:3234)
==11892==    by 0x5EB0F91: g_signal_emit (gsignal.c:3384)
==11892==    by 0x50DF73A: gtk_tree_view_real_set_cursor (gtktreeview.c:13231)
==11892==    by 0x50E325D: gtk_tree_view_button_press (gtktreeview.c:3142)
==11892==    by 0x4FCE37B: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:130)
==11892==    by 0x5E978E6: _g_closure_invoke_va (gclosure.c:840)
==11892==    by 0x5EB02DE: g_signal_emit_valist (gsignal.c:3234)
==11892==    by 0x5EB0F91: g_signal_emit (gsignal.c:3384)
==11892==    by 0x50FB5CD: gtk_widget_event_internal (gtkwidget.c:6714)
==11892==    by 0x4FCC22D: propagate_event (gtkmain.c:2399)
==11892==    by 0x4FCDF54: gtk_main_do_event (gtkmain.c:1712)
==11892==    by 0x55587B1: gdk_event_source_dispatch (gdkeventsource.c:364)
==11892==    by 0x611ED74: g_main_context_dispatch (gmain.c:3054)
==11892==    by 0x611F0B7: g_main_context_iterate.isra.22 (gmain.c:3701)
==11892==    by 0x611F529: g_main_loop_run (gmain.c:3895)
==11892==    by 0x4FCD274: gtk_main (gtkmain.c:1156)
==11892==    by 0x406457: main (main.c:134)
==11892==  Address 0x1b8aa998 is 8 bytes inside a block of size 128 free'd
==11892==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11892==    by 0x611B67C: g_list_foreach (glist.c:949)
==11892==    by 0x63EB540: gupnp_service_introspection_finalize (in /usr/lib/libgupnp-1.0.so.4.0.0)
==11892==    by 0x5E9C537: g_object_unref (gobject.c:3024)
==11892==    by 0x40731B: got_introspection (device-treeview.c:544)
==11892==    by 0x63E6954: got_scpd_url (in /usr/lib/libgupnp-1.0.so.4.0.0)
==11892==    by 0x5C3684B: soup_session_process_queue_item (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C36A44: async_run_queue (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C36AC3: got_connection (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C150C7: socket_connect_finished (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C39C39: async_connected (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x87B506A: g_task_return_now (gtask.c:1105)
==11892==    by 0x87B581D: g_task_return (gtask.c:1158)
==11892==    by 0x87AECFF: g_socket_client_async_connect_complete (gsocketclient.c:1414)
==11892==    by 0x87AF457: g_socket_client_connected_callback (gsocketclient.c:1557)
==11892==    by 0x87B506A: g_task_return_now (gtask.c:1105)
==11892==    by 0x87B581D: g_task_return (gtask.c:1158)
==11892==    by 0x87B0C2C: g_socket_connection_connect_callback (gsocketconnection.c:231)
==11892==    by 0x87A8DF5: socket_source_dispatch (gsocket.c:3165)
==11892==    by 0x611ED74: g_main_context_dispatch (gmain.c:3054)
==11892== 
==11892== Invalid read of size 8
==11892==    at 0x408996: show_state_variable_details (details-treeview.c:239)
==11892==    by 0x406DFA: on_something_selected (device-treeview.c:266)
==11892==    by 0x5E978E6: _g_closure_invoke_va (gclosure.c:840)
==11892==    by 0x5EB02DE: g_signal_emit_valist (gsignal.c:3234)
==11892==    by 0x5EB0F91: g_signal_emit (gsignal.c:3384)
==11892==    by 0x50DF73A: gtk_tree_view_real_set_cursor (gtktreeview.c:13231)
==11892==    by 0x50E325D: gtk_tree_view_button_press (gtktreeview.c:3142)
==11892==    by 0x4FCE37B: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:130)
==11892==    by 0x5E978E6: _g_closure_invoke_va (gclosure.c:840)
==11892==    by 0x5EB02DE: g_signal_emit_valist (gsignal.c:3234)
==11892==    by 0x5EB0F91: g_signal_emit (gsignal.c:3384)
==11892==    by 0x50FB5CD: gtk_widget_event_internal (gtkwidget.c:6714)
==11892==    by 0x4FCC22D: propagate_event (gtkmain.c:2399)
==11892==    by 0x4FCDF54: gtk_main_do_event (gtkmain.c:1712)
==11892==    by 0x55587B1: gdk_event_source_dispatch (gdkeventsource.c:364)
==11892==    by 0x611ED74: g_main_context_dispatch (gmain.c:3054)
==11892==    by 0x611F0B7: g_main_context_iterate.isra.22 (gmain.c:3701)
==11892==    by 0x611F529: g_main_loop_run (gmain.c:3895)
==11892==    by 0x4FCD274: gtk_main (gtkmain.c:1156)
==11892==    by 0x406457: main (main.c:134)
==11892==  Address 0x1b8aa9a0 is 16 bytes inside a block of size 128 free'd
==11892==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11892==    by 0x611B67C: g_list_foreach (glist.c:949)
==11892==    by 0x63EB540: gupnp_service_introspection_finalize (in /usr/lib/libgupnp-1.0.so.4.0.0)
==11892==    by 0x5E9C537: g_object_unref (gobject.c:3024)
==11892==    by 0x40731B: got_introspection (device-treeview.c:544)
==11892==    by 0x63E6954: got_scpd_url (in /usr/lib/libgupnp-1.0.so.4.0.0)
==11892==    by 0x5C3684B: soup_session_process_queue_item (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C36A44: async_run_queue (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C36AC3: got_connection (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C150C7: socket_connect_finished (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C39C39: async_connected (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x87B506A: g_task_return_now (gtask.c:1105)
==11892==    by 0x87B581D: g_task_return (gtask.c:1158)
==11892==    by 0x87AECFF: g_socket_client_async_connect_complete (gsocketclient.c:1414)
==11892==    by 0x87AF457: g_socket_client_connected_callback (gsocketclient.c:1557)
==11892==    by 0x87B506A: g_task_return_now (gtask.c:1105)
==11892==    by 0x87B581D: g_task_return (gtask.c:1158)
==11892==    by 0x87B0C2C: g_socket_connection_connect_callback (gsocketconnection.c:231)
==11892==    by 0x87A8DF5: socket_source_dispatch (gsocket.c:3165)
==11892==    by 0x611ED74: g_main_context_dispatch (gmain.c:3054)
==11892== 
==11892== Invalid read of size 8
==11892==    at 0x5EB9280: g_type_check_value (gtype.c:4173)
==11892==    by 0x5EBBC02: g_value_transform (gvalue.c:527)
==11892==    by 0x4089D2: show_state_variable_details (details-treeview.c:242)
==11892==    by 0x406DFA: on_something_selected (device-treeview.c:266)
==11892==    by 0x5E978E6: _g_closure_invoke_va (gclosure.c:840)
==11892==    by 0x5EB02DE: g_signal_emit_valist (gsignal.c:3234)
==11892==    by 0x5EB0F91: g_signal_emit (gsignal.c:3384)
==11892==    by 0x50DF73A: gtk_tree_view_real_set_cursor (gtktreeview.c:13231)
==11892==    by 0x50E325D: gtk_tree_view_button_press (gtktreeview.c:3142)
==11892==    by 0x4FCE37B: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:130)
==11892==    by 0x5E978E6: _g_closure_invoke_va (gclosure.c:840)
==11892==    by 0x5EB02DE: g_signal_emit_valist (gsignal.c:3234)
==11892==    by 0x5EB0F91: g_signal_emit (gsignal.c:3384)
==11892==    by 0x50FB5CD: gtk_widget_event_internal (gtkwidget.c:6714)
==11892==    by 0x4FCC22D: propagate_event (gtkmain.c:2399)
==11892==    by 0x4FCDF54: gtk_main_do_event (gtkmain.c:1712)
==11892==    by 0x55587B1: gdk_event_source_dispatch (gdkeventsource.c:364)
==11892==    by 0x611ED74: g_main_context_dispatch (gmain.c:3054)
==11892==    by 0x611F0B7: g_main_context_iterate.isra.22 (gmain.c:3701)
==11892==    by 0x611F529: g_main_loop_run (gmain.c:3895)
==11892==  Address 0x1b8aa9a8 is 24 bytes inside a block of size 128 free'd
==11892==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11892==    by 0x611B67C: g_list_foreach (glist.c:949)
==11892==    by 0x63EB540: gupnp_service_introspection_finalize (in /usr/lib/libgupnp-1.0.so.4.0.0)
==11892==    by 0x5E9C537: g_object_unref (gobject.c:3024)
==11892==    by 0x40731B: got_introspection (device-treeview.c:544)
==11892==    by 0x63E6954: got_scpd_url (in /usr/lib/libgupnp-1.0.so.4.0.0)
==11892==    by 0x5C3684B: soup_session_process_queue_item (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C36A44: async_run_queue (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C36AC3: got_connection (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C150C7: socket_connect_finished (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C39C39: async_connected (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x87B506A: g_task_return_now (gtask.c:1105)
==11892==    by 0x87B581D: g_task_return (gtask.c:1158)
==11892==    by 0x87AECFF: g_socket_client_async_connect_complete (gsocketclient.c:1414)
==11892==    by 0x87AF457: g_socket_client_connected_callback (gsocketclient.c:1557)
==11892==    by 0x87B506A: g_task_return_now (gtask.c:1105)
==11892==    by 0x87B581D: g_task_return (gtask.c:1158)
==11892==    by 0x87B0C2C: g_socket_connection_connect_callback (gsocketconnection.c:231)
==11892==    by 0x87A8DF5: socket_source_dispatch (gsocket.c:3165)
==11892==    by 0x611ED74: g_main_context_dispatch (gmain.c:3054)
==11892== 
==11892== Invalid read of size 4
==11892==    at 0x4089DB: show_state_variable_details (details-treeview.c:246)
==11892==    by 0x406DFA: on_something_selected (device-treeview.c:266)
==11892==    by 0x5E978E6: _g_closure_invoke_va (gclosure.c:840)
==11892==    by 0x5EB02DE: g_signal_emit_valist (gsignal.c:3234)
==11892==    by 0x5EB0F91: g_signal_emit (gsignal.c:3384)
==11892==    by 0x50DF73A: gtk_tree_view_real_set_cursor (gtktreeview.c:13231)
==11892==    by 0x50E325D: gtk_tree_view_button_press (gtktreeview.c:3142)
==11892==    by 0x4FCE37B: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:130)
==11892==    by 0x5E978E6: _g_closure_invoke_va (gclosure.c:840)
==11892==    by 0x5EB02DE: g_signal_emit_valist (gsignal.c:3234)
==11892==    by 0x5EB0F91: g_signal_emit (gsignal.c:3384)
==11892==    by 0x50FB5CD: gtk_widget_event_internal (gtkwidget.c:6714)
==11892==    by 0x4FCC22D: propagate_event (gtkmain.c:2399)
==11892==    by 0x4FCDF54: gtk_main_do_event (gtkmain.c:1712)
==11892==    by 0x55587B1: gdk_event_source_dispatch (gdkeventsource.c:364)
==11892==    by 0x611ED74: g_main_context_dispatch (gmain.c:3054)
==11892==    by 0x611F0B7: g_main_context_iterate.isra.22 (gmain.c:3701)
==11892==    by 0x611F529: g_main_loop_run (gmain.c:3895)
==11892==    by 0x4FCD274: gtk_main (gtkmain.c:1156)
==11892==    by 0x406457: main (main.c:134)
==11892==  Address 0x1b8aa99c is 12 bytes inside a block of size 128 free'd
==11892==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11892==    by 0x611B67C: g_list_foreach (glist.c:949)
==11892==    by 0x63EB540: gupnp_service_introspection_finalize (in /usr/lib/libgupnp-1.0.so.4.0.0)
==11892==    by 0x5E9C537: g_object_unref (gobject.c:3024)
==11892==    by 0x40731B: got_introspection (device-treeview.c:544)
==11892==    by 0x63E6954: got_scpd_url (in /usr/lib/libgupnp-1.0.so.4.0.0)
==11892==    by 0x5C3684B: soup_session_process_queue_item (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C36A44: async_run_queue (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C36AC3: got_connection (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C150C7: socket_connect_finished (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C39C39: async_connected (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x87B506A: g_task_return_now (gtask.c:1105)
==11892==    by 0x87B581D: g_task_return (gtask.c:1158)
==11892==    by 0x87AECFF: g_socket_client_async_connect_complete (gsocketclient.c:1414)
==11892==    by 0x87AF457: g_socket_client_connected_callback (gsocketclient.c:1557)
==11892==    by 0x87B506A: g_task_return_now (gtask.c:1105)
==11892==    by 0x87B581D: g_task_return (gtask.c:1158)
==11892==    by 0x87B0C2C: g_socket_connection_connect_callback (gsocketconnection.c:231)
==11892==    by 0x87A8DF5: socket_source_dispatch (gsocket.c:3165)
==11892==    by 0x611ED74: g_main_context_dispatch (gmain.c:3054)
==11892== 
==11892== Invalid read of size 8
==11892==    at 0x4089EB: show_state_variable_details (details-treeview.c:259)
==11892==    by 0x406DFA: on_something_selected (device-treeview.c:266)
==11892==    by 0x5E978E6: _g_closure_invoke_va (gclosure.c:840)
==11892==    by 0x5EB02DE: g_signal_emit_valist (gsignal.c:3234)
==11892==    by 0x5EB0F91: g_signal_emit (gsignal.c:3384)
==11892==    by 0x50DF73A: gtk_tree_view_real_set_cursor (gtktreeview.c:13231)
==11892==    by 0x50E325D: gtk_tree_view_button_press (gtktreeview.c:3142)
==11892==    by 0x4FCE37B: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:130)
==11892==    by 0x5E978E6: _g_closure_invoke_va (gclosure.c:840)
==11892==    by 0x5EB02DE: g_signal_emit_valist (gsignal.c:3234)
==11892==    by 0x5EB0F91: g_signal_emit (gsignal.c:3384)
==11892==    by 0x50FB5CD: gtk_widget_event_internal (gtkwidget.c:6714)
==11892==    by 0x4FCC22D: propagate_event (gtkmain.c:2399)
==11892==    by 0x4FCDF54: gtk_main_do_event (gtkmain.c:1712)
==11892==    by 0x55587B1: gdk_event_source_dispatch (gdkeventsource.c:364)
==11892==    by 0x611ED74: g_main_context_dispatch (gmain.c:3054)
==11892==    by 0x611F0B7: g_main_context_iterate.isra.22 (gmain.c:3701)
==11892==    by 0x611F529: g_main_loop_run (gmain.c:3895)
==11892==    by 0x4FCD274: gtk_main (gtkmain.c:1156)
==11892==    by 0x406457: main (main.c:134)
==11892==  Address 0x1b8aaa08 is 120 bytes inside a block of size 128 free'd
==11892==    at 0x4C2BA6C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11892==    by 0x611B67C: g_list_foreach (glist.c:949)
==11892==    by 0x63EB540: gupnp_service_introspection_finalize (in /usr/lib/libgupnp-1.0.so.4.0.0)
==11892==    by 0x5E9C537: g_object_unref (gobject.c:3024)
==11892==    by 0x40731B: got_introspection (device-treeview.c:544)
==11892==    by 0x63E6954: got_scpd_url (in /usr/lib/libgupnp-1.0.so.4.0.0)
==11892==    by 0x5C3684B: soup_session_process_queue_item (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C36A44: async_run_queue (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C36AC3: got_connection (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C150C7: socket_connect_finished (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x5C39C39: async_connected (in /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1.6.0)
==11892==    by 0x87B506A: g_task_return_now (gtask.c:1105)
==11892==    by 0x87B581D: g_task_return (gtask.c:1158)
==11892==    by 0x87AECFF: g_socket_client_async_connect_complete (gsocketclient.c:1414)
==11892==    by 0x87AF457: g_socket_client_connected_callback (gsocketclient.c:1557)
==11892==    by 0x87B506A: g_task_return_now (gtask.c:1105)
==11892==    by 0x87B581D: g_task_return (gtask.c:1158)
==11892==    by 0x87B0C2C: g_socket_connection_connect_callback (gsocketconnection.c:231)
==11892==    by 0x87A8DF5: socket_source_dispatch (gsocket.c:3165)
==11892==    by 0x611ED74: g_main_context_dispatch (gmain.c:3054)
Comment 6 Jens Georg 2013-10-20 10:14:41 UTC
Created attachment 257740 [details] [review]
Don't crash on variable-only service

Also keep a reference to introspection when adding service variables into the
treeview. Otherwise the introspection gets unreffed in device-treeview.c:528
and the state variables become invalid.
Comment 7 Jens Georg 2013-10-20 10:16:59 UTC
Attachment 257740 [details] pushed as f9e0333 - Don't crash on variable-only service