After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 780715 - GUPnPServiceProxy crash in subscription_expire()
GUPnPServiceProxy crash in subscription_expire()
Status: RESOLVED FIXED
Product: GUPnP
Classification: Other
Component: gupnp
1.0.x
Other Linux
: Normal normal
: ---
Assigned To: GUPnP Maintainers
GUPnP Maintainers
Depends on:
Blocks:
 
 
Reported: 2017-03-30 08:11 UTC by Sven Neumann
Modified: 2018-11-02 10:29 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
avoid the crash by adding an extra check and by making sure that the timeout is removed (1.85 KB, patch)
2017-03-30 08:15 UTC, Sven Neumann
committed Details | Review

Description Sven Neumann 2017-03-30 08:11:54 UTC
We are still seeing occasional crashes in subscription_expire():

logCrash() 
soup_message_headers_append() from /usr/lib/libsoup-2.4.so.1
subscription_expire() from /usr/lib/libgupnp-1.0.so.4
g_timeout_dispatch() from /usr/lib/libglib-2.0.so.0
g_main_context_dispatch() from /usr/lib/libglib-2.0.so.0
g_main_context_iterate.isra.12() from /usr/lib/libglib-2.0.so.0
g_main_loop_run() from /usr/lib/libglib-2.0.so.0


This may look like a duplicate of bug 740263, but the crash is a bit different in that it occurs in soup_message_headers_append() which seems to indicate that SID is NULL.

I can't explain how this is happening, but I thought I should report it nevertheless. I have also made a patch that should avoid the crash.
Comment 1 Sven Neumann 2017-03-30 08:15:56 UTC
Created attachment 348974 [details] [review]
avoid the crash by adding an extra check and by making sure that the timeout is removed
Comment 2 Jens Georg 2017-03-30 12:02:09 UTC
Yeah, that looks really unlikely to reach that code with SID being NULL. Odd. Are you positive that it is NULL or not rather some memory corruption?

Not disagreeing with the patch, though.
Comment 3 Jussi Kukkonen 2017-03-30 12:45:39 UTC
(In reply to Sven Neumann from comment #0)
> We are still seeing occasional crashes in subscription_expire():
> 
> logCrash() 
> soup_message_headers_append() from /usr/lib/libsoup-2.4.so.1
> subscription_expire() from /usr/lib/libgupnp-1.0.so.4
> g_timeout_dispatch() from /usr/lib/libglib-2.0.so.0
> g_main_context_dispatch() from /usr/lib/libglib-2.0.so.0
> g_main_context_iterate.isra.12() from /usr/lib/libglib-2.0.so.0
> g_main_loop_run() from /usr/lib/libglib-2.0.so.0
> 
> 
> This may look like a duplicate of bug 740263, but the crash is a bit
> different in that it occurs in soup_message_headers_append() which seems to
> indicate that SID is NULL.
> 
> I can't explain how this is happening, but I thought I should report it
> nevertheless. I have also made a patch that should avoid the crash.

No idea what happens either but soup_message_headers_append() won't crash if header value is NULL.
Comment 4 Sven Neumann 2017-03-30 14:30:49 UTC
Well, yes, it will crash if libsoup is compiled with G_DISABLE_CHECKS. But you have a point as we are using the defaults, which seems to be --enable-debug=minimum. Only libsoup compiled with --enable-debug=no actually disables the g_return_if_fail() check.
Comment 5 Jens Georg 2018-02-13 20:14:52 UTC
Could that be related to bug 763582?
Comment 6 Jens Georg 2018-11-02 10:29:19 UTC
Forgot to close after pushing