206584 – UPNP support crashes applications when unable to retrieve valid data from router.

Bug 206584 - UPNP support crashes applications when unable to retrieve valid data from router.

Summary: UPNP support crashes applications when unable to retrieve valid data from rou...

Status:	RESOLVED FIXED

Alias:	None

Product:	konversation
Classification:	Applications
Component:	upnp (show other bugs)
Version:	unspecified
Platform:	openSUSE Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Michael Kreitzer

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-09-07 07:19 UTC by Gary L. Greene, Jr.
Modified:	2009-09-17 06:50 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Crash output on stdout (913 bytes, text/plain) 2009-09-07 07:19 UTC, Gary L. Greene, Jr.	Details
Test fix (9.50 KB, patch) 2009-09-12 21:10 UTC, Michael Kreitzer	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Gary L. Greene, Jr. 2009-09-07 07:19:17 UTC

Created attachment 36756 [details]
Crash output on stdout

I just recently started to set up UPNP extensions on my Linux router, and have noted that since the configuration is incomplete, konversation crashes when UPNP discovery is enabled because it cannot retrieve the upnp/control/WANIPConn1 file from the router. As this is a crash of the application instead of a harmless error message, I figured I'd put in the bug for it.

Near as I can tell, instead of gracefully allowing the application to continue on it's merry way and attempt a fall back, the UPNP support is raising an exception and taking the app with it. Can we please change this to a nag message instead of crashing out? Attached is the console output from the crash. Thanks.

Comment 1 Gary L. Greene, Jr. 2009-09-07 22:29:43 UTC

Here's the BT for this bug:

Application: Konversation (konversation), signal: Segmentation fault
[Current thread is 1 (Thread 0xb55c2700 (LWP 11752))]

Thread 2 (Thread 0xb3632b90 (LWP 11755)):
#0  0xffffe430 in __kernel_vsyscall ()
#1  0xb6b1cc35 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb6b7c592 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4
#3  0xb752eee2 in ?? () from /usr/lib/libQtNetwork.so.4
#4  0xb6b7b582 in ?? () from /usr/lib/libQtCore.so.4
#5  0xb6b191b5 in start_thread () from /lib/libpthread.so.0
#6  0xb5fce3be in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb55c2700 (LWP 11752)):
[KCrash Handler]
#6  0xb6c6f465 in QCoreApplication::postEvent(QObject*, QEvent*, int) () from /usr/lib/libQtCore.so.4
#7  0xb6c6f74c in QCoreApplication::postEvent(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#8  0xb7517ff1 in ?? () from /usr/lib/libQtNetwork.so.4
#9  0xb7519173 in ?? () from /usr/lib/libQtNetwork.so.4
#10 0xb74ffc00 in ?? () from /usr/lib/libQtNetwork.so.4
#11 0xb75069e1 in ?? () from /usr/lib/libQtNetwork.so.4
#12 0xb7506f58 in ?? () from /usr/lib/libQtNetwork.so.4
#13 0xb751a021 in ?? () from /usr/lib/libQtNetwork.so.4
#14 0xb751a0a6 in ?? () from /usr/lib/libQtNetwork.so.4
#15 0xb62a67fc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#16 0xb62aeaee in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#17 0xb7263efd in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5
#18 0xb6c6f7db in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#19 0xb6c70425 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQtCore.so.4
#20 0xb6c7061d in QCoreApplication::sendPostedEvents(QObject*, int) () from /usr/lib/libQtCore.so.4
#21 0xb6c9b39f in ?? () from /usr/lib/libQtCore.so.4
#22 0xb5b7e9c8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#23 0xb5b82083 in ?? () from /usr/lib/libglib-2.0.so.0
#24 0xb5b82241 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#25 0xb6c9afe8 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#26 0xb6346d55 in ?? () from /usr/lib/libQtGui.so.4
#27 0xb6c6ddfa in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#28 0xb6c6e242 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#29 0xb6c706e9 in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#30 0xb62a6677 in QApplication::exec() () from /usr/lib/libQtGui.so.4
#31 0x080a09f2 in _start ()

Comment 2 Gary L. Greene, Jr. 2009-09-07 23:03:07 UTC

Here's a link to a similar issue found with uTorrent. While the code is different, seems that this is similar:

http://forum.utorrent.com/viewtopic.php?id=26850

Also, here's more info:

POST /upnp/control/WANIPConn1 HTTP/1.1
 
Content-Type: text/xml
 
Content-Length: 292
 
User-Agent: Konversation UPnP
 
SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetStatusInfo
 
Connection: Keep-Alive
 
Accept-Encoding: gzip
 
Host: 192.168.8.1:49153
 
 
 
<?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:GetStatusInfo xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"/></SOAP-ENV:Body></SOAP-ENV:Envelope>HTTP/1.1 500 Internal Server Error
 
CONTENT-LENGTH: 413
 
CONTENT-TYPE: text/xml; charset="utf-8"
 
DATE: Mon, 07 Sep 2009 20:50:07 GMT
 
EXT:
 
SERVER: Linux/2.6.26-2-686, UPnP/1.0, Portable SDK for UPnP devices/1.6.6
 
X-User-Agent: redsonic
 
 
 
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<s:Fault>
<faultcode>s:Client</faultcode>
<faultstring>UPnPError</faultstring>
<detail>
<UPnPError xmlns="urn:schemas-upnp-org:control-1-0">
<errorCode>-111</errorCode>
<errorDescription>Invalid Action</errorDescription>
</UPnPError>
</detail>
</s:Fault>
</s:Body>
</s:Envelope>

Comment 3 Gary L. Greene, Jr. 2009-09-07 23:21:26 UTC

Here's a more complete bt (installed qt4's debug packages:

Application: Konversation (konversation), signal: Segmentation fault
[Current thread is 1 (Thread 0xb5576700 (LWP 19525))]

Thread 2 (Thread 0xb35e6b90 (LWP 19526)):
#0  0xffffe430 in __kernel_vsyscall ()
#1  0xb6ad0c35 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb6b30592 in QWaitCondition::wait (this=0x862cd28, mutex=0x862cd24, time=4294967295) at thread/qwaitcondition_unix.cpp:87
#3  0xb74e2ee2 in QHostInfoAgent::run (this=0x862cd18) at kernel/qhostinfo.cpp:260
#4  0xb6b2f582 in QThreadPrivate::start (arg=0x862cd18) at thread/qthread_unix.cpp:188
#5  0xb6acd1b5 in start_thread () from /lib/libpthread.so.0
#6  0xb5f823be in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb5576700 (LWP 19525)):
[KCrash Handler]
#6  QCoreApplication::postEvent (receiver=0x8d1aee0, event=0x9141b30, priority=0) at kernel/qcoreapplication.cpp:1012
#7  0xb6c2374c in QCoreApplication::postEvent (receiver=0x8d1aee0, event=0x9141b30) at kernel/qcoreapplication.cpp:973
#8  0xb74cbff1 in QNetworkReplyImplPrivate::resumeNotificationHandling (this=0x8d1a1a8) at access/qnetworkreplyimpl.cpp:277
#9  0xb74cd173 in QNetworkReplyImplPrivate::finished (this=0x8d1a1a8) at access/qnetworkreplyimpl.cpp:473
#10 0xb74b3c00 in QNetworkAccessBackend::finished (this=0x8d1a4c0) at access/qnetworkaccessbackend.cpp:278
#11 0xb74ba9e1 in QNetworkAccessHttpBackend::finished (this=0x8d1a4c0) at access/qnetworkaccesshttpbackend.cpp:358
#12 0xb74baf58 in QNetworkAccessHttpBackend::replyFinished (this=0x8d1a4c0) at access/qnetworkaccesshttpbackend.cpp:745
#13 0xb74ce021 in QNetworkReplyImplPrivate::handleNotifications (this=0x8d1a1a8) at access/qnetworkreplyimpl.cpp:239
#14 0xb74ce0a6 in QNetworkReplyImpl::event (this=0x8d50d10, e=0x90a7718) at access/qnetworkreplyimpl.cpp:648
#15 0xb625a7fc in QApplicationPrivate::notify_helper (this=0x82acd00, receiver=0x8d50d10, e=0x90a7718) at kernel/qapplication.cpp:4065
#16 0xb6262aee in QApplication::notify (this=0xbfdf28d0, receiver=0x8d50d10, e=0x90a7718) at kernel/qapplication.cpp:3605
#17 0xb7217efd in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5
#18 0xb6c237db in QCoreApplication::notifyInternal (this=0xbfdf28d0, receiver=0x8d50d10, event=0x90a7718) at kernel/qcoreapplication.cpp:610
#19 0xb6c24425 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x82872b8) at kernel/qcoreapplication.h:213
#20 0xb6c2461d in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1140
#21 0xb6c4f39f in postEventSourceDispatch (s=0x82b5d20) at kernel/qcoreapplication.h:218
#22 0xb5b329c8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#23 0xb5b36083 in ?? () from /usr/lib/libglib-2.0.so.0
#24 0xb5b36241 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#25 0xb6c4efe8 in QEventDispatcherGlib::processEvents (this=0x82a7e68, flags={i = -1075894344}) at kernel/qeventdispatcher_glib.cpp:328
#26 0xb62fad55 in QGuiEventDispatcherGlib::processEvents (this=0x82a7e68, flags={i = -1075894296}) at kernel/qguieventdispatcher_glib.cpp:202
#27 0xb6c21dfa in QEventLoop::processEvents (this=0xbfdf2860, flags={i = -1075894232}) at kernel/qeventloop.cpp:149
#28 0xb6c22242 in QEventLoop::exec (this=0xbfdf2860, flags={i = -1075894168}) at kernel/qeventloop.cpp:201
#29 0xb6c246e9 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#30 0xb625a677 in QApplication::exec () at kernel/qapplication.cpp:3525
#31 0x080a09f2 in _start ()

Comment 4 Michael Kreitzer 2009-09-12 17:47:12 UTC

Gary,

Thanks for the report. I'd like to be able to reproduce this locally. Do you have a copy of the incomplete config you were using for your upnp service that you can attach?

- Michael

Comment 5 Michael Kreitzer 2009-09-12 18:31:06 UTC

Also, which version of Qt are you running?

Comment 6 Michael Kreitzer 2009-09-12 21:10:06 UTC

Created attachment 36907 [details]
Test fix

Please try the attached patch and let me know if it solves the crash.

Comment 7 Gary L. Greene, Jr. 2009-09-17 06:23:03 UTC

Yes, that patch fixes the crash :) LGTM :)

Comment 8 Michael Kreitzer 2009-09-17 06:50:19 UTC

SVN commit 1024653 by mkreitzer:

Switch from QNetworkAccessManager to KIO for SOAP queries.

BUG: 206584



 M  +45 -44    upnprouter.cpp  
 M  +7 -12     upnprouter.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1024653