Аноним | вход | зарегистрировать новую учетную запись | 2019-02-23 10:32 EET |
главная | моя сводка | список вопросов | журнал изменений | план развития | документация | моя учетная запись |
Простой вид [ комментарии ] | [ расширенный вид ] [ история ] [ печать ] | |||||||||||
Номер | Категория | Серьезность | Воспроизводимость | Создан | Изменен | |||||||
0000491 | [obex-data-server] General | авария | всегда | 2010-10-25 07:01 | 2010-10-25 08:44 | |||||||
Инициатор | ulidtko | Видимость | общая | |||||||||
Ответственный | skirsdeda | |||||||||||
Приоритет | обычный | Решение | открыт | |||||||||
Состояние | назначен | Версия продукта | ||||||||||
Суть | 0000491: Segmentation fault, caused by double-finalizing obex_t contexts in failed usb sessions | |||||||||||
Подробности |
When `ods_obex_setup_usbtransport()` failes to bring up the interface, it `OBEX_Cleanup()`s the created OBEX context. Afterwards, when freeing the session in `ods_session_finalize()`, the context gets `OBEX_Cleanup()`ed again, resulting in double-frees and SIGSEGV. The following patch is not a solution, but rather a workaround to avoid crashes. It relies on `OBEX_Cleanup()` handling NULLs gracefully. Index: src/ods-obex.c =================================================================== --- src/ods-obex.c (revision 3050) +++ src/ods-obex.c (working copy) @@ -429,7 +429,10 @@ err: if (obex_context->obex_handle) + { OBEX_Cleanup (obex_context->obex_handle); + obex_context->obex_handle = NULL; + } return FALSE; } |
|||||||||||
Дополнительные сведения |
Valgrind session, without the patch: obex-data-server 0.4.6svn Using Session bus Session created by: :1.711 session_connect_result_cb session closed Removing listened DBUS name :1.711 (object: /org/openobex/session0) Removed from listened DBUS names list ==32417== Invalid read of size 4 ==32417== at 0x426BCE4: obex_transport_disconnect_request (obex_transport.c:244) ==32417== by 0x426598C: OBEX_Cleanup (obex.c:228) ==32417== by 0x8063315: ods_session_finalize (ods-session.c:1052) ==32417== by 0x4054653: g_object_unref (gobject.c:2695) ==32417== by 0x4058CB0: g_object_set_valist (gobject.c:1696) ==32417== by 0x4059075: g_object_set (gobject.c:1795) ==32417== by 0x805415D: ods_manager_create_usb_session (ods-manager.c:870) ==32417== by 0x41E2DDE: ??? (in /usr/lib/libdbus-glib-1.so.2.1.0) ==32417== by 0x41E338D: ??? (in /usr/lib/libdbus-glib-1.so.2.1.0) ==32417== by 0x4214F5D: ??? (in /lib/libdbus-1.so.3.5.2) ==32417== by 0x4206EB6: dbus_connection_dispatch (in /lib/libdbus-1.so.3.5.2) ==32417== by 0x41DF39C: ??? (in /usr/lib/libdbus-glib-1.so.2.1.0) ==32417== Address 0x458f794 is 52 bytes inside a block of size 252 free'd ==32417== at 0x40257ED: free (vg_replace_malloc.c:366) ==32417== by 0x42659DD: OBEX_Cleanup (obex.c:238) ==32417== by 0x8056D1E: ods_obex_setup_usbtransport (ods-obex.c:432) ==32417== by 0x80620C1: ods_session_set_property (ods-session.c:766) ==32417== by 0x4058959: g_object_set_valist (gobject.c:1174) ==32417== by 0x4059075: g_object_set (gobject.c:1795) ==32417== by 0x805415D: ods_manager_create_usb_session (ods-manager.c:870) ==32417== by 0x41E2DDE: ??? (in /usr/lib/libdbus-glib-1.so.2.1.0) ==32417== by 0x41E338D: ??? (in /usr/lib/libdbus-glib-1.so.2.1.0) ==32417== by 0x4214F5D: ??? (in /lib/libdbus-1.so.3.5.2) ==32417== by 0x4206EB6: dbus_connection_dispatch (in /lib/libdbus-1.so.3.5.2) ==32417== by 0x41DF39C: ??? (in /usr/lib/libdbus-glib-1.so.2.1.0) ==32417== |
|||||||||||
Tэги | Нет прикрепленных тэгов. | |||||||||||
Вложенные файлы | ||||||||||||
|
![]() |
|
(0001389) skirsdeda (администратор) 2010-10-25 08:44 |
Thanks for bug report. The solution seems fine, it should probably be applied to ods_obex_setup_fdtransport() as well. |
Mantis 1.1.6[^] Copyright © 2000 - 2008 Mantis Group |