レナート   Wunschkonzert, Ponyhof und Abenteuerspielplatz   ﻟﻴﻨﺎﺭﺕ

Tue, 23 Mar 2010

Public Service Announcement: Beware of rsvg_term()!

As a short followup on an older blog posting of mine:

So you are using librsvg's rsvg_term() in your code? If so then you are probably misusing it and triggering crashes in PulseAudio related code. The same way everybody should stop using libxml2's xmlCleanupParser() call, stop using rsvg_term()! It's really hard to use it correctly, and uneeded anyway. Also see this bug report.

posted at: 21:29 | path: /projects | permanent link to this entry | 5 comments

Posted by Søren Hauberg at Tue Mar 23 23:28:55 2010
I am really curious about this here thing. I mean, how is it possible for an application to trigger a crash in PA? I can understand that an application can crash itself, but how can it take PA with it? And why isn't this considered a bug in PA? In a perfect world, shouldn't PA be able to handle even the most stupid applications?

Søren

P.S. I realise that the above text can be read as a criticism of PA, but it really isn't. I am simply curious.

Posted by Robert Szalai at Wed Mar 24 12:42:41 2010
Indeed, would be nice to know what rsvg_term() does or xmlCleanupParser() for that matter. Does it screw up the stack? Does it write to some memory where it is not supposed to? I read the full bug report and what I can see that there is some understanding behind the comments that I didn't get. Could you explain it to me?
Thanks,
Robert

Posted by Lennart at Wed Mar 24 12:57:55 2010
Søren: it's the PA client code. It lives in the same process (obviously) as the code calling xmlCleanupParser()/rsvg_term(). PA allocates a TLS variable and if you issue those two calls twice it might end up being freed by them although they belong to the PA client code. If the PA client code then subsequently tries to access the TLS var it will crash, or in the best case hit an assert. The PA server will of course not be pulled down by all of this.

Robert: just read the older blog story, follow the links, It should explain everything.

Posted by Søren Hauberg at Wed Mar 24 17:20:25 2010
Ahh, I see. I thought the server died. Thanks for explaining (and for the nice work you do).

Søren

Posted by Daniel Elstner at Thu Mar 25 14:41:28 2010
Ah. I've always considered rsvg_term() as Valgrind aid, meant to be called just before exiting from the application. I think it's mentioned somewhere.

Leave a Comment:

Your Name:


Your E-mail (optional):


Comment:


As a protection against comment spam, please type the following number into the field on the right:
Secret Number Image

Please note that this is neither a support forum nor a bug tracker! Support questions or bug reports posted here will be ignored and not responded to!

It should be obvious but in case it isn't: the opinions reflected here are my own. They are not the views of my employer, or Ronald McDonald, or anyone else.

Please note that I take the liberty to delete any comments posted here that I deem inappropriate, off-topic, or insulting. And I excercise this liberty quite agressively. So yes, if you comment here, I might censor you. If you don't want to be censored your are welcome to comment on your own blog instead.

Lennart's Blog | Lennart's Homepage | Lennart's Photos | Impressum/Imprint
Lennart Poettering <mzoybt (at) 0pointer (dot) net>
Syndicated on Planet GNOME, Planet Fedora, planet.freedesktop.org, Planet Debian Upstream. feed RSS 0.91, RSS 2.0
Archives: 2005, 2006, 2007, 2008, 2009, 2010, 2011

Valid XHTML 1.0 Strict!   Valid CSS!