From 7fa6c4b5bacc0da9a7fbcacc7cd3e627f1fdeba0 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Sat, 12 Dec 2020 06:10:52 +0000 Subject: [PATCH] import dleyna-server-0.6.0-3.el8 --- ...crash-when-getting-server-properties.patch | 66 +++++++++++++++++++ SPECS/dleyna-server.spec | 10 ++- 2 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 SOURCES/dleyna-server-Avoid-possible-crash-when-getting-server-properties.patch diff --git a/SOURCES/dleyna-server-Avoid-possible-crash-when-getting-server-properties.patch b/SOURCES/dleyna-server-Avoid-possible-crash-when-getting-server-properties.patch new file mode 100644 index 0000000..1dc0de1 --- /dev/null +++ b/SOURCES/dleyna-server-Avoid-possible-crash-when-getting-server-properties.patch @@ -0,0 +1,66 @@ +From 3f62e9fbd3de11df52184ca8dfcabfb7d1c0fdeb Mon Sep 17 00:00:00 2001 +From: Robert Tiemann +Date: Fri, 17 May 2019 12:43:04 +0200 +Subject: [PATCH] Avoid possible crash when getting server properties. + +The crash occurs when calling dls_device_get_all_props() for a content +directory server that we have not yet subscribed to (that is, +prv_cds_subscribed() returns FALSE in +prv_get_system_update_id_for_props()). This crash is caused by an +invalid GVariantBuilder passed to g_variant_builder_end() in +prv_get_sleeping_for_props(), leading to a NULL result pointer being +passed to dls_async_task_complete(). A GVariant is attempted to be +constructed from this NULL pointer in dls_task_complete(). + +Here is the call chain that leads to the crash: + + dls_device_get_all_props() + prv_get_system_update_id_for_props() + gupnp_service_proxy_begin_action("GetSystemUpdateID") -> prv_system_update_id_for_props_cb() + prv_system_update_id_for_props_cb() + prv_get_sr_token_for_props() + prv_get_sleeping_for_props() + dls_async_task_complete() + cb_data->cb() -> prv_async_task_complete() + prv_async_task_complete() + dls_task_complete() + g_variant_new() + +The crash was most likely observed when a device running Plex Media +Server was present on the network. + +This commit moves the call of g_variant_builder_end() in +prv_system_update_id_for_props_cb() (which invalidates the +GVariantBuilder used later in prv_get_sleeping_for_props()) to the +error handling branch. This leaves the GVariantBuilder alone and +allows prv_get_sr_token_for_props() or one of its descendants to call +g_variant_builder_end() and complete the task. +--- + libdleyna/server/device.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/libdleyna/server/device.c b/libdleyna/server/device.c +index d77dfbc2725b..8777da0ea2db 100644 +--- a/libdleyna/server/device.c ++++ b/libdleyna/server/device.c +@@ -2256,15 +2256,14 @@ static void prv_system_update_id_for_props_cb(GUPnPServiceProxy *proxy, + DLS_SYSTEM_UPDATE_VAR, + g_variant_new_uint32(id)); + +- cb_data->task.result = g_variant_ref_sink(g_variant_builder_end( +- cb_task_data->vb)); +- + on_complete: + + if (!cb_data->error) + prv_get_sr_token_for_props(proxy, cb_data->task.target.device, + cb_data); + else { ++ cb_data->task.result = g_variant_ref_sink(g_variant_builder_end( ++ cb_task_data->vb)); + (void) g_idle_add(dls_async_task_complete, cb_data); + g_cancellable_disconnect(cb_data->cancellable, + cb_data->cancel_id); +-- +2.28.0 + diff --git a/SPECS/dleyna-server.spec b/SPECS/dleyna-server.spec index bad8c29..3894d8d 100644 --- a/SPECS/dleyna-server.spec +++ b/SPECS/dleyna-server.spec @@ -2,13 +2,16 @@ Name: dleyna-server Version: 0.6.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Service for interacting with Digital Media Servers License: LGPLv2 URL: https://01.org/dleyna/ Source0: https://01.org/sites/default/files/downloads/dleyna/%{name}-%{version}.tar_2.gz +# https://bugzilla.redhat.com/show_bug.cgi?id=1464902 +Patch0: dleyna-server-Avoid-possible-crash-when-getting-server-properties.patch + BuildRequires: autoconf automake libtool BuildRequires: pkgconfig(dleyna-core-1.0) >= 0.5.0 BuildRequires: pkgconfig(gio-2.0) >= 2.28 @@ -29,6 +32,7 @@ Servers (DMSes). %prep %setup -q +%patch0 -p1 %build @@ -69,6 +73,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/pkgconfig %changelog +* Fri Dec 11 2020 Debarshi Ray - 0.6.0-3 +- Avoid crash when getting server properties +Resolves: #1464902 + * Wed Feb 07 2018 Fedora Release Engineering - 0.6.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild