9:20 p.m.
http://bugzilla.moblin.org/show_bug.cgi?id=8385
Summary: segfault in SoupTransportAgent due to stale pointer
Classification: Moblin Projects
Product: SyncEvolution
Version: upstream
Platform: Netbook
OS/Version: Moblin Linux
Status: ASSIGNED
Severity: critical
Priority: P1
Component: *Feature Request
AssignedTo: congwu.chen(a)intel.com
ReportedBy: patrick.ohly(a)intel.com
CC: syncevolution(a)lists.intel.com
I just ran
PATH=.:$PATH <path to souce>/test/test-dbus.py -v
TestSessionAPIsReal.testSyncStatusAbort
and got a segfault in syncevo-dbus-server:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f5491ac97c0 (LWP 15404)]
0x00007f548c651520 in std::string::assign () from /usr/lib/libstdc++.so.6
(gdb) up
#1 0x00000000006390d0 in SyncEvo::SoupTransportAgent::HandleSessionCallback
(this=0x1d6e7d0,
session=0x1ce4820, msg=0x1ce48c0)
at
/home/pohly/syncevolution/syncevolution/src/syncevo/SoupTransportAgent.cpp:217
217 m_responseContentType = "";
(gdb) p m_responseContentType
$1 = {static npos = 18446744073709551615,
_M_dataplus = {<std::allocator<char>> =
{<__gnu_cxx::new_allocator<char>> =
{<No data fields>}, <No data fields>}, _M_p = 0x40 <Address 0x40 out of
bounds>}}
#0 0x00007f548c651520 in std::string::assign () from /usr/lib/libstdc++.so.6
#1 0x00000000006390d0 in SyncEvo::SoupTransportAgent::HandleSessionCallback
(this=0x1d6e7d0,
session=0x1ce4820, msg=0x1ce48c0)
at
/home/pohly/syncevolution/syncevolution/src/syncevo/SoupTransportAgent.cpp:217
#2 0x0000000000639347 in SyncEvo::SoupTransportAgent::SessionCallback
(session=0x1ce4820,
msg=0x1ce48c0, user_data=0x1d6e7d0)
at
/home/pohly/syncevolution/syncevolution/src/syncevo/SoupTransportAgent.cpp:210
#3 0x00007f548d6eb5de in ?? () from /usr/lib/libsoup-2.4.so.1
#4 0x00007f548d1e03ed in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#5 0x00007f548d1f424c in ?? () from /usr/lib/libgobject-2.0.so.0
#6 0x00007f548d1f5082 in g_signal_emit_valist () from
/usr/lib/libgobject-2.0.so.0
#7 0x00007f548d1f5553 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#8 0x00007f548d6e8fe0 in soup_session_abort () from /usr/lib/libsoup-2.4.so.1
#9 0x00007f548d6ea8b4 in ?? () from /usr/lib/libsoup-2.4.so.1
#10 0x00007f548d1e2332 in g_object_unref () from /usr/lib/libgobject-2.0.so.0
---Type <return> to continue, or q <return> to quit---
#11 0x00007f548d6eb45e in ?? () from /usr/lib/libsoup-2.4.so.1
#12 0x00007f548c8f512a in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#13 0x00007f548c8f8988 in ?? () from /lib/libglib-2.0.so.0
#14 0x00007f548c8f8e5d in g_main_loop_run () from /lib/libglib-2.0.so.0
#15 0x00000000005a8a4a in DBusServer::run (this=0x7fff7c8f77c0)
at /home/pohly/syncevolution/syncevolution/src/syncevo-dbus-server.cpp:2774
#16 0x00000000005b328e in main (argc=1, argv=0x7fff7c8f79d8)
at /home/pohly/syncevolution/syncevolution/src/syncevo-dbus-server.cpp:2987
In other words, the SyncContext and its SoupTransportAgent are already gone and
destructed when the soup_session_abort() is invoked and ultimately calls our
code with a stale SoupTransportAgent pointer.
Congwu, do you know how this can happen?
--
Configure bugmail: http://bugzilla.moblin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching someone on the CC list of the bug.
9:44 p.m.
New subject: [Bug 8385] segfault in SoupTransportAgent due to stale pointer
http://bugzilla.moblin.org/show_bug.cgi?id=8385
pohly <patrick.ohly(a)intel.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|congwu.chen(a)intel.com |patrick.ohly(a)intel.com
--- Comment #1 from pohly <patrick.ohly(a)intel.com> 2009-12-02 02:44:28 PST ---
(In reply to comment #0)
Congwu, do you know how this can happen?
Barking up the wrong tree, sorry! I've looked closer, this seems to be in code
that I wrote ;-}
--
Configure bugmail: http://bugzilla.moblin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching someone on the CC list of the bug.
9:54 p.m.
New subject: [Bug 8385] segfault in SoupTransportAgent due to stale pointer
http://bugzilla.moblin.org/show_bug.cgi?id=8385
pohly <patrick.ohly(a)intel.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
--- Comment #2 from pohly <patrick.ohly(a)intel.com> 2009-12-02 02:54:12 PST ---
commit 086308e6ecfe192f740f25370aa9ce32e2c7bbf1
Author: Patrick Ohly <patrick.ohly(a)intel.com>
Date: Wed Dec 2 11:49:19 2009 +0100
SoupTransportAgent + syncevo-dbus-server: avoid segfault when aborting (MB
#8385)
Shutting down a sync session because of user-requested abort does not
cancel pending messages, because that would be allowed to block. Instead
the transport agent is destructed.
The SoupTransportAgent did not cancel the pending message and
therefore callbacks for a stale instance of it were invoked later on
*if* the main loop was activated again. This can only happen in the
syncevo-dbus-server, not the command line.
Committed to master and syncevolution-0-9-branch. The latter doesn't really
need it, but better safe than sorry.
--
Configure bugmail: http://bugzilla.moblin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching someone on the CC list of the bug.
9:54 p.m.
New subject: [Bug 8385] segfault in SoupTransportAgent due to stale pointer
http://bugzilla.moblin.org/show_bug.cgi?id=8385
pohly <patrick.ohly(a)intel.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |VERIFIED
--- Comment #3 from pohly <patrick.ohly(a)intel.com> 2009-12-02 02:54:34 PST ---
test-dbus.py completes fine now.
--
Configure bugmail: http://bugzilla.moblin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching someone on the CC list of the bug.
4673
days inactive
4673
days old
syncevolution-issues@syncevolution.org
3 comments
1 participants
participants (1)
-
bugzilla@moblin.org