GNOME Bugzilla – Bug 780715
GUPnPServiceProxy crash in subscription_expire()
Last modified: 2018-11-02 10:29:19 UTC
We are still seeing occasional crashes in subscription_expire(): logCrash() soup_message_headers_append() from /usr/lib/libsoup-2.4.so.1 subscription_expire() from /usr/lib/libgupnp-1.0.so.4 g_timeout_dispatch() from /usr/lib/libglib-2.0.so.0 g_main_context_dispatch() from /usr/lib/libglib-2.0.so.0 g_main_context_iterate.isra.12() from /usr/lib/libglib-2.0.so.0 g_main_loop_run() from /usr/lib/libglib-2.0.so.0 This may look like a duplicate of bug 740263, but the crash is a bit different in that it occurs in soup_message_headers_append() which seems to indicate that SID is NULL. I can't explain how this is happening, but I thought I should report it nevertheless. I have also made a patch that should avoid the crash.
Created attachment 348974 [details] [review] avoid the crash by adding an extra check and by making sure that the timeout is removed
Yeah, that looks really unlikely to reach that code with SID being NULL. Odd. Are you positive that it is NULL or not rather some memory corruption? Not disagreeing with the patch, though.
(In reply to Sven Neumann from comment #0) > We are still seeing occasional crashes in subscription_expire(): > > logCrash() > soup_message_headers_append() from /usr/lib/libsoup-2.4.so.1 > subscription_expire() from /usr/lib/libgupnp-1.0.so.4 > g_timeout_dispatch() from /usr/lib/libglib-2.0.so.0 > g_main_context_dispatch() from /usr/lib/libglib-2.0.so.0 > g_main_context_iterate.isra.12() from /usr/lib/libglib-2.0.so.0 > g_main_loop_run() from /usr/lib/libglib-2.0.so.0 > > > This may look like a duplicate of bug 740263, but the crash is a bit > different in that it occurs in soup_message_headers_append() which seems to > indicate that SID is NULL. > > I can't explain how this is happening, but I thought I should report it > nevertheless. I have also made a patch that should avoid the crash. No idea what happens either but soup_message_headers_append() won't crash if header value is NULL.
Well, yes, it will crash if libsoup is compiled with G_DISABLE_CHECKS. But you have a point as we are using the defaults, which seems to be --enable-debug=minimum. Only libsoup compiled with --enable-debug=no actually disables the g_return_if_fail() check.
Could that be related to bug 763582?
Forgot to close after pushing