Still crash by avahi_entry_group_free(NULL) call

[tillkamppeter]

Recently I have reported an issue (Issue #5086) about all calls of the avahi_entry_group_free() function need a check that they do not get called with NULL as argument.
Now I got the following bug report at Ubuntu:
Bug #1718717: cupsd crashed with SIGSEGV in avahi_entry_group_free()
According to the stack trace attached to the bug avahi_entry_group_free() still got called with a NULL argument, but I do not actually understand what happens here, as the call in the dnssdDeregisterInstance() is actually preceded by appropriate NULL checks.
Stacktrace is

StacktraceTop:
 avahi_entry_group_free (group=0x0) at entrygroup.c:242
 dnssdDeregisterInstance (srv=0x56336dce7608 <WebIFSrv>, from_callback=from_callback@entry=0) at dirsvc.c:684
 dnssdDeregisterInstance (from_callback=0, srv=<optimized out>) at dirsvc.c:670
 dnssdStop () at dirsvc.c:1297
 cupsdStopBrowsing () at dirsvc.c:270

Note that due to distribution patches the line numbers in the Ubuntu source code are shifted (but the dnssdDeregisterInstance() function did not get modified). Line 670 is the "if (!srv || !*srv)" line and line 684 is the "avahi_entry_group_free(*srv);" line.

[michaelrsweet]

Unable to view linked bug...

[tillkamppeter]

Linked bug is now accessible.

[michaelrsweet]

Hmm, makes no sense. The NULL check is definitely there - maybe the debug info and version of cupsd executable aren't matched up and they are still running an old cupsd?

[michaelrsweet]

Well, please re-file this bug if you find more information.