[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crash in sftp_readdir (git)


Hi,

Actually samplessh also crash with the same behavior. Please see my
session:

vic@vic-eeepc:~/git/libssh/build$ 
vic@vic-eeepc:~/git/libssh/build$ ln -s ./samplessh ./sftp
vic@vic-eeepc:~/git/libssh/build$ ./sftp -l "Vic Lee" -r 192.168.0.1
supported auth methods: publickey, keyboard-interactive
Additional SFTP extensions provided by the server:
	posix-rename@xxxxxxxxxxx, version: 1
	statvfs@xxxxxxxxxxx, version: 2
	fstatvfs@xxxxxxxxxxx, version: 2
*** glibc detected *** ./sftp: free(): invalid next size (fast):
0x08594690 ***
======= Backtrace: =========
/lib/i686/cmov/libc.so.6[0xb7e678f4]
/lib/i686/cmov/libc.so.6(cfree+0x96)[0xb7e69896]
/home/vic/git/libssh/build/libssh/libssh.so.4[0xb8060456]
/home/vic/git/libssh/build/libssh/libssh.so.4(sftp_symlink
+0x2d9)[0xb80640e3]
./sftp(do_sftp+0x1b5)[0x804ad43]
./sftp(main+0x7cc)[0x804c18e]
/lib/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7e0f7a5]
./sftp[0x8049ff1]
======= Memory map: ========
08048000-0804d000 r-xp 00000000 08:11
231033     /home/vic/git/libssh/build/samplessh
0804d000-0804e000 rw-p 00005000 08:11
231033     /home/vic/git/libssh/build/samplessh
0858e000-085af000 rw-p 00000000 00:00 0          [heap]
b7c00000-b7c21000 rw-p 00000000 00:00 0 
b7c21000-b7d00000 ---p 00000000 00:00 0 
b7d7d000-b7da7000 r-xp 00000000 08:01 54101      /lib/libgcc_s.so.1
b7da7000-b7da8000 rw-p 00029000 08:01 54101      /lib/libgcc_s.so.1
b7dba000-b7dc4000 r-xp 00000000 08:01
25124      /lib/i686/cmov/libnss_files-2.9.so
b7dc4000-b7dc5000 r--p 00009000 08:01
25124      /lib/i686/cmov/libnss_files-2.9.so
b7dc5000-b7dc6000 rw-p 0000a000 08:01
25124      /lib/i686/cmov/libnss_files-2.9.so
b7dc6000-b7dcf000 r-xp 00000000 08:01
25136      /lib/i686/cmov/libnss_nis-2.9.so
b7dcf000-b7dd0000 r--p 00008000 08:01
25136      /lib/i686/cmov/libnss_nis-2.9.so
b7dd0000-b7dd1000 rw-p 00009000 08:01
25136      /lib/i686/cmov/libnss_nis-2.9.so
b7dd1000-b7dd8000 r-xp 00000000 08:01
25116      /lib/i686/cmov/libnss_compat-2.9.so
b7dd8000-b7dd9000 r--p 00006000 08:01
25116      /lib/i686/cmov/libnss_compat-2.9.so
b7dd9000-b7dda000 rw-p 00007000 08:01
25116      /lib/i686/cmov/libnss_compat-2.9.so
b7dda000-b7ddb000 rw-p 00000000 00:00 0 
b7ddb000-b7dde000 r-xp 00000000 08:01
181030     /usr/lib/libgpg-error.so.0.4.0
b7dde000-b7ddf000 rw-p 00002000 08:01
181030     /usr/lib/libgpg-error.so.0.4.0
b7ddf000-b7df4000 r-xp 00000000 08:01
25140      /lib/i686/cmov/libpthread-2.9.so
b7df4000-b7df5000 r--p 00014000 08:01
25140      /lib/i686/cmov/libpthread-2.9.so
b7df5000-b7df6000 rw-p 00015000 08:01
25140      /lib/i686/cmov/libpthread-2.9.so
b7df6000-b7df9000 rw-p 00000000 00:00 0 
b7df9000-b7f51000 r-xp 00000000 08:01
25104      /lib/i686/cmov/libc-2.9.so
b7f51000-b7f52000 ---p 00158000 08:01
25104      /lib/i686/cmov/libc-2.9.so
b7f52000-b7f54000 r--p 00158000 08:01
25104      /lib/i686/cmov/libc-2.9.so
b7f54000-b7f55000 rw-p 0015a000 08:01
25104      /lib/i686/cmov/libc-2.9.so
b7f55000-b7f58000 rw-p 00000000 00:00 0 
b7f58000-b7fca000 r-xp 00000000 08:01
185475     /usr/lib/libgcrypt.so.11.5.2
b7fca000-b7fcd000 rw-p 00072000 08:01
185475     /usr/lib/libgcrypt.so.11.5.2
b7fcd000-b7fe1000 r-xp 00000000 08:01
181408     /usr/lib/libz.so.1.2.3.3
b7fe1000-b7fe2000 rw-p 00013000 08:01
181408     /usr/lib/libz.so.1.2.3.3
b7fe2000-b7fe9000 r-xp 00000000 08:01
25134      /lib/i686/cmov/librt-2.9.so
b7fe9000-b7fea000 r--p 00006000 08:01
25134      /lib/i686/cmov/librt-2.9.so
b7fea000-b7feb000 rw-p 00007000 08:01
25134      /lib/i686/cmov/librt-2.9.so
b7feb000-b7ffd000 r-xp 00000000 08:01
24592      /lib/i686/cmov/libresolv-2.9.so
b7ffd000-b7ffe000 r--p 00011000 08:01
24592      /lib/i686/cmov/libresolv-2.9.so
b7ffe000-b7fff000 rw-p 00012000 08:01
24592      /lib/i686/cmov/libresolv-2.9.so
b7fff000-b8002000 rw-p 00000000 00:00 0 
b8002000-b8017000 r-xp 00000000 08:01
25128      /lib/i686/cmov/libnsl-2.9.so
b8017000-b8018000 r--p 00014000 08:01
25128      /lib/i686/cmov/libnsl-2.9.so
b8018000-b8019000 rw-p 00015000 08:01
25128      /lib/i686/cmov/libnsl-2.9.so
b8019000-b801b000 rw-p 00000000 00:00 0 
b8028000-b8029000 rw-p 00000000 00:00 0 
b8029000-b802d000 rw-p 00000000 00:00 0 
b802d000-b806d000 r-xp 00000000 08:11
231080     /home/vic/git/libssh/build/libssh/libssh.so.4.0.0
b806d000-b806e000 rw-p 00040000 08:11
231080     /home/vic/git/libssh/build/libssh/libssh.so.4.0.0
b806e000-b8073000 rw-p 00000000 00:00 0 
b8073000-b8074000 r-xp 00000000 00:00 0          [vdso]
b8074000-b8090000 r-xp 00000000 08:01 18892      /lib/ld-2.9.so
b8090000-b8091000 r--p 0001b000 08:01 18892      /lib/ld-2.9.so
b8091000-b8092000 rw-p 0001c000 08:01 18892      /lib/ld-2.9.so
bfb05000-bfb1a000 rw-p 00000000 00:00 0          [stack]
Aborted
vic@vic-eeepc:~/git/libssh/build$ 

Thanks,
Vic

On Sun, 2009-10-11 at 08:03 +0800, Vic Lee wrote:
> Hi,
> 
> I encountered permanent crash when calling sftp_readdir with the latest
> git version. I am not quite sure how to fix it this time. This is what I
> got in gdb, please help:
> 
> #0  0xb8080424 in __kernel_vsyscall ()
> (gdb) up
> #1  0xb75a23d0 in *__GI_raise (sig=6)
>     at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
> 64	../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
> 	in ../nptl/sysdeps/unix/sysv/linux/raise.c
> (gdb) 
> #2  0xb75a5a85 in *__GI_abort () at abort.c:88
> 88	abort.c: No such file or directory.
> 	in abort.c
> (gdb) 
> #3  0xb75db2ed in __libc_message (do_abort=2, 
>     fmt=0xb76b8328 "*** glibc detected *** %s: %s: 0x%s ***\n")
>     at ../sysdeps/unix/sysv/linux/libc_fatal.c:173
> 173	../sysdeps/unix/sysv/linux/libc_fatal.c: No such file or directory.
> 	in ../sysdeps/unix/sysv/linux/libc_fatal.c
> (gdb) 
> #4  0xb75e58f4 in malloc_printerr (action=2, 
>     str=0xb76b8374 "free(): invalid next size (fast)", ptr=0x853c9c8)
>     at malloc.c:5994
> 5994	malloc.c: No such file or directory.
> 	in malloc.c
> (gdb) 
> #5  0xb75e7896 in *__GI___libc_free (mem=0x853c9c8) at malloc.c:3625
> 3625	in malloc.c
> (gdb) 
> #6  0xb773f456 in status_msg_free (status=0x853c9c8)
>     at /home/vic/git/libssh/libssh/sftp.c:774
> 774	  SAFE_FREE(status);
> (gdb) 
> #7  0xb7740738 in sftp_readdir (sftp=0x8520b28, dir=0x8527990)
>     at /home/vic/git/libssh/libssh/sftp.c:1323
> 1323	            status_msg_free(status);
> (gdb) 
> #8  0x08075388 in remmina_sftp_window_on_opendir (window=0x8548820, 
>     dir=0x807b1b6 ".", data=0x0) at remminasftpwindow.c:598
> 598	    while ((sftpattr = sftp_readdir (window->sftp->sftp_sess,
> sftpdir)))
> (gdb) 
> 
> Vic
> 
> 
> 



Follow-Ups:
Re: Crash in sftp_readdir (git) - SOLVEDVic Lee <llyzs@xxxxxxx>
References:
Crash in sftp_readdir (git)Vic Lee <llyzs@xxxxxxx>
Archive administrator: postmaster@lists.cynapses.org