Client can crash daemon

Crash test. gcc -o crash crash.c pkg-config --cflags --libs avahi-client && ./crash

i tryed to reproduce it with avahi-daemon 0.6.5 but it didn't crash

could you give more information on your setup?

We cannot reproduce this here, all versions since Avahi 0.6.0 do proper checking of service types, is it possible that are using an older version of Avahi?

I meant to have posted this follow up sooner, but then the site became inaccessible.

I'm having this problem with version 0.6.4 and 0.6.6 (the only versions I've used), but upon further investigation it looks like it's somewhere with DBus the problem lies. This is the result of running the attached test program on my system

Failed to create service browser: An unexpected DBUS error occured

I've been using DBus 0.60, but I tried downgrading to 0.50 and rebuilding avahi, and that is a whole different story. Using DBus 0.50 I'm getting a proper

Failed to create service browser: Invalid service type

when trying my crash program. avahi-daemon is also still running.

So I don't know if you are not using DBus-0.60 or my problem lies somewhere else.

FWIW, when I'm crashing avahi-daemon, programs that uses avahi dies too. From Epiphany (1.9.6) I'm getting this stack trace

#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb70463db in __waitpid_nocancel () from /lib/libpthread.so.0
#2  0xb7dadd08 in libgnomeui_segv_handle () from /usr/lib/libgnomeui-2.so.0
#3  <signal handler called>
#4  0xb7e48082 in dbus_connection_get_is_connected ()
   from /usr/lib/libdbus-1.so.2
#5  0xb6d74d0e in avahi_client_is_connected ()
   from /usr/lib/libavahi-client.so.3
#6  0xb6d78cef in avahi_service_browser_free ()
   from /usr/lib/libavahi-client.so.3
#7  0xb6d74348 in avahi_client_free () from /usr/lib/libavahi-client.so.3
#8  0xb7ca82b5 in avahi_client_callback () from /usr/lib/libgnomevfs-2.so.0
#9  0xb6d73ded in client_set_state () from /usr/lib/libavahi-client.so.3
#10 0xb6d753af in filter_func () from /usr/lib/libavahi-client.so.3
#11 0xb7e49836 in dbus_connection_dispatch () from /usr/lib/libdbus-1.so.2
#12 0xb6d7bd70 in dispatch_timeout_callback ()
   from /usr/lib/libavahi-client.so.3
#13 0xb6d8d72d in dispatch_func () from /usr/lib/libavahi-glib.so.1
#14 0xb6f95434 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#15 0xb6f96df4 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#16 0xb6f9711a in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#17 0xb7611113 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#18 0x080748c7 in main ()

I am using DBUS 0.6 here. Works fine here.

The backtrace you posted suggests that the issue is caused by calling dbus_connection_get_is_connected() from inside a DBUS event handler.

Could you provide us with a full backtrace with symbols enabled? ("bt full")

(Sorry that avahi.org was unavailable the last days. We had to replace a corrupt hard disk)

Any updates on this?

Any further update on this? I will close this bug shortly, since the reporter seems to be vanished without a trace and the bug doesn't seem to be specific to Avahi, anyway.