Segmentation fault on multiple seeks

[feelfreelinux]

When I try to seek quickly, multiple times using QHttpFilesystemHandler, app crashes with "Segmentation fault".

[nathan-osman]

When you refer to "seek quickly", do you mean that the client is sending lots of requests with Content-Range set and QHttpEngine is crashing? Is there any chance you could run this in a debugger and pinpoint where the crash is occurring? If you are able to provide a simple reproducible example, that would be extremely helpful.

[feelfreelinux]

@nathan-osman Used fileserver example from examples directory, played video in format MPEG-4 .mp4. Code seems to crash somewhere in QTcpServer, can't get any debuger output directly in signals/etc. Fail is pretty random, even happened on first play. Yes, I reffer to Content-Range requestd

[nathan-osman]

Okay, I'll see if I can reproduce the crash then.

[nathan-osman]

Sorry, two more questions :smile:

• Which operating system are you seeing this on?
• Which version of QHttpEngine are you using? (0.1.0 or master from Git?)

[feelfreelinux]

@nathan-osman Using master branch, 0.1.0 does not support seeking. Using ubuntu 14.04.

[feelfreelinux]

@InfernoCoder - can also approve this.

[Yureien]

Yep, this bug occurs on my system too. Another segmentation error occurs when I run a video which has higher resolution than supported on my PC. For example, if I run a 4K video on my 1080p PC, the server crashes. Tried on Google Chrome and VLC Player. I'm also running Debian.

[feelfreelinux]

@nathan-osman Happens really often when trying to launch video in google chrome. Segmentation faults often happens, when there is mess with pointers/etc.

[Yureien]

@nathan-osman @feelfreelinux I have been able to find a workaround by commenting out the socket->close(); line in qfilesystemhandler.cpp

[nathan-osman]

I'll take another look at that section.

[nathan-osman]

I have finally determined the source of the problem and it's quite subtle:

In ServerPrivate::process(), the new socket's disconnected() signal is connected to deleteLater(). At some point after requesting the file, Chrome sends a TCP RST packet, closing the connection. This of course triggers the socket's destructor. Meanwhile, in FilesystemHandlerPrivate::processFile(), the QIODeviceCopier completes and finished() is emitted. Connected to this is a lambda that runs socket->close() which triggers a segmentation fault (SIGSEGV) since the socket was already destroyed.

The correct solution, I believe, is to remove the connection between Socket::disconnected() and Socket::deleteLater() since this should be handled by the handlers rather than the server itself. I have confirmed that removing this line eliminates the crash. I'll be working on pushing a fix for this shortly.

[nathan-osman]

I believe this is now fixed. Please let me know if the issue has been resolved.