Hi,
When receiving a file it's possible to crash obexd by letting the
"org.openobex.Error.Rejected" reply from the call to
request_authorization and the obexd timeout for the response occur at
roughly the same time.
No crash seen if the obexd timeout reaches function "agent_reply"
first. But if the agent's response arrives just before the obexd
timeout, the timeout will still be dispatched causing what looks like
an issue in the dbus-obexd integration. Added my own debug output to
show the situation:
obexd[8454]: entering remove_timeout
obexd[8454]: entering timeout_handler_dispatch
obexd[8454]: entering remove_timeout
obexd[8454]: entering timeout_handler_free
obexd[8454]: entering agent_reply
obexd[8454]: Agent replied with an error: org.bluez.Error.Rejected,
request rejected
obexd[8454]: after g_main_context_iteration in request_authorization
[segmentation fault, valgrind complains on two locations in
/lib/libdbus-1.so.3.4.0]
To fix this, there seems to be a chance to avoid dispatching the
timeout in callback function mainloop.c:remove_timeout (this function
is currently empty, but maybe for good reason?)
After having moved the g_source_remove call on the timer to
"remove_timeout" from "timeout_handler_free" the issue was not
reproduced, although I can't claim to understand the dbus mainloop
integration code completely. It might be a bit awkward to break up the
g_source_remove and g_free of the timer into different callbacks.
Is this an acceptable solution for removing the crash?
Best regards,
Daniel
-----
For reference, the authorization method used to get the crash:
QString Widget::Authorize(QDBusObjectPath transger,QString bdaddr,QString name,
QString type, int length, int time, QDBusMessage msg)
{
QTest::qWait(60000);
QDBusConnection conn(QDBusConnection::sessionBus());
QDBusMessage reply(msg.createErrorReply("org.bluez.Error.Rejected","request
rejected"));
conn.send(reply);
return QString();
}
------
>From 1ec3f03d3c0d3fa6011db95e329b03e163bd1524 Mon Sep 17 00:00:00 2001
From: Daniel Orstadius <daniel.orstadius@xxxxxxxxx>
Date: Fri, 11 Dec 2009 09:50:23 +0200
Subject: [PATCH] dbus timeout handling
---
gdbus/mainloop.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/gdbus/mainloop.c b/gdbus/mainloop.c
index bd775f8..b583ace 100644
--- a/gdbus/mainloop.c
+++ b/gdbus/mainloop.c
@@ -183,7 +183,6 @@ static void timeout_handler_free(void *data)
if (!handler)
return;
- g_source_remove(handler->id);
g_free(handler);
}
@@ -207,6 +206,14 @@ static dbus_bool_t add_timeout(DBusTimeout
*timeout, void *data)
static void remove_timeout(DBusTimeout *timeout, void *data)
{
+ timeout_handler_t *handler;
+
+ handler = dbus_timeout_get_data(timeout);
+
+ if (!handler)
+ return;
+
+ g_source_remove(handler->id);
}
static void timeout_toggled(DBusTimeout *timeout, void *data)
--
1.6.0.4
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
