#1038 libmtp9: segfault with Samsung Galaxy S4

GIT version
open
nobody
regression (2)
1
2014-04-25
2014-04-25
quadrispro
No

Forwarded from Debian BTS (http://bugs.debian.org/745783), the last working version was 1.1.6-20-g1b9f164-2:


Package: libmtp9
Version: 1.1.6-51-g1a2669c~ds0-1
Severity: normal

When I try to use any program using libmtp9 (jmtpfs, mtpfs, gvfs with
the mtp backend), I get a segfault:

vauxhall ok % gdb --args mtpfs ~/mnt/test
GNU gdb (GDB) 7.6.2 (Debian 7.6.2-1)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/...
Reading symbols from /usr/bin/mtpfs...(no debugging symbols found)...done.
(gdb) run
Starting program: /usr/bin/mtpfs /home/bmc/mnt/test
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7ffff7ffa000
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Unable to open ~/.mtpz-data for reading, MTPZ disabled.Listing raw device(s)
[New Thread 0x7ffff4d15700 (LWP 222399)]
Device 0 (VID=04e8 and PID=6860) is a Samsung Galaxy models (MTP).
Found 1 device(s):
Samsung: Galaxy models (MTP) (04e8:6860) @ bus 4, dev 13
Attempting to connect device
[New Thread 0x7ffff4514700 (LWP 222400)]

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6a8a229 in dtoh16ap (params=<optimized out="">, a=0x64bfff "") at ptp-pack.c:91
91 ptp-pack.c: No such file or directory.
(gdb) bt full
#0 0x00007ffff6a8a229 in dtoh16ap (params=<optimized out="">, a=0x64bfff "") at ptp-pack.c:91
a = 0x64bfff ""
#1 ptp_unpack_uint16_t_array (array=0x618e08, offset=521, data=0x617440 "d", params=0x618d40) at ptp-pack.c:288
i = 107737
#2 ptp_unpack_DI (datalen=<optimized out="">, di=0x618db8, data=0x617440 "d", params=0x618d40) at ptp-pack.c:335
len = 176 '\260'
totallen = 511
#3 ptp_getdeviceinfo (params=params@entry=0x618d40, deviceinfo=deviceinfo@entry=0x618db8) at ptp.c:455
ret = 8193
len = <optimized out="">
ptp = {Code = 8193, SessionID = 1, Transaction_ID = 1, Param1 = 0, Param2 = 0, Param3 = 0, Param4 = 0, Param5 = 0, Nparam = 0 '\000'}
di = 0x617440 "d"
handler = {getfunc = 0x7ffff6a87540 <memory_getfunc>, putfunc = 0x7ffff6a87590 <memory_putfunc>, priv = 0x6184a0}
#4 0x00007ffff6a7fed1 in LIBMTP_Open_Raw_Device_Uncached (rawdevice=0x6184e0) at libmtp.c:1890
mtp_device = 0x618420
bs = 0 '\000'
current_params = 0x618d40
ptp_usb = 0x618650
err = <optimized out="">
i = <optimized out="">
FUNCTION = "LIBMTP_Open_Raw_Device_Uncached"
#5 0x00007ffff6a80b89 in LIBMTP_Open_Raw_Device (rawdevice=<optimized out="">) at libmtp.c:2096
mtp_device = <optimized out="">
FUNCTION = "LIBMTP_Open_Raw_Device"
#6 0x0000000000402c03 in ?? ()
No symbol table info available.
#7 0x00007ffff5e70b45 in __libc_start_main (main=0x402a80, argc=2, argv=0x7fffffffe208, init=<optimized out="">, fini=<optimized out="">, rtld_fini=<optimized out="">, stack_end=0x7fffffffe1f8)
at libc-start.c:287
result = <optimized out="">
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 1833458368386498570, 4205924, 140737488347648, 0, 0, -1833458369285521398, -1833480298053042166}, mask_was_saved = 0}}, priv = {pad = {
0x0, 0x0, 0x405cf0, 0x7fffffffe208}, data = {prev = 0x0, cleanup = 0x0, canceltype = 4218096}}}
not_first_call = <optimized out="">
#8 0x0000000000402d8d in ?? ()
No symbol table info available.

At least gvfs used to work with this very same device, so this appears
to be a regression. It is a Samsung Galaxy S4, model SPH-L720.

Discussion


Anonymous


Cancel   Add attachments