Open
Description
Hi
On latest release (and some previous ones), I see a crash in libupnp when downloading some Igd descriptions.
I don't have a scenario yet (I'll dig) but I have a stacktrace:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2769021==ERROR: AddressSanitizer: SEGV on unknown address 0x000000008000 (pc 0x7fe2bdc5ae40 bp 0x7fe21a932efc sp 0x7fe21a932e70 T230)
==2769021==The signal is caused by a READ memory access.
http_SendMessage src/genlib/net/http/httpreadwrite.c:515
http_RequestAndResponse src/genlib/net/http/httpreadwrite.c:788
http_Download src/genlib/net/http/httpreadwrite.c:897
UpnpDownloadUrlItem src/api/upnpapi.c:3500
UpnpDownloadXmlDoc src/api/upnpapi.c:3519
where fmt seems to be nullptr in some cases.
Got it a second time with GDB:
http_SendMessage (info=info@entry=0x7fff2f84ef10, TimeOut=TimeOut@entry=0x7fff2f84eefc, fmt=0x20000 <error: Cannot access memory at address 0x20000>, fmt@entry=0x7fffe9a026d6 "b") at src/genlib/net/http/httpreadwrite.c:515
515 while ((c = *fmt++)) {
(gdb) p fmt
$5 = 0x20000 <error: Cannot access memory at address 0x20000>
(gdb) p buf_length
$9 = 232
(gdb) up
#1 0x00007fffe905b1cd in http_RequestAndResponse (destination=destination@entry=0x7fff2f84f020,
request=0x6110020e7ec0 "GET /8499cbfd-4c88-442d-a430-15402f41cb69.xml HTTP/1.1\r\nHOST: 192.168.50.145:35187\r\nDATE: Thu, 12 Jan 2023 15:47:00 GMT\r\nCONNECTION: close\r\nUSER-AGENT: Linux/6.0.8-200.fc36.x86_64, UPnP/1.0, Portable "..., request_length=232, req_method=req_method@entry=HTTPMETHOD_GET, timeout_secs=<optimized out>, timeout_secs@entry=30, response=response@entry=0x7fff2f84f0f0) at src/genlib/net/http/httpreadwrite.c:788
788 ret_code = http_SendMessage(
(gdb) p request
0x6110020e7ec0 "GET /8499cbfd-4c88-442d-a430-15402f41cb69.xml HTTP/1.1\r\nHOST: 192.168.50.145:35187\r\nDATE: Thu, 12 Jan 2023 15:47:00 GMT\r\nCONNECTION: close\r\nUSER-AGENT: Linux/6.0.8-200.fc36.x86_64, UPnP/1.0, Portable "...
Metadata
Assignees
Labels
No labels