Ubuntu
gupnp-igd package

[patch]libgupnp-idg reports succes and passes invalid UPnP data instead of reporting failure

Bug #704172 reported by MMlosh
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gupnp-igd (Debian)
Fix Released
Unknown
gupnp-igd (Ubuntu)
Fix Released
Undecided
Laurent Bigonville

Bug Description

Binary package hint: libgupnp-1.0-3

All aplications using "farsight" library (including empathy, gajim and pidgin) segfault when a UPnP router returns an invalid address/port combination.
In gajim (from gajim ppa.. one in standard repository lack jingle support) this bug gives a remote-kill option for anybody and that is very annoying.

The bug resides in libgupnp-1.0-3 and was patched quite recently (http://gitorious.org/gupnp/gupnp-igd/commit/7c1e02a931cb249ac17a4a5663f1bc86f5371aca)

The fix *is* already in stable version (released with the patch)
Thanks for packaging the fix soon.

Tags: patch
Revision history for this message
MMlosh (mmlosh) wrote :
Download full text (10.8 KiB)

here you have a stacktrace from gdb, if you care... (upstream maintainer produced that patch from it.. shouldn't be useful)

>thread
Current thread = 252 (Thread 0xa18feb70 (LWP 1982))

>(backtrace command)
Thread 260 (Thread 0x9a0f6b70 (LWP 1991)):
#0 0x0012e416 in __kernel_vsyscall ()
#1 0x003e6038 in ppoll () from /lib/libc.so.6
#2 0x01799cf9 in gst_poll_wait () from /usr/lib/libgstreamer-0.10.so.0
#3 0x017adc93 in ?? () from /usr/lib/libgstreamer-0.10.so.0
#4 0x017ae730 in ?? () from /usr/lib/libgstreamer-0.10.so.0
#5 0x01768a61 in gst_clock_id_wait () from /usr/lib/libgstreamer-0.10.so.0
#6 0x02005a1c in ?? () from /usr/lib/gstreamer-0.10/libgstrtpmanager.so
#7 0x0054d48f in g_thread_create_proxy (data=0xa729268) at /build/buildd/glib2.0-2.26.0/glib/gthread.c:1897
#8 0x00134cc9 in start_thread () from /lib/libpthread.so.0
#9 0x003f469e in clone () from /lib/libc.so.6

Thread 259 (Thread 0x9a8f7b70 (LWP 1989)):
#0 0x0012e416 in __kernel_vsyscall ()
#1 0x001394dc in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2 0x021bec42 in ?? () from /usr/lib/libgstaudio-0.10.so.0
#3 0x021bf77e in gst_ring_buffer_read () from /usr/lib/libgstaudio-0.10.so.0
#4 0x021cc39f in ?? () from /usr/lib/libgstaudio-0.10.so.0
#5 0x01718341 in ?? () from /usr/lib/libgstbase-0.10.so.0
#6 0x0171a207 in ?? () from /usr/lib/libgstbase-0.10.so.0
#7 0x017b4cd9 in ?? () from /usr/lib/libgstreamer-0.10.so.0
#8 0x017b62b7 in ?? () from /usr/lib/libgstreamer-0.10.so.0
#9 0x0054f3d4 in g_thread_pool_thread_proxy (data=0x8743320) at /build/buildd/glib2.0-2.26.0/glib/gthreadpool.c:319
#10 0x0054d48f in g_thread_create_proxy (data=0xa5900798) at /build/buildd/glib2.0-2.26.0/glib/gthread.c:1897
#11 0x00134cc9 in start_thread () from /lib/libpthread.so.0
#12 0x003f469e in clone () from /lib/libc.so.6

Thread 258 (Thread 0x9c4fbb70 (LWP 1988)):
#0 0x0012e416 in __kernel_vsyscall ()
#1 0x001394ad in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2 0x0230663c in pa_cond_wait () from /usr/lib/libpulsecommon-0.9.21.so
#3 0x02289c20 in pa_threaded_mainloop_wait () from /usr/lib/libpulse.so.0
#4 0x02251c3b in ?? () from /usr/lib/gstreamer-0.10/libgstpulse.so
#5 0x021d10ee in ?? () from /usr/lib/libgstaudio-0.10.so.0
#6 0x0054d48f in g_thread_create_proxy (data=0x85a0810) at /build/buildd/glib2.0-2.26.0/glib/gthread.c:1897
#7 0x00134cc9 in start_thread () from /lib/libpthread.so.0
#8 0x003f469e in clone () from /lib/libc.so.6

Thread 257 (Thread 0x9d0fcb70 (LWP 1987)):
#0 0x0012e416 in __kernel_vsyscall ()
#1 0x003e5df6 in poll () from /lib/libc.so.6
#2 0x00533a1b in g_poll (fds=0x94a7a80, nfds=2, timeout=-1) at /build/buildd/glib2.0-2.26.0/glib/gpoll.c:132
---Type <return> to continue, or q <return> to quit---
#3 0x0052643c in g_main_context_poll (context=0x9153d80, block=<value optimized out>, dispatch=1, self=0xa5913798) at /build/buildd/glib2.0-2.26.0/glib/gmain.c:3093
#4 g_main_context_iterate (context=0x9153d80, block=<value optimized out>, dispatch=1, self=0xa5913798) at /build/buildd/glib2.0-2.26.0/glib/gmain.c:2775
#5 0x00526ba7 in g_main_loop_run (loop=0xa760580) at /build/buildd/glib2.0-2.26.0/glib/gmain.c:2988
#...

Laurent Bigonville (bigon)
affects: gupnp (Ubuntu) → gupnp-igd (Ubuntu)
Laurent Bigonville (bigon)
Changed in gupnp-igd (Ubuntu):
assignee: nobody → Laurent Bigonville (bigon)
Revision history for this message
MMlosh (mmlosh) wrote :

Thanks a lot for your quick response..
Have you an estimate when i386 deb appears? (http://packages.debian.org/sid/libgupnp-igd-1.0-3 reports only 64bit)
Thanks again

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gupnp-igd - 0.1.7-3

---------------
gupnp-igd (0.1.7-3) unstable; urgency=low

  * debian/watch: Fix URL pattern
  * debian/control:
    - Bump Standards-Version to 3.9.1 (no further changes)
    - Versionize python-all-dev build-dependency
  * d/p/0001-fix_crash_invalid_address.patch: Fix crash if gateway returns
    invalid address (Closes: #610398 LP: #704172)
 -- Laurent Bigonville <email address hidden> Thu, 20 Jan 2011 19:29:34 +0000

Changed in gupnp-igd (Ubuntu):
status: New → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in gupnp-igd (Debian):
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.