Package: libopenobex1
Version: 1.5-2
Severity: important
Tags: patch
Dear Maintainer,
* What led up to the situation?
Actually, I don't exactly know how could it be a Seg Fault.
I try to send a file through CSR BT(2.1 EDR) to bcm4329(the chip
used on the evb of my company, running android 2.2). On Debian,
I use blueman when sending file, blueman uses obex-data-server
which loads libopenobex.so.
* What exactly did you do (or not do) that was effective (or
ineffective)?
open blueman, pair with bcm4329, send a file to bcm4329.
* What was the outcome of this action?
obex-data-server segfault in libopenobex.so.
this bug is 100% reproduceable with the evb of my company, but
didn't occur when transfer file to HTC One S. Maybe it's caused
by bluetooth speed.
* What outcome did you expect instead?
transfer file successfully.
When I got seg fault, I tried to debug this.
download the source,
enable debug when run ./configure,
change OBEX_DEBUG in config.h to 100 to print more debug message,
make && make install,
run `obex-data-server -d -n' in terminal and test with blueman,
And I got the output below:
| Used MTUs: RX=32767, TX=32767
| obex_data_request():215: len = 7 bytes
| do_write():380: sending 7 bytes
| ##DEBUG: OBEX event: PROGRESS(0x0), CONNECT(0x0), (null)(0x0)
| io callback
| obex_data_indication():285: Got 9 bytes msg len=12
| obex_parse_connect_header():94: version=10
| obex_parse_connect_header():102: requested MTU=fffe, used MTU=7fff
| ##DEBUG: OBEX event: REQDONE(0x3), CONNECT(0x0), SUCCESS(0x20)
| obex_request_done: command 0, response 32 (OK, Success)
| Version: 0x10. Flags: 0x00 OBEX packet length: 65534
| session_connect_result_cb
| LOCK ods_session_send_file_ext
| ##DEBUG: OBEX event: STREAMEMPTY(0x8), CONNECT(0x0), (null)(0x0)
| obex_writestream
| writestream from File: 13
| ##DEBUG: OBEX event: STREAMEMPTY(0x8), CONNECT(0x0), (null)(0x0)
| obex_writestream
| writestream from File: 13
| obex_data_request():215: len = 32767 bytes
| do_write():380: sending 32767 bytes
| ##DEBUG: OBEX event: PROGRESS(0x0), PUT(0x2), (null)(0x0)
| **Warning: PROGRESS: 65134
| UNLOCK ods_session_send_file_ext
| io callback
| obex_data_indication():285: Got 5 bytes msg len=8
| ##DEBUG: OBEX event: STREAMEMPTY(0x8), CONNECT(0x0), (null)(0x0)
| obex_writestream
| writestream from File: 13
| obex_data_request():215: len = 32767 bytes
| do_write():380: sending 32767 bytes
| do_write():380: sending 8575 bytes
| ##DEBUG: OBEX event: LINKERR(0x4), PUT(0x2), (null)(0x0)
| **Warning: EV_LINKERR
| EV_ABORT
|
| Program received signal SIGSEGV, Segmentation fault.
| obex_client (self=self@entry=0x644550,
msg=msg@entry=0x6457c0, final=<optimized out>) at obex_client.c:178
| 178 self->object->continue_received = 0;
| (gdb) bt
| #0 obex_client (self=self@entry=0x644550,
msg=msg@entry=0x6457c0, final=<optimized out>) at obex_client.c:178
| #1 0x00007ffff6225fdc in obex_data_indication
(self=self@entry=0x644550, buf=<optimized out>, buf@entry=0x0,
buflen=<optimized out>, buflen@entry=0)
| at obex_main.c:314
| #2 0x00007ffff622916b in obex_transport_handle_input
(self=0x644550, timeout=timeout@entry=1) at obex_transport.c:114
| #3 0x00007ffff62246ac in OBEX_HandleInput
(self=<optimized out>, timeout=timeout@entry=1) at obex.c:467
| #4 0x0000000000419713 in obex_io_callback
(io_channel=<optimized out>, cond=<optimized out>, data=<optimized
out>) at src/ods-session.c:225
| #5 0x00007ffff78de355 in g_main_dispatch
(context=0x6368e0) at
/build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./glib/gmain.c:2539
| #6 g_main_context_dispatch
(context=context@entry=0x6368e0) at
/build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./glib/gmain.c:3075
| #7 0x00007ffff78de688 in g_main_context_iterate
(context=0x6368e0, block=block@entry=1, dispatch=dispatch@entry=1,
| self=<error reading variable: Unhandled dwarf
expression opcode 0xfa>) at
/build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./glib/gmain.c:3146
| #8 0x00007ffff78dea82 in g_main_loop_run (loop=0x63d420)
at /build/glib2.0-7fLB_j/glib2.0-2.33.12+really2.32.4/./glib/gmain.c:3340
| #9 0x0000000000407038 in main (argc=1,
argv=0x7fffffffe0e8) at src/ods-main.c:195
| (gdb) quit
| A debugging session is active.
|
| Inferior 1 [process 31292] will be killed.
The error occurs in do_write, so I added more log messages in
do_write, finally I found the error was caused by: didn't try again
when got EAGAIN from send().
This is the patch to fix this bug.
--- libopenobex-1.5/lib/obex_transport.c 2009-02-09
02:30:23.000000000 +0800
+++ libopenobex-1.5-fix/lib/obex_transport.c 2013-02-04
15:26:15.532023926 +0800
@@ -45,6 +45,7 @@
#include <string.h>
#include <unistd.h>
#include <stdio.h>
+#include <errno.h>
#if defined(_WIN32)
#include <io.h>
@@ -379,8 +380,12 @@
DEBUG(1, "sending %d bytes\n", size);
actual = write_func(fd, msg->data, size);
- if (actual <= 0)
- return actual;
+ if (actual <= 0) {
+ if(errno == EAGAIN)
+ actual = 0;
+ else
+ return actual;
+ }
/* Hide sent data */
buf_remove_begin(msg, actual);
After doing the above fix, the seg fault disappeared, I can transfer
a picture(size is 2.8MB) from CSR bt to bcm4329, the picture can be
displayed correctly in the evb running android.
But, I didn't quite know why didn't check EAGAIN will lead to a seg
fault. Maybe there's another bug there.
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-updates'), (500,
'testing-proposed-updates'), (500, 'stable-updates'), (500,
'proposed-updates'), (500, 'stable'), (400, 'unstable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libopenobex1 depends on:
ii libc6 2.13-37
ii libusb-0.1-4 2:0.1.12-20+nmu1
libopenobex1 recommends no packages.
libopenobex1 suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
