libqmi-glib: ensure client is valid during message processing (!335) · Merge requests · Mobile broadband connectivity / libqmi

Aleksander Morgado requested to merge aleksm/libqmi:aleksander/qmi-proxy-crash into main Oct 17, 2022

The Client object may be untracked while processing a message (e.g. if forwarding the response back to the remote client fails), and so the tracked reference may end up disposed.

If that happens, any attempt to use the client object would end up reading already freed memory, and it would segfault, (e.g. in the while (client->buffer->len > 0) check just after having run process_message() in parse_request().

Avoid this by ensuring a valid Client reference is kept around during all this processing.

Thread 0(id: 3232) CRASHED [ SIGSEGV /0x00000000@0x0000000000000004 ]
0x00000000e94d8cdc (libqmi-glib.so.5 - qmi-proxy.c: 942) connection_readable_cb
0x00000000e90aa593 (libgio-2.0.so.0 - gsocket.c: 4008) socket_source_dispatch
0x00000000e934de5b (libglib-2.0.so.0 - gmain.c: 3325) g_main_context_dispatch
0x00000000e934e083 (libglib-2.0.so.0 - gmain.c: 4119) g_main_context_iterate
0x00000000e934e2b3 (libglib-2.0.so.0 - gmain.c: 4317) g_main_loop_run
0x00000000071ebe93 (qmi-proxy - qmi-proxy.c: 230) main
0x00000000e91d1a9b (libc.so.6 - libc-start.c: 314) __libc_start_main
0x00000000071ebcbb (qmi-proxy) _start
0x00000000071ec10b (qmi-proxy - elf-init.c: 90) __libc_csu_init
0x00000000ff9eff8a

Fixes #72 (closed)

Admin message

libqmi-glib: ensure client is valid during message processing

Merge request reports