mbim-device: emit SIGNAL_ERROR only after completing the task (!165) · Merge requests · Mobile broadband connectivity / libmbim

Aleksander Morgado requested to merge aleksm/libmbim:aleksander/fix-mbim-message-dup-crash into main Oct 18, 2022

The task completion involves creating a duplicate of the MbimMessage, so a duplicate of the contents of the internal self->priv->response buffer.

This internal buffer may be cleared e.g. with a forced-close, which users of the MbimDevice may decide to do upon a SIGNAL_ERROR, as the mbim-proxy does.

So, avoid this race by making sure the task completion and the message duplication happens before the SIGNAL_ERROR is emitted.

   Thread 0(id: 3296) CRASHED [ SIGSEGV /0x00000000@0x0000000000000004 ]
   0x00007ce3552f7c32 (libmbim-glib.so.4 - mbim-message.c: 1293) mbim_message_dup
   0x00007ce3552fbfd9 (libmbim-glib.so.4 - mbim-device.c: 661) data_available
   0x00007ce35525639a (libglib-2.0.so.0 - gmain.c: 3325) g_main_context_dispatch
   0x00007ce3552566a7 (libglib-2.0.so.0 - gmain.c: 4119) g_main_context_iterate
   0x00007ce355256923 (libglib-2.0.so.0 - gmain.c: 4317) g_main_loop_run
   0x00005ae0f48a5524 (mbim-proxy - mbim-proxy.c: 267) main
   0x00007ce35501ce04 (libc.so.6) __libc_start_main
   0x00005ae0f48a52d9 (mbim-proxy) _start
   0x00007ffcca5b6897

Fixes ModemManager#422 (closed)

Edited Oct 18, 2022 by Aleksander Morgado

Admin message

mbim-device: emit SIGNAL_ERROR only after completing the task

Merge request reports