Your message dated Mon, 24 Jan 2011 18:01:20 +0000
with message-id <e1phqja-00083j...@franck.debian.org>
and subject line Bug#610763: fixed in gmediaserver 0.13.0-7
has caused the Debian Bug report #610763,
regarding gmediaserver: Fix crashes due to thread unsafe function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
610763: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610763
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gmediaserver
Version: 0.13.0-6
Severity: serious
Tags: patch
Hi!
The current version of the server crashes at random times, although
easily reproducibly by doing ranged requests, for example fast
forwarding on a video, or depending on the implementation by
the simple fact that it requests ranges of data when streaming.
I've just seen two types of crashers due to the same cause, one with
an abort() due to a double free or a corrupted heap chunk from eglibc
(which was a impossible to debug on armel as gdb does not do proper
backtraces beyond the abort() :/), and the other due to invalid
memory accesses segfaults from
libupnp-1.6.6/upnp/src/genlib/net/http/webserver.c in
CheckOtherHTTPHeaders() when calling map_str_to_int().
After reproducing this on amd64 it was easy to see the problem:
The src/main.c:conv_filename() function is not thread safe, as it uses
a static buffer to be able to return the computed string, w/o leaking.
Due the UPnP web server being threaded and the function freeing the
pointer on entry, the string used by the server might happen to end up
doubly freed, or used while the pointer is not valid any longer. Just
declaring the variable as Thread Local Storage correctly fixes the
issue. I've not seen any crashers since.
I think this should be fixed for squeeze as it's quite unreliable
otherwise.
thanks,
guillem
Description: Fix thread unsafe function causing crashes
The conv_filename function is not thread safe, as it uses a static buffer
to be able to return the computed string, w/o leaking. Due the UPnP web
server being threaded and the function freeing the pointer on entry, the
string used by the server might happen to be doubly freed, or used while
the pointer is not valid any longer. Just declare the variable as Thread
Local Storage.
Author: Guillem Jover <guil...@debian.org>
--- gmediaserver-0.13.0.orig/src/main.c
+++ gmediaserver-0.13.0/src/main.c
@@ -127,7 +127,7 @@ convert_string_to_log(const char *str)
return xstrdup(str);
}
-static char *cache_fs_str = NULL;
+static __thread char *cache_fs_str = NULL;
char *
conv_filename(const char *str)
--- End Message ---
--- Begin Message ---
Source: gmediaserver
Source-Version: 0.13.0-7
We believe that the bug you reported is fixed in the latest version of
gmediaserver, which is due to be installed in the Debian FTP archive:
gmediaserver_0.13.0-7.debian.tar.gz
to main/g/gmediaserver/gmediaserver_0.13.0-7.debian.tar.gz
gmediaserver_0.13.0-7.dsc
to main/g/gmediaserver/gmediaserver_0.13.0-7.dsc
gmediaserver_0.13.0-7_sparc.deb
to main/g/gmediaserver/gmediaserver_0.13.0-7_sparc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 610...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jochen Friedrich <joc...@scram.de> (supplier of updated gmediaserver package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 24 Jan 2011 18:08:59 +0100
Source: gmediaserver
Binary: gmediaserver
Architecture: source sparc
Version: 0.13.0-7
Distribution: unstable
Urgency: high
Maintainer: Jochen Friedrich <joc...@scram.de>
Changed-By: Jochen Friedrich <joc...@scram.de>
Description:
gmediaserver - UPnP Mediaserver
Closes: 610763
Changes:
gmediaserver (0.13.0-7) unstable; urgency=high
.
* Add patch from Guillem Jover <guil...@debian.org> to fix crashes
due to a non thread safe variable. (Closes: #610763)
Checksums-Sha1:
c206ac1ac6213797459d5a0146991822432343bc 1201 gmediaserver_0.13.0-7.dsc
323da2ab4c373d81db25fe75c3d3f2fe0ecfc574 8941
gmediaserver_0.13.0-7.debian.tar.gz
ef120063c0132d12813551adacb2a63bbef895ee 111048 gmediaserver_0.13.0-7_sparc.deb
Checksums-Sha256:
862c4898c00c9d894d7f0290f65f53b8f16ba45bafd9c432f93be5812d589800 1201
gmediaserver_0.13.0-7.dsc
2d4f300dc35ef9723b582495ecafd8d5a42949b48f8d4efa9364f870d91e5c2b 8941
gmediaserver_0.13.0-7.debian.tar.gz
47b6dadb71cb042e198c34fd3a9e9bd17fafa208d7e3785f4c6ede603821354a 111048
gmediaserver_0.13.0-7_sparc.deb
Files:
247f0593a3cd82f2399e75b3d0e27921 1201 net extra gmediaserver_0.13.0-7.dsc
d3e13f1c0769830c1b8bcf5cb2614944 8941 net extra
gmediaserver_0.13.0-7.debian.tar.gz
30950d6624f0cc265744938c1ad18dff 111048 net extra
gmediaserver_0.13.0-7_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFNPbqs0fhX0Y/ocz0RAimAAJ4zqASK0I9sbH3ZAwHwvXuItuDmpwCcDDcp
FzDKZragk5CFbSNXE+VDTgQ=
=e2iu
-----END PGP SIGNATURE-----
--- End Message ---
