#118 tv_ctrlpt crashes after detecting a later version of tvcontrol service

branch-1.6.x
closed-accepted
None
7
2013-10-30
2013-10-28
T.Iwamoto
No

Steps to reproduce:
1. Extracts and build libupnp-1.6.18
$ tar -xjf /path/to/archive/libupnp-1.6.18.tar.bz2
$ cd libupnp-1.6.18
$ ./configure
$ make
2. Applies the attached patch and remake.
$ patch -p1 < /path/to/patch/libupnp-1.6.18.patch
$ make
3. Run tv_device.
$ cd upnp/sample
$ ./tv_device
4. Run tv_ctrlpt; the tv_ctrlpt crashes soon.
$ ./tv_ctrlpt
Segmentation fault (core dumped)

This is an issue report about the sample program of control point.
The tv_ctrlpt crashes after detecting a tvdevice that contains tvcontrol:2 or higher version of tvcontrol service.
tv_ctrlpt should detect correctly such devices due to forward compatibility of control points with device.
For more information about the compatibility, please refer the following document:
DLNA Architectures and Protocols Part 1 2011 December - 7.3.2.1.3 (GUN:GZJXU)

The attached patch changes the sample programs as below:
- device: changes version of tvcontrol service from 1 to 2. This change may occur in the future.
- cp: nothing changed: cp knows version 1 of tvcontrol service only.

I know many vendors implements their control points based on the tv_ctrlpt, so I hope to fix this issue ASAP.

1 Attachments

Discussion

    • status: open --> closed-accepted
    • assigned_to: Marcelo Roberto Jimenez
     
  • Another version of this patch has already been applied to the git repository.

     
  • T.Iwamoto
    T.Iwamoto
    2013-10-29

    Thank you for the fast reply.
    I'm sorry but I got kind of confused.
    Do you mean to say this issue is already fixed?
    It seems that this issue still occurs in the master and branch-1.6.x branches.
    Please note that the attached patch is a purpose for reproducing the issue and not for solving the problem.

     
    Last edit: T.Iwamoto 2013-10-29
  • SEGV is caused by strcpy with NULL argument.
    Attached patch will avoid SEGV in strcpy, but there may be other inconsistencies.

    I know many vendors implements their control points based on the tv_ctrlpt,

    I don't think so. I think tv_ctrlpt is just a sample to be used with tv_device.

     
    Attachments
  • Hi T.Iwamoto,

    I am sorry, I probably overlooked your explanation. I started examining
    your patch, and that might be a big coincidence, because in
    2013-September-10 I have committed this:

    http://sourceforge.net/p/pupnp/code/ci/c5777ae7476523029d3f42a96f83c08561e5fdef/

    Which is pretty similar to your patch, although I must point that you made
    a small mistake by calling free(miniSocket) and using it in the lines
    after. The patch is I refer to above is correct, please take a look.

    So your patch did not apply clean because a very similar code was already
    in place. But I see now that you are addressing a different matter, i.e.
    the version incompatibility problem. Would you mind regenerating your patch
    on top of the current git repository for the branch 1.6.x?

    Regards,
    Marcelo.

     
    Last edit: Marcelo Roberto Jimenez 2013-10-29
  • Hi Again, T.Iwamoto,

    Sorry, again, I did a terrible mess.

    I was fooled by a patch I received a few days ago with exactly the same file name as the patch you have sent. I am really sorry for the confusion. I will commit Yoichi's patch, if possible, please test it.

    Regards,
    Marcelo.

     
  • T.Iwamoto
    T.Iwamoto
    2013-10-30

    I've confirmed that the tv_ctrlpt.c.diff solves crash.
    And the tv_ctrlpt can detect a tvdevice that contains tvcontrol:2.

    Unfortunately, the tv_ctrlpt fails to subscribe the device after detecting it.
    It has a problem with way of comparison of ServiceType in SampleUtil_FindAndParseService() function.
    tv_ctrlpt shouldn't compare ServiceTypes with exact match because ServiceType contains a version number of the service as below:
    <serviceType>urn:schemas-upnp-org:service:tvcontrol:2</serviceType>
    In other words, when you find interesting services, you should compare ServiceTypes except the version numbers as below:
    urn:schemas-upnp-org:service:tvcontrol:

    Steps to reproduce:

    $ git clone git://git.code.sf.net/p/pupnp/code pupnp
    $ cd pupnp
    $ git checkout 9a875 ## tv_ctrlpt.c.diff is applied in this commit
    $ patch -p1 < /path-to-patch/libupnp-1.6.18.patch ## This patch is written by me
    $ ./bootstrap
    $ ./configure
    $ make
    $ cd upnp/sample
    $ ./tv_device ## keep running

    In another terminal
    $ ./tv_ctrlpt
    Error: Could not find Service: urn:schemas-upnp-org:service:tvcontrol:1 ## This means failure of subscribing to tvcontrol service

    Thank you.