Crash in `tracker_offsets_function()`
To reproduce: checkout tracker-miners!302 (merged) and run meson test --suite=tracker-miners cli --print-error-logs
. You'll see 'Message recipient disconnected from bus without replying.'
Now do the same but attach a debugger to tracker-miner-fs inside the sandbox. I do this by inserting a block like this in src/miner/fs/tracker-main.c
and setting TRACKER_DEBUG=tests TRACKER_TESTS_AWAIT_TIMEOUT=100
before running meson test
so I have ten seconds to attach GDB:
g_print ("\n\n\nDebug me:\ngdb attach %i\n\n", getpid ());
g_usleep (10 * 1000 * 1000);
You should see a crash in tracker-fts-tokenizer.c
:
(gdb) ba
#0 tracker_offsets_function (api=0x7f76795d7e80, fts_ctx=0x7f765cbdd058, ctx=0x7f7654904598, n_args=0, args=0x7f76549045d0)
at ../subprojects/tracker/src/libtracker-fts/tracker-fts-tokenizer.c:251
#1 0x00007f7679583081 in fts5ApiCallback () at /lib64/libsqlite3.so.0
#2 0x00007f76794e053b in sqlite3VdbeExec.lto_priv.0 () at /lib64/libsqlite3.so.0
#3 0x00007f76794dd0a0 in sqlite3_step () at /lib64/libsqlite3.so.0
#4 0x00007f767a7ddf4c in stmt_step (stmt=0x7f76542a1728)
at ../subprojects/tracker/src/libtracker-data/tracker-db-interface-sqlite.c:1786
#5 0x00007f767a7e1924 in db_cursor_iter_next (cursor=0x7f7658002ab0, cancellable=0x0, error=0x7f7667ffe958)
at ../subprojects/tracker/src/libtracker-data/tracker-db-interface-sqlite.c:3470
#6 0x00007f767a7e1895 in tracker_db_cursor_iter_next (cursor=0x7f7658002ab0, cancellable=0x0, error=0x7f7667ffe958)
at ../subprojects/tracker/src/libtracker-data/tracker-db-interface-sqlite.c:3447
#7 0x00007f767a7a4b41 in tracker_sparql_cursor_next (cursor=0x7f7658002ab0, cancellable=0x0, error=0x7f7667ffe9c0)
at ../subprojects/tracker/src/libtracker-sparql/tracker-cursor.c:425
#8 0x00007f767a7a5cc9 in write_cursor (request=0x20eee40, cursor=0x7f7658002ab0, error=0x7f7667ffea30)
at ../subprojects/tracker/src/libtracker-sparql/tracker-endpoint-dbus.c:288
#9 0x00007f767a7a5ddc in handle_cursor_reply
(task=0x1bbcb20, source_object=0x7f7658002ab0, task_data=0x20eee40, cancellable=0x1c52060)
at ../subprojects/tracker/src/libtracker-sparql/tracker-endpoint-dbus.c:357
#10 0x00007f767a4f97e2 in g_task_thread_pool_thread (thread_data=0x1bbcb20, pool_data=<optimized out>) at ../gio/gtask.c:1417
#11 0x00007f767a69ccd4 in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/gthreadpool.c:354
#12 0x00007f767a69a132 in g_thread_proxy (data=0x219b120) at ../glib/gthread.c:820
#13 0x00007f767a3ab3f9 in start_thread () at /lib64/libpthread.so.0
#14 0x00007f767a2d8903 in clone () at /lib64/libc.so.6
The crash is here:
(gdb) l
246 first = FALSE;
247
248 if (str->len != 0)
249 g_string_append_c (str, ',');
250
251 g_string_append_printf (str, "%s,%d",
252 data->property_names[col],
253 g_array_index (offsets, gint, n_token));
254 }
255
(gdb) p *offsets
$19 = {data = 0x0, len = 0}
(gdb) p n_token
$20 = 0
We are accessing element 0 of the offsets
array which has no elements.
The offsets
array wasn't populated on this iteration of the loop...
(gdb) l 230
225
226 if (first || cur_col != col) {
227 const char *text;
228 int length;
229
230 if (offsets)
231 g_array_free (offsets, TRUE);
232
233 offsets = g_array_new (FALSE, FALSE, sizeof (gint));
234 rc = api->xColumnText (fts_ctx, col, &text, &length);
(gdb) p first
$23 = 0
(gdb) p cur_col
$24 = 26
(gdb) p col
$25 = 26
Perhaps the issue ? I can't get much further here without diving into the SQLite Fts5ExtensionApi.