Bug #356
NULL pointer segfault due to vfs async race
100%
Description
Ran into this with a temporary config which has the lyricswiki plugin enabled. Might be a known issue, since there's a "FIXME" comment in lyricwiki_playback_began() which seems related.
The strcmp() call in the get_lyrics_step_3() async method crashes easily with state.uri being a NULL ptr when lyricwiki_playback_began() unrefs it and resets it to NULL while the vfs async operation hasn't finished yet.
The smallest test-case is to add two unknown .ogg files to the playlist, then start playback and switch between the two tracks forth and back. Lyricswiki redirects to the 40KB edit page, and vfs async access takes more time than switching tracks.
Breakpoint 1, get_lyrics_step_3 (buf=0x7fffc4025da0, len=40916,
requri=0xc88665) at lyricwiki.c:196
196 {
(gdb) print len
$1 = 40916
(gdb) print requri
$2 = (void *) 0xc88665
(gdb) print (char*)requri
$3 = 0xc88665 "http://lyrics.wikia.com/index.php?action=edit&title=index.php?title=Aleksi_Aubry-Carlson:Main+Theme&action=edit"
(gdb) print state
$4 = {
filename = 0xa1b615 "file:///home/ms19f/Music/INCOMING/after_full_moon_piano.ogg", title = 0xa1b6d5 "after_full_moon_piano",
artist = 0x0, uri = 0x0}
(gdb)
History
#1
Updated by John Lindgren about 11 years ago
Updated by I've been waiting for this to be reported. :( vfs_async has always been a half-baked design.
#2
Updated by John Lindgren about 11 years ago
- Target version set to 3.4.2
- % Done changed from 0 to 100
#3
Updated by John Lindgren about 11 years ago
- Status changed from New to Closed
