Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp1798970iog; Tue, 14 Jun 2022 13:44:03 -0700 (PDT) X-Google-Smtp-Source: AGRyM1tAhtZ9R13VCx/ZPg3pm4XjSl80tkHsJ8VKH3EThnv+fd2AK4y2zJS6VOApaGSL3YBre+FO X-Received: by 2002:a05:6a00:1801:b0:51c:1001:6241 with SMTP id y1-20020a056a00180100b0051c10016241mr6481791pfa.81.1655239443081; Tue, 14 Jun 2022 13:44:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655239443; cv=none; d=google.com; s=arc-20160816; b=dVJC8sKX6A/CldX1uOtC5wBw2PMfaA3Ewc+QCKLiFUujyWI9im5Rvhhe6cLaHPurx0 dIuqEQbRVCs4elLMc4rON/B/P4wT8FiR8rXaegYOvr8ntIzhLXcXSWPAnIUni6kGm+7P uIwHOliO5esRVJnGp/OsKXUDgGG9FzrSED+1PAyAsTSge/NwJRNLpg5eBaOxHcse2cxh RvpUEQw9JhKmMSA9piqfQsLHENau4dhbjVk2+ZNzHY+pGETDBMTk/q4hqPefp5cJQlzf lcPz9SYQ9CZmiSognLtlMLAsBw/JUp2Y1CdSJcRBGsXpShOZutibs6tXueNgENZAvY3C 1K5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Cngke8nv353WystrjUKeHF7SKETtOBwGYtbPt5+IURo=; b=XRhdtsj5GKyM+I5MbP2dum075+pYLZIApoJkJvIA+w+vbN4XNS1g8ytuMJiEmkCM5P vE+eD9lt5Py9DCcnI15ht7lf+rZ3g/WNZxYwFXC2KisDb969diNLVSkgKDmx2PNRudIh JPpprFHz7dkqkkRnpA/udg8zWoz7ftDmB51nLkhfPtffkY43EMNW79hswhoTplbIP08J mlMfx8P6GW7Z3EuF6vsGmd4OYBNz4o5wPxQfrwfg/8qTYB/ZbrpPqhdjLRXq84NZAG0o pQqTmz6ciSxxzR1TAlFndFD409Q0ikBM+7Oev8MQh6vKvCfZl/stQ3lUPjQKMPHdyxr3 dhYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=qwkJEeyq; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lp13-20020a17090b4a8d00b001e4289b95a2si68378pjb.2.2022.06.14.13.43.13; Tue, 14 Jun 2022 13:44:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=qwkJEeyq; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238919AbiFNUlE (ORCPT + 99 others); Tue, 14 Jun 2022 16:41:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58854 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234017AbiFNUlE (ORCPT ); Tue, 14 Jun 2022 16:41:04 -0400 Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2D96446149 for ; Tue, 14 Jun 2022 13:41:03 -0700 (PDT) Received: by mail-lf1-x131.google.com with SMTP id w20so15738026lfa.11 for ; Tue, 14 Jun 2022 13:41:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Cngke8nv353WystrjUKeHF7SKETtOBwGYtbPt5+IURo=; b=qwkJEeyqloyD4Y1UkZ/WTgiCgIBCX0tmHwSMsuGjSwu9D45WvC3ueAR6k015hALRvL ImaSqZeXUJipI9TftjQgvBrEmDsX5IsrwY+TwEUY5/PH93aaXq9PUDB1totOKoUU6vtz 1SkF4yG2WyF1ow8fHN/RF2hnO9M/b3OJ+nxMK8+XqyqHy1ZZndB6CpYr+qbjjji46gcP VoAMw28RpfNT/1IBhTOVFPS1hf3FJOou8gMtFecSkaOkmVwrHCIPLVPYEMQMpHK8k7ub M0xUJWYLSL27svfN2qIJrGSYnq66L1z/q6320BHo9BqrKVAKZWZ9KOIPBWbXB+HTE8Kn nRrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Cngke8nv353WystrjUKeHF7SKETtOBwGYtbPt5+IURo=; b=skf4TuEPY2EjNTgrzwojkg3OF4ZnrX2AM2x23N8WKrOQCi5VVEAOSXzzSDJELe9iDs 8PoCjhsbjBkj8nd7TRHUaw64ZXRNBV8Ik+tF5y/4axSmxedd9FAfAIFDLiPFcFqWhvPN Khqu5TlCer5Krtoj5+eTCrNMiP/CMCA7mjLk15nbcK3Kersd8dpRYJSJod9JK9PF/DDi QKA5+3x/xrPJFfKQOvidJrKuhOJ7Jhu1QHAYyAC8prEoppFMZ+64cH4czRaxWIRKqVF5 UvLBR6oTuPZn+hQ+g96jJKfS7Wq12idykG4avmQkyhT7Y52JNHeAisBOAiFvEXju+7Bm PLdw== X-Gm-Message-State: AJIora/gIC9ip5LoORXzRmISGLBiKPRlt7v7Z+HmYOuNdsBxEwdUtPNO Qf+NbIW0yOyqKpVS46nvb/3x1S0D7WC8hwUNh8v+zBxM X-Received: by 2002:a05:6512:e94:b0:478:f6ad:c9d7 with SMTP id bi20-20020a0565120e9400b00478f6adc9d7mr4196073lfb.198.1655239261060; Tue, 14 Jun 2022 13:41:01 -0700 (PDT) MIME-Version: 1.0 References: <20220614114914.30497-1-wangyouwan@uniontech.com> In-Reply-To: <20220614114914.30497-1-wangyouwan@uniontech.com> From: Luiz Augusto von Dentz Date: Tue, 14 Jun 2022 13:40:49 -0700 Message-ID: Subject: Re: [PATCH] obexd: Fix transfer has been free during transfer_abort_response func To: wangyouwan Cc: "linux-bluetooth@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi, On Tue, Jun 14, 2022 at 4:55 AM wangyouwan wrote: > > Breakpoint 7, transfer_new (obex=0x5555555f5b50, opcode=2 '\002', > complete_func=0x555555590c40 , user_data=0x5555555f7000) > at gobex/gobex-transfer.c:254 > 254 gobex/gobex-transfer.c: > (gdb) c > Continuing. > > Breakpoint 3, transfer_complete (transfer=0x5555555f5f40, err=0x5555555f6d60) > at gobex/gobex-transfer.c:99 > 99 in gobex/gobex-transfer.c > (gdb) c > Continuing. > > Breakpoint 4, xfer_complete (obex=0x5555555f5b50, err=0x5555555f6d60, > user_data=0x5555555f7000) > at obexd/client/transfer.c:659 > 659 obexd/client/transfer.c: > (gdb) n > 661 in obexd/client/transfer.c > (gdb) n > 663 in obexd/client/transfer.c > (gdb) p callback->func > $17 = (transfer_callback_t) 0x5555555885e0 > (gdb) c > Continuing. > > Breakpoint 3, transfer_complete (transfer=0x5555555f7000, err=0x5555555f6d60, > user_data=0x5555555f48d0) at obexd/client/session.c:964 > 964 obexd/client/session.c: > (gdb) c > Continuing. > > Breakpoint 5, transfer_free (transfer=0x5555555f5f40) at gobex/gobex-transfer.c:61 > 61 gobex/gobex-transfer.c: > (gdb) n > 63 in gobex/gobex-transfer.c > (gdb) p transfer->id > $18 = 1 > (gdb) c > Continuing. > > Breakpoint 2, transfer_abort_response (obex=0x5555555f5b50, err=0x0, rsp=0x5555555f0810, > user_data=0x5555555f5f40) at gobex/gobex-transfer.c:116 > 116 in gobex/gobex-transfer.c > (gdb) n > 118 in gobex/gobex-transfer.c > (gdb) p transfer->id > $19 = 1432314080 > (gdb) c > Continuing. > > Breakpoint 3, transfer_complete (transfer=0x5555555f5f40, err=0x5555555f6f00) at gobex/gobex-transfer.c:99 > 99 in gobex/gobex-transfer.c > (gdb) c > Continuing. > > Breakpoint 4, xfer_complete (obex=0x5555555f5b50, err=0x5555555f6f00, user_data=0x5555555f7000) > at obexd/client/transfer.c:659 > 659 obexd/client/transfer.c: > (gdb) n > 661 in obexd/client/transfer.c > (gdb) p callback->func > $20 = (transfer_callback_t) 0x5555555f6420 > (gdb) n > 663 in obexd/client/transfer.c > (gdb) n > 668 in obexd/client/transfer.c > (gdb) n > 671 in obexd/client/transfer.c > (gdb) n > 672 in obexd/client/transfer.c > (gdb) n > 676 in obexd/client/transfer.c > (gdb) n > 679 in obexd/client/transfer.c > (gdb) n > 680 in obexd/client/transfer.c > (gdb) n > 0x00005555555f6420 in ?? () > (gdb) n > Cannot find bounds of current function > (gdb) c > Continuing. > > Program received signal SIGSEGV, Segmentation fault. > 0x00005555555f6420 in ?? () > (gdb) > --- > gobex/gobex-transfer.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/gobex/gobex-transfer.c b/gobex/gobex-transfer.c > index c94d018b2..48b1f6962 100644 > --- a/gobex/gobex-transfer.c > +++ b/gobex/gobex-transfer.c > @@ -92,7 +92,9 @@ static void transfer_complete(struct transfer *transfer, GError *err) > g_obex_drop_tx_queue(transfer->obex); > } > > - transfer->complete_func(transfer->obex, err, transfer->user_data); > + if (find_transfer(id) != NULL) > + transfer->complete_func(transfer->obex, err, transfer->user_data); I would rather fix the code calling of the transfer_complete rather than its side effect if transfer has been freed already, also it might be better to use valgrind to collect the bracktrace since it should be able to tell us where the transfer pointer is being freed. > /* Check if the complete_func removed the transfer */ > if (find_transfer(id) == NULL) > return; > -- > 2.20.1 > > > -- Luiz Augusto von Dentz