Bug#1008770: gvfsd-http: segfault in libsoup-3.0-0 on_frame_recv_callback()

Simon McVittie smcv at debian.org
Fri Apr 1 09:57:19 BST 2022 

Control: retitle -1 gvfsd-http: segfault in libsoup-3.0-0 on_frame_recv_callback()
Control: reassign -1 libsoup-3.0-0 3.0.5-1

On Fri, 01 Apr 2022 at 04:14:10 +0200, Christoph Anton Mitterer wrote:
> $ eog "http://joscha.com/data/media/cartoons/030602.png"
> gives a segfault.
> Kernel lg:
> Apr 01 04:10:34 heisenberg kernel: gvfsd-http[143860]: segfault at 28 ip 00007f6681a04c54 sp 00007ffc4704dfe0 error 4 in libsoup-3.0.so.0.0.5[7f66819e4000+50000]
> Apr 01 04:10:34 heisenberg kernel: Code: d2 d9 ff ff 49 8b 04 24 41 83 7c 24 78 06 0f b6 40 28 75 1a 83 e0 04 74 18 4c 89 e7 e8 65 f7 ff ff 0f 1f 44 00 00 49 8b 04 24 <0f> b6 40 28 83 e0 04 31 f6 84 c0 48 89 df 40 0f 94 c6 e8 75 e8 ff

I can reproduce this. At first glance, it looks most likely to be a
libsoup bug when contacting HTTP2 servers. Backtrace:

#0  0x00007fd04fdd1c54 in on_frame_recv_callback
    (session=0x55e647d98430, frame=<optimized out>, user_data=0x55e647f0acb0)
    at ../libsoup/http2/soup-client-message-io-http2.c:728
#1  0x00007fd04f60ce11 in session_call_on_frame_received (frame=0x55e647d985d0, session=0x55e647d98430)
    at nghttp2_session.c:3310
#2  nghttp2_session_on_data_received (session=session at entry=0x55e647d98430, frame=frame at entry=0x55e647d985d0)
    at nghttp2_session.c:4986
#3  0x00007fd04f61210b in session_process_data_frame (session=0x55e647d98430) at nghttp2_session.c:5005
#4  nghttp2_session_mem_recv (session=0x55e647d98430, in=<optimized out>, in at entry=0x7ffffeeb6ce0 "", inlen=120)
    at nghttp2_session.c:6629
#5  0x00007fd04fdcfb29 in io_read
    (io=0x55e647f0acb0, blocking=<optimized out>, cancellable=<optimized out>, error=<optimized out>)
    at ../libsoup/http2/soup-client-message-io-http2.c:441
#6  0x00007fd04fdcfc92 in io_read_ready (stream=<optimized out>, io=0x55e647f0acb0)
    at ../libsoup/http2/soup-client-message-io-http2.c:465
#7  0x00007fd04fe80e94 in g_main_dispatch (context=0x55e647b636b0) at ../../../glib/gmain.c:3417
#8  g_main_context_dispatch (context=0x55e647b636b0) at ../../../glib/gmain.c:4135
#9  0x00007fd04fe81238 in g_main_context_iterate
    (context=0x55e647b636b0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>)
    at ../../../glib/gmain.c:4211
#10 0x00007fd04fe81523 in g_main_loop_run (loop=0x55e647b51930) at ../../../glib/gmain.c:4411
#11 0x000055e6474105a8 in daemon_main ()
#12 0x000055e64740fac8 in main ()

This might be the same thing as
https://gitlab.gnome.org/GNOME/libsoup/-/issues/272 which is fixed upstream
in 3.0.6.

> (eog:143850): Handy-WARNING **: 04:10:34.404: Using GtkSettings:gtk-application-prefer-dark-theme together with HdyStyleManager is unsupported. Please use HdyStyleManager:color-scheme instead.
> 
> (eog:143850): GVFS-WARNING **: 04:10:34.850: The peer-to-peer connection failed: Cache invalid, retry (internally handled). Falling back to the session bus. Your application is probably missing --filesystem=xdg-run/gvfsd privileges.

I don't get these warnings, so they seem to be unrelated to the crash.

    smcv

More information about the pkg-gnome-maintainers mailing list