GNOME Bugzilla – Bug 673893
gvfsd-gphoto2 crashed with SIGSEGV in __pthread_mutex_destroy()
Last modified: 2012-04-11 11:12:25 UTC
From https://launchpad.net/bugs/968186: When plugging in a camera, and gphoto fails to initialize it, gvfsd-gphoto2 crashes with:
+ Trace 230042
This cannot be true, before line 621 release_device() derefs gphoto2_backend dozens of times. So that 0x0 is wrong. I think that gphoto2_backend->lock is also not NULL, as g_mutex_clear() derefs it: g_mutex_impl_free (mutex->p); it seems it's gphoto2_backend->lock->p which is NULL then, i. e. the mutex was not initialized properly. The only access to the lock aside from the _lock()/_unlock() calls is in do_mount() line 1715, i. e. it gets initialized *after* release_device() is called (which tries to free it again). So to fix this, we either need to move the g_mutex_init() further up the code, before the first release_device() call, or release_device() must check if the lock is initialized before trying to clear it. The former seems safer to me (as there is no official API to check whether a mutex is initialized).
The "trace" expander swallowed parts of the analysis, so the description looks a bit odd now.
Heh, when I try to run gvfsd-gphoto2 without arguments, I get a very similar crash: $ LD_LIBRARY_PATH=common/.libs daemon/.libs/gvfsd-gphoto2 initing 0x14db0e0 try_mount 0x14db0e0 host=(null) finalizing 0x14db0e0 Segmentation fault
+ Trace 230043
I. e. again g_vfs_backend_gphoto2_finalize() calls release_device(), but do_mount() never ran.
Created attachment 211818 [details] [review] gphoto2: Initialize mutex early enough This fixes the crashes that I can reproduce, and should also fix the reported crash. OK to push?
Review of attachment 211818 [details] [review]: You're right, nice catch. Please commit to master (still haven't branched for 3.5). Thanks!
Comment on attachment 211818 [details] [review] gphoto2: Initialize mutex early enough Pushed, thanks!