immediate crash of mDNSResponder compat API

[sbrabec@…]

How to reproduce: Start gnomemeeting on AMD64.

Note, that with original mDNSResponder gnomemeeting does not crash.

It seems, that one possible reason for this crash is the fact, that opaque structure, which should contain 2 pointers and 2 size_t variables is only 16 bytes long (should be typedef struct _TXTRecordRef_t { char privatedata[4*sizeof(void*)]; } TXTRecordRef;).

But even after this change, the backtrace is exactly the same:

Backtrace was generated from '/opt/gnome/bin/gnomemeeting'

(no debugging symbols found)
Using host libthread_db library "/lib64/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 47089429626032 (LWP 14684)]
[New Thread 1091856720 (LWP 14695)]
[New Thread 1091590480 (LWP 14690)]
[New Thread 1091324240 (LWP 14689)]
[New Thread 1082931536 (LWP 14688)]
[New Thread 1082665296 (LWP 14687)]
[New Thread 1074272592 (LWP 14686)]
[New Thread 1074006352 (LWP 14685)]
0x00002ad3db128bbf in __libc_waitpid (pid=14697, stat_loc=0x7fffd5f6ccec, options=0)
    at ../sysdeps/unix/sysv/linux/waitpid.c:41
41	  int result = INLINE_SYSCALL (wait4, 4, pid, stat_loc, options, NULL);
#0  0x00002ad3db128bbf in __libc_waitpid (pid=14697, stat_loc=0x7fffd5f6ccec, options=0)
    at ../sysdeps/unix/sysv/linux/waitpid.c:41
#1  0x00002ad3d4caedc7 in libgnomeui_segv_handle (signum=11) at gnome-ui-init.c:749
#2  <signal handler called>
#3  0x00002ad3d9564425 in TXTRecordSetValue (txtref=0xaec1b8, key=0x4b7232 "state", 
    length=1 '\001', value=0xaf7760) at txt.c:197
#4  0x0000000000481695 in GMZeroconfPublisher::Main ()
#5  0x00000000004817e7 in GMZeroconfPublisher::GetPersonalData ()
#6  0x000000000048193d in GMZeroconfPublisher::Publish ()
#7  0x00000000004483b6 in GMH323EndPoint::ZeroconfUpdate ()
#8  0x000000000044f79b in GMH323EndPoint::Init ()
#9  0x0000000000466ac2 in main ()

Thread 8 (Thread 1074006352 (LWP 14685)):
#0  0x00002ad3db125676 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
No symbol table info available.
#1  0x00002ad3daf1b0ad in PSyncPoint::Wait () from /usr/lib64/libpt_linux_x86_64_r.so.1.9.1
No symbol table info available.
#2  0x00002ad3da947162 in H323ConnectionsCleaner::Main ()
   from /usr/lib64/libh323_linux_x86_64_r.so.1.17.2
No symbol table info available.
#3  0x00002ad3daf1b395 in PThread::PX_ThreadStart ()
   from /usr/lib64/libpt_linux_x86_64_r.so.1.9.1
No symbol table info available.
#4  0x00002ad3db1223a3 in start_thread (arg=<value optimized out>) at pthread_create.c:261
	__res = <value optimized out>
	pd = (struct pthread *) 0x40040950
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {1074006352, -69539357883496483, 
        47089401864976, 140736783109680, 3, 1074008064, -69539356809492979, 
        -69567744313383759}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {
      prev = 0x0, cleanup = 0x0, canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#5  0x00002ad3dbcc856d in clone () from /lib64/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname = 0x0, 
    mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {
    fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, 
    fs_freq = 0, fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (const void *) 0x2ad3dbcfa5b0
#6  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 7 (Thread 1074272592 (LWP 14686)):
#0  0x00002ad3db1279c8 in __lll_mutex_lock_wait () from /lib64/libpthread.so.0
No symbol table info available.
#1  0x00002ad3db12a264 in default_attr () from /lib64/libpthread.so.0
No symbol table info available.
#2  0x0000000000000003 in ?? ()
No symbol table info available.
#3  0x00002ad3db124508 in pthread_mutex_lock () from /lib64/libpthread.so.0
No symbol table info available.
#4  0x000000000001de31 in ?? ()
No symbol table info available.
#5  0x0000000040080f00 in ?? ()
No symbol table info available.
#6  0x00002ad3dbc778ef in __libc_calloc (n=<value optimized out>, 
    elem_size=<value optimized out>) at malloc.c:3690
	av = (mstate) 0x40080f60
	oldtop = (mchunkptr) 0x40081040
	p = <value optimized out>
	bytes = 1074267424
	csz = <value optimized out>
	oldtopsize = <value optimized out>
	mem = (void *) 0x6811d0
	clearsize = <value optimized out>
	nclears = <value optimized out>
	d = <value optimized out>
	hook = (void *(*)(size_t, const void *)) 0xffffffffffffffff
#7  0x00002ad3daf36c2b in PAbstractArray::PAbstractArray ()
   from /usr/lib64/libpt_linux_x86_64_r.so.1.9.1
No symbol table info available.
#8  0x00002ad3dae551f4 in PBaseArray<char>::PBaseArray ()
   from /usr/lib64/libpt_linux_x86_64_r.so.1.9.1
No symbol table info available.
#9  0x00002ad3daf3ca21 in PCharArray::PCharArray ()
   from /usr/lib64/libpt_linux_x86_64_r.so.1.9.1
No symbol table info available.
#10 0x0000000040080f60 in ?? ()
No symbol table info available.
#11 0x00000000005ff8d8 in GnomeMeeting::GM ()
No symbol table info available.
#12 0x000000000044ccbc in GMH323EndPoint::OnGatewayIPTimeout ()
No symbol table info available.
#13 0x00002ad3daf2c653 in PTimerList::Process () from /usr/lib64/libpt_linux_x86_64_r.so.1.9.1
No symbol table info available.
#14 0x00002ad3daf1c53d in PHouseKeepingThread::Main ()
   from /usr/lib64/libpt_linux_x86_64_r.so.1.9.1
No symbol table info available.
#15 0x00002ad3daf1b395 in PThread::PX_ThreadStart ()
   from /usr/lib64/libpt_linux_x86_64_r.so.1.9.1
No symbol table info available.
#16 0x00002ad3db1223a3 in start_thread (arg=<value optimized out>) at pthread_create.c:261
	__res = <value optimized out>
	pd = (struct pthread *) 0x40081950
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {1074272592, -69539357883496483, 
        47089401864976, 140736783110112, 3, 1074274304, -69539356809226739, 
        -69567744313383759}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {
      prev = 0x0, cleanup = 0x0, canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#17 0x00002ad3dbcc856d in clone () from /lib64/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname = 0x0, 
    mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {
    fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, 
    fs_freq = 0, fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (const void *) 0x2ad3dbcfa5b0
#18 0x0000000000000000 in ?? ()
No symbol table info available.

Thread 6 (Thread 1082665296 (LWP 14687)):
#0  0x00002ad3dbcc0206 in *__GI___poll (fds=0x6b2e80, nfds=2, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:87
	oldtype = 0
	result = <value optimized out>
#1  0x00002ad3d9561946 in poll_func (ufds=0x6b2e80, nfds=2, timeout=-1, userdata=0x6b5ec0)
    at compat.c:205
	sdref = (DNSServiceRef) 0x6b5ec0
	ret = 0
	__PRETTY_FUNCTION__ = "poll_func"
#2  0x00002ad3dc5bbc21 in avahi_simple_poll_run (s=0x6b8980) at simple-watch.c:528
	__PRETTY_FUNCTION__ = "avahi_simple_poll_run"
#3  0x00002ad3d9561a67 in thread_func (data=0x6b5ec0) at compat.c:241
	ret = 0
	command = 112 'p'
	sdref = (DNSServiceRef) 0x6b5ec0
	mask = {__val = {18446744067267100671, 18446744073709551615 <repeats 15 times>}}
	__PRETTY_FUNCTION__ = "thread_func"
#4  0x00002ad3db1223a3 in start_thread (arg=<value optimized out>) at pthread_create.c:261
	__res = <value optimized out>
	pd = (struct pthread *) 0x40882950
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {1082665296, -69539357883496483, 
        47089401864976, 47089401897376, 3, 1082667008, -69539356800834035, -69567744313383759}, 
      mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, 
      cleanup = 0x0, canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#5  0x00002ad3dbcc856d in clone () from /lib64/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname = 0x0, 
    mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {
    fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, 
    fs_freq = 0, fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (const void *) 0x2ad3dbcfa5b0
#6  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 5 (Thread 1082931536 (LWP 14688)):
#0  0x00002ad3dbcc22f2 in __select_nocancel () from /lib64/libc.so.6
	nftw_arr = {0, 1, 2, 3, 4, 5, 6}
	ftw_arr = {0, 1, 2, 3, 0, 1, 3}
#1  0x00000000004930d4 in GMZeroconfBrowser::Main ()
No symbol table info available.
#2  0x00002ad3daf1b395 in PThread::PX_ThreadStart ()
   from /usr/lib64/libpt_linux_x86_64_r.so.1.9.1
No symbol table info available.
#3  0x00002ad3db1223a3 in start_thread (arg=<value optimized out>) at pthread_create.c:261
	__res = <value optimized out>
	pd = (struct pthread *) 0x408c3950
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {1082931536, -69539357883496483, 
        47089401864976, 140736783110432, 3, 1082933248, -69539356800567795, 
        -69567744313383759}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {
      prev = 0x0, cleanup = 0x0, canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#4  0x00002ad3dbcc856d in clone () from /lib64/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname = 0x0, 
    mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {
    fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, 
    fs_freq = 0, fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (const void *) 0x2ad3dbcfa5b0
#5  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 4 (Thread 1091324240 (LWP 14689)):
#0  0x00002ad3dbcc0206 in *__GI___poll (fds=0x8fd3a0, nfds=1, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:87
	oldtype = 0
	result = <value optimized out>
#1  0x00002ad3d93f9192 in g_main_context_iterate (context=0x8fc8e0, block=1, dispatch=1, 
    self=<value optimized out>) at gmain.c:2867
	max_priority = 2147483647
	timeout = -1
	some_ready = <value optimized out>
	nfds = 1
	allocated_nfds = <value optimized out>
	fds = (GPollFD *) 0x8fd3a0
	__PRETTY_FUNCTION__ = "g_main_context_iterate"
#2  0x00002ad3d93f9655 in g_main_loop_run (loop=0x8fd380) at gmain.c:2769
	got_ownership = -619560432
	self = (GThread *) 0x8fce40
	__PRETTY_FUNCTION__ = "g_main_loop_run"
#3  0x00002ad3d6a2cd9d in startup_mainloop () from /opt/gnome/lib64/libebook-1.2.so.5
No symbol table info available.
#4  0x00002ad3d94126b6 in g_thread_create_proxy (data=0x8fce40) at gthread.c:564
	__PRETTY_FUNCTION__ = "g_thread_create_proxy"
#5  0x00002ad3db1223a3 in start_thread (arg=<value optimized out>) at pthread_create.c:261
	__res = <value optimized out>
	pd = (struct pthread *) 0x410c4950
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {1091324240, -69539357883496483, 
        47089401864976, 140736783109472, 3, 1091325952, -69539356825729523, 
        -69567744313383759}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {
      prev = 0x0, cleanup = 0x0, canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#6  0x00002ad3dbcc856d in clone () from /lib64/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname = 0x0, 
    mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {
    fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, 
    fs_freq = 0, fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (const void *) 0x2ad3dbcfa5b0
#7  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 3 (Thread 1091590480 (LWP 14690)):
#0  0x00002ad3dbcc0206 in *__GI___poll (fds=0x8fd610, nfds=9, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:87
	oldtype = 0
	result = <value optimized out>
#1  0x00002ad3d93f9192 in g_main_context_iterate (context=0x8fee30, block=1, dispatch=1, 
    self=<value optimized out>) at gmain.c:2867
	max_priority = 2147483647
	timeout = -1
	some_ready = <value optimized out>
	nfds = 9
	allocated_nfds = <value optimized out>
	fds = (GPollFD *) 0x8fd610
	__PRETTY_FUNCTION__ = "g_main_context_iterate"
#2  0x00002ad3d93f9655 in g_main_loop_run (loop=0x8fe960) at gmain.c:2769
	got_ownership = -619560432
	self = (GThread *) 0x65dcb0
	__PRETTY_FUNCTION__ = "g_main_loop_run"
#3  0x00002ad3d8e54890 in link_set_io_thread () from /opt/gnome/lib64/libORBit-2.so.0
No symbol table info available.
#4  0x00002ad3d94126b6 in g_thread_create_proxy (data=0x65dcb0) at gthread.c:564
	__PRETTY_FUNCTION__ = "g_thread_create_proxy"
#5  0x00002ad3db1223a3 in start_thread (arg=<value optimized out>) at pthread_create.c:261
	__res = <value optimized out>
	pd = (struct pthread *) 0x41105950
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {1091590480, -69539357883496483, 
        47089401864976, 140736783108896, 3, 1091592192, -69539356827560435, 
        -69567744313383759}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {
      prev = 0x0, cleanup = 0x0, canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#6  0x00002ad3dbcc856d in clone () from /lib64/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname = 0x0, 
    mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {
    fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, 
    fs_freq = 0, fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (const void *) 0x2ad3dbcfa5b0
#7  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 2 (Thread 1091856720 (LWP 14695)):
#0  0x00002ad3dbcc22f2 in __select_nocancel () from /lib64/libc.so.6
	nftw_arr = {0, 1, 2, 3, 4, 5, 6}
	ftw_arr = {0, 1, 2, 3, 0, 1, 3}
#1  0x00002ad3daf1c71d in PThread::PXBlockOnIO () from /usr/lib64/libpt_linux_x86_64_r.so.1.9.1
No symbol table info available.
#2  0x00002ad3daf12afe in PChannel::PXSetIOBlock ()
   from /usr/lib64/libpt_linux_x86_64_r.so.1.9.1
No symbol table info available.
#3  0x00002ad3daf0f3ea in PSocket::os_accept () from /usr/lib64/libpt_linux_x86_64_r.so.1.9.1
No symbol table info available.
#4  0x00002ad3daf22674 in PTCPSocket::Accept () from /usr/lib64/libpt_linux_x86_64_r.so.1.9.1
No symbol table info available.
#5  0x00002ad3da976fb2 in H323ListenerTCP::Accept ()
   from /usr/lib64/libh323_linux_x86_64_r.so.1.17.2
No symbol table info available.
#6  0x00002ad3da978b11 in H323ListenerTCP::Main ()
   from /usr/lib64/libh323_linux_x86_64_r.so.1.17.2
No symbol table info available.
#7  0x00002ad3daf1b395 in PThread::PX_ThreadStart ()
   from /usr/lib64/libpt_linux_x86_64_r.so.1.9.1
No symbol table info available.
#8  0x00002ad3db1223a3 in start_thread (arg=<value optimized out>) at pthread_create.c:261
	__res = <value optimized out>
	pd = (struct pthread *) 0x41146950
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {1091856720, -69539357883496483, 
        47089401864976, 140736783110432, 3, 1091858432, -69539356827294195, 
        -69567744313383759}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {
      prev = 0x0, cleanup = 0x0, canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#9  0x00002ad3dbcc856d in clone () from /lib64/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname = 0x0, 
    mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {
    fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, 
    fs_freq = 0, fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (const void *) 0x2ad3dbcfa5b0
#10 0x0000000000000000 in ?? ()
No symbol table info available.

Thread 1 (Thread 47089429626032 (LWP 14684)):
#0  0x00002ad3db128bbf in __libc_waitpid (pid=14697, stat_loc=0x7fffd5f6ccec, options=0)
    at ../sysdeps/unix/sysv/linux/waitpid.c:41
	oldtype = 0
	result = <value optimized out>
#1  0x00002ad3d4caedc7 in libgnomeui_segv_handle (signum=11) at gnome-ui-init.c:749
	estatus = 0
	sa = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, sa_mask = {__val = {0, 
      11499120, 140736783109464, 6569632, 47089413750374, 2, 0, 0, 47089371303254, 6904131, 1, 
      11499448, 47089365295293, 68, 47089365294591, 11499560}}, sa_flags = 1, sa_restorer = 0x8}
	pid = -512
	in_segv = 1
#2  <signal handler called>
No symbol table info available.
#3  0x00002ad3d9564425 in TXTRecordSetValue (txtref=0xaec1b8, key=0x4b7232 "state", 
    length=1 '\001', value=0xaf7760) at txt.c:197
	t = (TXTRecordInternal *) 0xacfe70
	p = (uint8_t *) 0x0
	l = 5
	n = 7
	__PRETTY_FUNCTION__ = "TXTRecordSetValue"
#4  0x0000000000481695 in GMZeroconfPublisher::Main ()
No symbol table info available.
#5  0x00000000004817e7 in GMZeroconfPublisher::GetPersonalData ()
No symbol table info available.
#6  0x000000000048193d in GMZeroconfPublisher::Publish ()
No symbol table info available.
#7  0x00000000004483b6 in GMH323EndPoint::ZeroconfUpdate ()
No symbol table info available.
#8  0x000000000044f79b in GMH323EndPoint::Init ()
No symbol table info available.
#9  0x0000000000466ac2 in main ()
No symbol table info available.
0x00002ad3db128bbf	41	  int result = INLINE_SYSCALL (wait4, 4, pid, stat_loc, options, NULL);

Crash is reproducible with

[Stanislav Brabec <sbrabec@…>]

avahi-64bit.patch does not fix the problem, but fixes obvious bug. You may decide to make the structure totally opaque including its size to prevent possible problems in future.

[Stanislav Brabec <sbrabec@…>]

avahi-compat-error-return.patch part 1 of the fix from JP Rosevear (jpr at novell _dot_ com)

[Stanislav Brabec <sbrabec@…>]

avahi-compat-txt-buffer-size.patch part 2 of the fix from JP Rosevear (jpr at novell _dot_ com)

[lennart]

(In [1192]) Merge patch "avahi-compat-txt-buffer-size.patch" from Stanislav Brabec/JP Rosevear, see #30

[lennart]

Unfortunately we cannot apply the patch "avahi-64bit.patch". The header file is and unmodified copy of Apple's version. We would break binary compatibility with them if we'd apply it. In addition we don't use that structure definition internally anyway. If you look closely on [source:/trunk/avahi-compat-libdns_sd/txt.c avahi-compat-libdns_sd/txt.c] you'll see that we use the space reserved by that structure to store a single pointer in it that points to our own structure TXTRecordInternal. The sixteen bytes reserved by the Apple API should suffice to store a single pointer, even on 64bit machines. Please have a look on the comments in our implementation TXTRecordCreate().

The second patch I will not commit either. The assert()s are there to catch ugly programming errors (accessing already freed DNSServiceRefs is really, really ugly). If we'd modify them the way you suggest people wouldn't even detect their errors. In short: it would just hide problems. It's simply the wrong place to fix your apps.

The third patch however I have commited in r1192.

The GnomeMeeting? crash looks like a threading issue to me. GnomeMeeting? accesses DNSServiceRef from more than one thread without locking, is that correct? avahi-compat-libdns_sd doesn't do any internal locking and Apple doesn't document if their implementation does. (It's quite easily possible, though). Please check if this might be the cause of your issue. If yes, we're happy to add the required locking to avahi-compat-libdns_sd.

Thank your very much for your patches!

[jpr@…]

No, the gnome meeting crash was because of the buffer size patch you committed.

The second patch avahi-compat-error-return.patch actually corrects things (at least in our patches for mDNSResponder enabled apps - the errors are ). The apple call in this case gracefully handles NULL pointers by returning -1 as an error code, so I respectfully submit you are not actually ABI compatible until this is fixed. This came up for us when looping over the results of DNSServiceBrowse call to create the fd's. That can return a NULL item in the array, or at least not set a value.

[lennart]

Ah, OK. Binary compatibility is a good reason for merging the patch. Will do that now. I guess this bug report can be closed afterwards?

[lennart]

(In [1205]) Merge patch "avahi-compat-error-return.patch" from Stanislav Brabec/JP Rosevear, see #30

[lennart]

Closing.

[anonymous]

Yes, can be closed, I suspect however there are other cases in the API where -1 should be returned rather than asserting.