Control: tag -1 += upstream fixed-upstream Hello,
On Sun, Dec 10, 2017 at 05:47:43PM +0100, Tobias Frost wrote: > I'm reassigning this bug as I'm suspecting it in the recent release of > libupnp, > after I had debugged it a bit. > > The bug does not trigger in 1.6.22. > > How to reproduce: > > Install gmediarender and (as a DLNA/uPnP control point) gupnp-tools. > > run gmediarender , eg. gmediarender --logfile=/dev/stdout and then the DLNA > controlpoint, e.g gupnp-av-cp > > As soon as the the cp queries for the DLNA server, gmediarender crashes. thanks, that reproduction recipe was very helpful. > Debugging into it it segfaults in > upnp/src/genlib/net/http/httpreadwrite.c:1662 > deferencing a NULL pointer (extras being NULL); it is called from > upnp/src/genlib/net/http/webserver.c:1316; the relvant paremter is > "extra_headers", passed for the "E" command (its NULL) This is already fixed upstream, see https://github.com/mrjimenez/pupnp/commit/70e3d626378e12ea50d76dfda50311c8bb4a2a78 > --- a/upnp/src/genlib/net/http/httpreadwrite.c > +++ b/upnp/src/genlib/net/http/httpreadwrite.c > @@ -1668,8 +1668,7 @@ > } > extras++; > } > - } > - if (c == 's') { > + } else if (c == 's') { > /* C string */ > s = (char *)va_arg(argp, char *); > assert(s); I saw this inconsistency but didn't notice that this runs in an assert(0). It seems nobody runs debug builds of libupnp :-\. I'll prepare a patch for upstream. Best regards Uwe
signature.asc
Description: PGP signature
