Memory corruption in introspection with ServiceProxyAction
There seems to be a double free going on:
==295428== Memcheck, a memory error detector
==295428== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==295428== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info
==295428== Command: gjs ./examples/get-volume.js
==295428==
--295428-- WARNING: Serious error when reading debug info
--295428-- When reading debug info from /usr/lib64/libmozjs-78.so.0.0.0:
--295428-- abbv_code not found in ht_abbvs table
==295428== Warning: set address range perms: large range [0x31d343e07000, 0x31d3c3a07000) (noaccess)
Got ServiceProxy urn:upnp-org:serviceId:RenderingControl http://192.168.178.100:52575/51ab6a79-353f-4f84-b708-26df23284475.xml
Introspecting service...
Calling GetVolume for channel Master
50
Got ServiceProxy urn:upnp-org:serviceId:RenderingControl http://192.168.178.100:51257/d8c2bad4-da37-4538-96ab-f9c7f7f421c8.xml
Introspecting service...
==295428== Invalid read of size 4
==295428== at 0x49B195D: g_atomic_rc_box_release_full (garcbox.c:343)
==295428== by 0x48A80E0: UnknownInlinedFun (boxed.cpp:425)
==295428== by 0x48A80E0: UnknownInlinedFun (wrapperutils.h:1013)
==295428== by 0x48A80E0: GIWrapperBase<BoxedBase, BoxedPrototype, BoxedInstance>::finalize(JSFreeOp*, JSObject*) (wrapperutils.h:369)
==295428== by 0x56A5A77: UnknownInlinedFun (Class.h:785)
==295428== by 0x56A5A77: UnknownInlinedFun (JSObject-inl.h:87)
==295428== by 0x56A5A77: UnknownInlinedFun (GC.cpp:486)
==295428== by 0x56A5A77: bool FinalizeTypedArenas<JSObject>(JSFreeOp*, js::gc::Arena**, js::gc::SortedArenaList&, js::gc::AllocKind, js::SliceBudget&) [clone .lto_priv.0] (GC.cpp:541)
==295428== by 0x568DDF8: js::gc::GCRuntime::finalizeAllocKind(JSFreeOp*, js::SliceBudget&) (GC.cpp:5518)
==295428== by 0x569E677: sweepaction::SweepActionForEach<ContainerIter<mozilla::EnumSet<js::gc::AllocKind, unsigned long> >, mozilla::EnumSet<js::gc::AllocKind, unsigned long> >::run(js::gc::SweepAction::Args&) (GC.cpp:6016)
==295428== by 0x568D84D: sweepaction::SweepActionSequence::run(js::gc::SweepAction::Args&) (GC.cpp:5981)
==295428== by 0x569E328: sweepaction::SweepActionForEach<js::gc::SweepGroupZonesIter, JSRuntime*>::run(js::gc::SweepAction::Args&) (GC.cpp:6016)
==295428== by 0x568D84D: sweepaction::SweepActionSequence::run(js::gc::SweepAction::Args&) (GC.cpp:5981)
==295428== by 0x56A6679: sweepaction::SweepActionForEach<js::gc::SweepGroupsIter, JSRuntime*>::run(js::gc::SweepAction::Args&) (GC.cpp:6016)
==295428== by 0x569CDBA: js::gc::GCRuntime::incrementalSlice(js::SliceBudget&, mozilla::Maybe<JSGCInvocationKind> const&, JS::GCReason, js::gc::AutoGCSession&) (GC.cpp:6159)
==295428== by 0x56ACBB8: js::gc::GCRuntime::gcCycle(bool, js::SliceBudget, mozilla::Maybe<JSGCInvocationKind> const&, JS::GCReason) (GC.cpp:7104)
==295428== by 0x56AE961: js::gc::GCRuntime::collect(bool, js::SliceBudget, mozilla::Maybe<JSGCInvocationKind> const&, JS::GCReason) (GC.cpp:7315)
==295428== by 0x52E62F0: UnknownInlinedFun (GC.cpp:7391)
==295428== by 0x52E62F0: JS_GC(JSContext*, JS::GCReason) (jsapi.cpp:1360)
==295428== by 0x48DA072: GjsContextPrivate::trigger_gc_if_needed(void*) (context.cpp:694)
==295428== by 0x49E3D20: g_timeout_dispatch (gmain.c:4889)
==295428== by 0x49E34CE: UnknownInlinedFun (gmain.c:3337)
==295428== by 0x49E34CE: g_main_context_dispatch (gmain.c:4055)
==295428== by 0x4A374E7: g_main_context_iterate.constprop.0 (gmain.c:4131)
==295428== by 0x49E2A92: g_main_loop_run (gmain.c:4329)
==295428== by 0x512CC03: ffi_call_unix64 (unix64.S:76)
==295428== by 0x512C106: ffi_call (ffi64.c:525)
==295428== by 0x48B9364: Function::invoke(JSContext*, JS::CallArgs const&, JS::Handle<JSObject*>, _GIArgument*) (function.cpp:970)
==295428== by 0x48B9826: Function::call(JSContext*, unsigned int, JS::Value*) (function.cpp:1112)
==295428== by 0x527B851: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) (Interpreter.cpp:493)
==295428== by 0x526BCDF: UnknownInlinedFun (Interpreter.cpp:652)
==295428== by 0x526BCDF: Interpret(JSContext*, js::RunState&) (Interpreter.cpp:3312)
==295428== by 0x527B0FD: js::RunScript(JSContext*, js::RunState&) (Interpreter.cpp:465)
==295428== by 0x527C775: js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, JS::Handle<JS::Value>, js::AbstractFramePtr, JS::MutableHandle<JS::Value>) (Interpreter.cpp:840)
==295428== by 0x537B3E6: bool EvaluateSourceBuffer<char16_t>(JSContext*, js::ScopeKind, JS::Handle<JSObject*>, JS::ReadOnlyCompileOptions const&, JS::SourceText<char16_t>&, JS::MutableHandle<JS::Value>) [clone .lto_priv.0] (CompilationAndEvaluation.cpp:498)
==295428== by 0x536037D: JS::Evaluate(JSContext*, JS::Handle<JS::StackGCVector<JSObject*, js::TempAllocPolicy> >, JS::ReadOnlyCompileOptions const&, JS::SourceText<char16_t>&, JS::MutableHandle<JS::Value>) (CompilationAndEvaluation.cpp:529)
==295428== by 0x48DC56B: GjsContextPrivate::eval_with_scope(JS::Handle<JSObject*>, char const*, long, char const*, JS::MutableHandle<JS::Value>) (context.cpp:1319)
==295428== by 0x48E0AC8: UnknownInlinedFun (context.cpp:1129)
==295428== by 0x48E0AC8: gjs_context_eval (context.cpp:1051)
==295428== by 0x10B114: UnknownInlinedFun (console.cpp:191)
==295428== by 0x10B114: main (console.cpp:384)
==295428== Address 0x16b876d8 is 24 bytes inside a block of size 112 free'd
==295428== at 0x48430E4: free (vg_replace_malloc.c:755)
==295428== by 0x49E824C: g_free (gmem.c:199)
==295428== by 0x48A80E0: UnknownInlinedFun (boxed.cpp:425)
==295428== by 0x48A80E0: UnknownInlinedFun (wrapperutils.h:1013)
==295428== by 0x48A80E0: GIWrapperBase<BoxedBase, BoxedPrototype, BoxedInstance>::finalize(JSFreeOp*, JSObject*) (wrapperutils.h:369)
==295428== by 0x56A5A77: UnknownInlinedFun (Class.h:785)
==295428== by 0x56A5A77: UnknownInlinedFun (JSObject-inl.h:87)
==295428== by 0x56A5A77: UnknownInlinedFun (GC.cpp:486)
==295428== by 0x56A5A77: bool FinalizeTypedArenas<JSObject>(JSFreeOp*, js::gc::Arena**, js::gc::SortedArenaList&, js::gc::AllocKind, js::SliceBudget&) [clone .lto_priv.0] (GC.cpp:541)
==295428== by 0x568DDF8: js::gc::GCRuntime::finalizeAllocKind(JSFreeOp*, js::SliceBudget&) (GC.cpp:5518)
==295428== by 0x569E677: sweepaction::SweepActionForEach<ContainerIter<mozilla::EnumSet<js::gc::AllocKind, unsigned long> >, mozilla::EnumSet<js::gc::AllocKind, unsigned long> >::run(js::gc::SweepAction::Args&) (GC.cpp:6016)
==295428== by 0x568D84D: sweepaction::SweepActionSequence::run(js::gc::SweepAction::Args&) (GC.cpp:5981)
==295428== by 0x569E328: sweepaction::SweepActionForEach<js::gc::SweepGroupZonesIter, JSRuntime*>::run(js::gc::SweepAction::Args&) (GC.cpp:6016)
==295428== by 0x568D84D: sweepaction::SweepActionSequence::run(js::gc::SweepAction::Args&) (GC.cpp:5981)
==295428== by 0x56A6679: sweepaction::SweepActionForEach<js::gc::SweepGroupsIter, JSRuntime*>::run(js::gc::SweepAction::Args&) (GC.cpp:6016)
==295428== by 0x569CDBA: js::gc::GCRuntime::incrementalSlice(js::SliceBudget&, mozilla::Maybe<JSGCInvocationKind> const&, JS::GCReason, js::gc::AutoGCSession&) (GC.cpp:6159)
==295428== by 0x56ACBB8: js::gc::GCRuntime::gcCycle(bool, js::SliceBudget, mozilla::Maybe<JSGCInvocationKind> const&, JS::GCReason) (GC.cpp:7104)
==295428== by 0x56AE961: js::gc::GCRuntime::collect(bool, js::SliceBudget, mozilla::Maybe<JSGCInvocationKind> const&, JS::GCReason) (GC.cpp:7315)
==295428== by 0x52E62F0: UnknownInlinedFun (GC.cpp:7391)
==295428== by 0x52E62F0: JS_GC(JSContext*, JS::GCReason) (jsapi.cpp:1360)
==295428== by 0x48DA072: GjsContextPrivate::trigger_gc_if_needed(void*) (context.cpp:694)
==295428== by 0x49E3D20: g_timeout_dispatch (gmain.c:4889)
==295428== by 0x49E34CE: UnknownInlinedFun (gmain.c:3337)
==295428== by 0x49E34CE: g_main_context_dispatch (gmain.c:4055)
==295428== by 0x4A374E7: g_main_context_iterate.constprop.0 (gmain.c:4131)
==295428== by 0x49E2A92: g_main_loop_run (gmain.c:4329)
==295428== by 0x512CC03: ffi_call_unix64 (unix64.S:76)
==295428== by 0x512C106: ffi_call (ffi64.c:525)
==295428== by 0x48B9364: Function::invoke(JSContext*, JS::CallArgs const&, JS::Handle<JSObject*>, _GIArgument*) (function.cpp:970)
==295428== by 0x48B9826: Function::call(JSContext*, unsigned int, JS::Value*) (function.cpp:1112)
==295428== by 0x527B851: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) (Interpreter.cpp:493)
==295428== by 0x526BCDF: UnknownInlinedFun (Interpreter.cpp:652)
==295428== by 0x526BCDF: Interpret(JSContext*, js::RunState&) (Interpreter.cpp:3312)
==295428== by 0x527B0FD: js::RunScript(JSContext*, js::RunState&) (Interpreter.cpp:465)
==295428== by 0x527C775: js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, JS::Handle<JS::Value>, js::AbstractFramePtr, JS::MutableHandle<JS::Value>) (Interpreter.cpp:840)
==295428== by 0x537B3E6: bool EvaluateSourceBuffer<char16_t>(JSContext*, js::ScopeKind, JS::Handle<JSObject*>, JS::ReadOnlyCompileOptions const&, JS::SourceText<char16_t>&, JS::MutableHandle<JS::Value>) [clone .lto_priv.0] (CompilationAndEvaluation.cpp:498)
==295428== by 0x536037D: JS::Evaluate(JSContext*, JS::Handle<JS::StackGCVector<JSObject*, js::TempAllocPolicy> >, JS::ReadOnlyCompileOptions const&, JS::SourceText<char16_t>&, JS::MutableHandle<JS::Value>) (CompilationAndEvaluation.cpp:529)
==295428== by 0x48DC56B: GjsContextPrivate::eval_with_scope(JS::Handle<JSObject*>, char const*, long, char const*, JS::MutableHandle<JS::Value>) (context.cpp:1319)
==295428== by 0x48E0AC8: UnknownInlinedFun (context.cpp:1129)
==295428== by 0x48E0AC8: gjs_context_eval (context.cpp:1051)
==295428== by 0x10B114: UnknownInlinedFun (console.cpp:191)
==295428== by 0x10B114: main (console.cpp:384)
==295428== Block was alloc'd at
==295428== at 0x4845464: calloc (vg_replace_malloc.c:1117)
==295428== by 0x49EBE60: g_malloc0 (gmem.c:136)
==295428== by 0x4A37DEC: g_rc_box_alloc_full.constprop.0 (grcbox.c:234)
==295428== by 0x172C37A9: gupnp_service_proxy_action_new_internal (gupnp-service-proxy-action.c:194)
==295428== by 0x172C37A9: gupnp_service_proxy_action_new_from_list (gupnp-service-proxy-action.c:305)
==295428== by 0x512CC03: ffi_call_unix64 (unix64.S:76)
==295428== by 0x512C106: ffi_call (ffi64.c:525)
==295428== by 0x48B9364: Function::invoke(JSContext*, JS::CallArgs const&, JS::Handle<JSObject*>, _GIArgument*) (function.cpp:970)
==295428== by 0x48B9826: Function::call(JSContext*, unsigned int, JS::Value*) (function.cpp:1112)
==295428== by 0x527B851: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) (Interpreter.cpp:493)
==295428== by 0x526BCDF: UnknownInlinedFun (Interpreter.cpp:652)
==295428== by 0x526BCDF: Interpret(JSContext*, js::RunState&) (Interpreter.cpp:3312)
==295428== by 0x527B0FD: js::RunScript(JSContext*, js::RunState&) (Interpreter.cpp:465)
==295428== by 0x527B546: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) (Interpreter.cpp:620)
==295428== by 0x527BBA1: js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) (Interpreter.cpp:648)
==295428== by 0x52EF519: JS_CallFunction(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSFunction*>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) (jsapi.cpp:2801)
==295428== by 0x48ADF45: UnknownInlinedFun (jsapi.h:1496)
==295428== by 0x48ADF45: gjs_closure_invoke(_GClosure*, JS::Handle<JSObject*>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>, bool) (closure.cpp:193)
==295428== by 0x48B0A82: UnknownInlinedFun (function.cpp:528)
==295428== by 0x48B0A82: GjsCallbackTrampoline::callback_closure(_GIArgument**, void*) (function.cpp:391)
==295428== by 0x48B4A1C: UnknownInlinedFun (function.cpp:732)
==295428== by 0x48B4A1C: GjsCallbackTrampoline::initialize(JSContext*, JS::Handle<JSFunction*>, bool)::{lambda(ffi_cif*, void*, void**, void*)#1}::_FUN(ffi_cif*, void*, void**, void*) (function.cpp:733)
==295428== by 0x512C99C: ffi_closure_unix64_inner (ffi64.c:670)
==295428== by 0x512CD6B: ffi_closure_unix64 (unix64.S:229)
==295428== by 0x4BD1A79: g_task_return_now (gtask.c:1219)
==295428== by 0x4BD1C7A: UnknownInlinedFun (gtask.c:1289)
==295428== by 0x4BD1C7A: g_task_return (gtask.c:1245)
==295428== by 0x172BDDE4: prv_introspection_cb (gupnp-service-info.c:819)
==295428== by 0x172BDC92: got_scpd_url (gupnp-service-info.c:631)
==295428== by 0x1737104A: soup_session_process_queue_item.part.0 (soup-session.c:2045)
==295428== by 0x1737159C: UnknownInlinedFun (soup-session.c:1972)
==295428== by 0x1737159C: async_run_queue (soup-session.c:2085)
==295428== by 0x173716B9: idle_run_queue (soup-session.c:2112)
==295428== by 0x49DF74A: g_idle_dispatch (gmain.c:5848)
==295428== by 0x49E34CE: UnknownInlinedFun (gmain.c:3337)
==295428== by 0x49E34CE: g_main_context_dispatch (gmain.c:4055)
==295428== by 0x4A374E7: g_main_context_iterate.constprop.0 (gmain.c:4131)
==295428== by 0x49E2A92: g_main_loop_run (gmain.c:4329)
==295428== by 0x512CC03: ffi_call_unix64 (unix64.S:76)
==295428== by 0x512C106: ffi_call (ffi64.c:525)
==295428== by 0x48B9364: Function::invoke(JSContext*, JS::CallArgs const&, JS::Handle<JSObject*>, _GIArgument*) (function.cpp:970)
==295428== by 0x48B9826: Function::call(JSContext*, unsigned int, JS::Value*) (function.cpp:1112)
==295428== by 0x527B851: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) (Interpreter.cpp:493)
==295428== by 0x526BCDF: UnknownInlinedFun (Interpreter.cpp:652)
==295428== by 0x526BCDF: Interpret(JSContext*, js::RunState&) (Interpreter.cpp:3312)
==295428== by 0x527B0FD: js::RunScript(JSContext*, js::RunState&) (Interpreter.cpp:465)
==295428== by 0x527C775: js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, JS::Handle<JS::Value>, js::AbstractFramePtr, JS::MutableHandle<JS::Value>) (Interpreter.cpp:840)
==295428== by 0x537B3E6: bool EvaluateSourceBuffer<char16_t>(JSContext*, js::ScopeKind, JS::Handle<JSObject*>, JS::ReadOnlyCompileOptions const&, JS::SourceText<char16_t>&, JS::MutableHandle<JS::Value>) [clone .lto_priv.0] (CompilationAndEvaluation.cpp:498)
==295428== by 0x536037D: JS::Evaluate(JSContext*, JS::Handle<JS::StackGCVector<JSObject*, js::TempAllocPolicy> >, JS::ReadOnlyCompileOptions const&, JS::SourceText<char16_t>&, JS::MutableHandle<JS::Value>) (CompilationAndEvaluation.cpp:529)
==295428== by 0x48DC56B: GjsContextPrivate::eval_with_scope(JS::Handle<JSObject*>, char const*, long, char const*, JS::MutableHandle<JS::Value>) (context.cpp:1319)
==295428== by 0x48E0AC8: UnknownInlinedFun (context.cpp:1129)
==295428== by 0x48E0AC8: gjs_context_eval (context.cpp:1051)
==295428== by 0x10B114: UnknownInlinedFun (console.cpp:191)
==295428== by 0x10B114: main (console.cpp:384)
==295428==
Similar with python, valgrind log to be provided later