[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crash in sftp_readdir (git) - SOLVED

Subject: Re: Crash in sftp_readdir (git) - SOLVED
From: Aris Adamantiadis <aris@xxxxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Sun, 11 Oct 2009 12:42:18 +0200
To: libssh@xxxxxxxxxx

Thanks for finding this :) It's due to a broken cut and paste whiledoing the last changes...


Aris

Vic Lee a écrit :

Hi,

Oh, after checking all mallocs it turned out to be an easy fix. :)
Please see the patch.

Vic

On Sun, 2009-10-11 at 14:09 +0800, Vic Lee wrote:

Hi,

Actually samplessh also crash with the same behavior. Please see my
session:

vic@vic-eeepc:~/git/libssh/build$vic@vic-eeepc:~/git/libssh/build$ ln -s ./samplessh ./sftp

vic@vic-eeepc:~/git/libssh/build$ ./sftp -l "Vic Lee" -r 192.168.0.1
supported auth methods: publickey, keyboard-interactive
Additional SFTP extensions provided by the server:
	posix-rename@xxxxxxxxxxx, version: 1
	statvfs@xxxxxxxxxxx, version: 2
	fstatvfs@xxxxxxxxxxx, version: 2
*** glibc detected *** ./sftp: free(): invalid next size (fast):
0x08594690 ***
======= Backtrace: =========
/lib/i686/cmov/libc.so.6[0xb7e678f4]
/lib/i686/cmov/libc.so.6(cfree+0x96)[0xb7e69896]
/home/vic/git/libssh/build/libssh/libssh.so.4[0xb8060456]
/home/vic/git/libssh/build/libssh/libssh.so.4(sftp_symlink
+0x2d9)[0xb80640e3]
./sftp(do_sftp+0x1b5)[0x804ad43]
./sftp(main+0x7cc)[0x804c18e]
/lib/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7e0f7a5]
./sftp[0x8049ff1]
======= Memory map: ========
08048000-0804d000 r-xp 00000000 08:11
231033     /home/vic/git/libssh/build/samplessh
0804d000-0804e000 rw-p 00005000 08:11
231033     /home/vic/git/libssh/build/samplessh
0858e000-085af000 rw-p 00000000 00:00 0          [heap]

b7c00000-b7c21000 rw-p 00000000 00:00 0b7c21000-b7d00000 ---p 00000000 00:00 0b7d7d000-b7da7000 r-xp 00000000 08:01 54101 /lib/libgcc_s.so.1

b7da7000-b7da8000 rw-p 00029000 08:01 54101      /lib/libgcc_s.so.1
b7dba000-b7dc4000 r-xp 00000000 08:01
25124      /lib/i686/cmov/libnss_files-2.9.so
b7dc4000-b7dc5000 r--p 00009000 08:01
25124      /lib/i686/cmov/libnss_files-2.9.so
b7dc5000-b7dc6000 rw-p 0000a000 08:01
25124      /lib/i686/cmov/libnss_files-2.9.so
b7dc6000-b7dcf000 r-xp 00000000 08:01
25136      /lib/i686/cmov/libnss_nis-2.9.so
b7dcf000-b7dd0000 r--p 00008000 08:01
25136      /lib/i686/cmov/libnss_nis-2.9.so
b7dd0000-b7dd1000 rw-p 00009000 08:01
25136      /lib/i686/cmov/libnss_nis-2.9.so
b7dd1000-b7dd8000 r-xp 00000000 08:01
25116      /lib/i686/cmov/libnss_compat-2.9.so
b7dd8000-b7dd9000 r--p 00006000 08:01
25116      /lib/i686/cmov/libnss_compat-2.9.so
b7dd9000-b7dda000 rw-p 00007000 08:01
25116      /lib/i686/cmov/libnss_compat-2.9.so

b7dda000-b7ddb000 rw-p 00000000 00:00 0b7ddb000-b7dde000 r-xp 00000000 08:01

181030     /usr/lib/libgpg-error.so.0.4.0
b7dde000-b7ddf000 rw-p 00002000 08:01
181030     /usr/lib/libgpg-error.so.0.4.0
b7ddf000-b7df4000 r-xp 00000000 08:01
25140      /lib/i686/cmov/libpthread-2.9.so
b7df4000-b7df5000 r--p 00014000 08:01
25140      /lib/i686/cmov/libpthread-2.9.so
b7df5000-b7df6000 rw-p 00015000 08:01
25140      /lib/i686/cmov/libpthread-2.9.so

b7df6000-b7df9000 rw-p 00000000 00:00 0b7df9000-b7f51000 r-xp 00000000 08:01

25104      /lib/i686/cmov/libc-2.9.so
b7f51000-b7f52000 ---p 00158000 08:01
25104      /lib/i686/cmov/libc-2.9.so
b7f52000-b7f54000 r--p 00158000 08:01
25104      /lib/i686/cmov/libc-2.9.so
b7f54000-b7f55000 rw-p 0015a000 08:01
25104      /lib/i686/cmov/libc-2.9.so

b7f55000-b7f58000 rw-p 00000000 00:00 0b7f58000-b7fca000 r-xp 00000000 08:01

185475     /usr/lib/libgcrypt.so.11.5.2
b7fca000-b7fcd000 rw-p 00072000 08:01
185475     /usr/lib/libgcrypt.so.11.5.2
b7fcd000-b7fe1000 r-xp 00000000 08:01
181408     /usr/lib/libz.so.1.2.3.3
b7fe1000-b7fe2000 rw-p 00013000 08:01
181408     /usr/lib/libz.so.1.2.3.3
b7fe2000-b7fe9000 r-xp 00000000 08:01
25134      /lib/i686/cmov/librt-2.9.so
b7fe9000-b7fea000 r--p 00006000 08:01
25134      /lib/i686/cmov/librt-2.9.so
b7fea000-b7feb000 rw-p 00007000 08:01
25134      /lib/i686/cmov/librt-2.9.so
b7feb000-b7ffd000 r-xp 00000000 08:01
24592      /lib/i686/cmov/libresolv-2.9.so
b7ffd000-b7ffe000 r--p 00011000 08:01
24592      /lib/i686/cmov/libresolv-2.9.so
b7ffe000-b7fff000 rw-p 00012000 08:01
24592      /lib/i686/cmov/libresolv-2.9.so

b7fff000-b8002000 rw-p 00000000 00:00 0b8002000-b8017000 r-xp 00000000 08:01

25128      /lib/i686/cmov/libnsl-2.9.so
b8017000-b8018000 r--p 00014000 08:01
25128      /lib/i686/cmov/libnsl-2.9.so
b8018000-b8019000 rw-p 00015000 08:01
25128      /lib/i686/cmov/libnsl-2.9.so

b8019000-b801b000 rw-p 00000000 00:00 0b8028000-b8029000 rw-p 00000000 00:00 0b8029000-b802d000 rw-p 00000000 00:00 0b802d000-b806d000 r-xp 00000000 08:11

231080     /home/vic/git/libssh/build/libssh/libssh.so.4.0.0
b806d000-b806e000 rw-p 00040000 08:11
231080     /home/vic/git/libssh/build/libssh/libssh.so.4.0.0

b806e000-b8073000 rw-p 00000000 00:00 0b8073000-b8074000 r-xp 00000000 00:00 0 [vdso]

b8074000-b8090000 r-xp 00000000 08:01 18892      /lib/ld-2.9.so
b8090000-b8091000 r--p 0001b000 08:01 18892      /lib/ld-2.9.so
b8091000-b8092000 rw-p 0001c000 08:01 18892      /lib/ld-2.9.so
bfb05000-bfb1a000 rw-p 00000000 00:00 0          [stack]
Aborted

vic@vic-eeepc:~/git/libssh/build$

Thanks,
Vic

On Sun, 2009-10-11 at 08:03 +0800, Vic Lee wrote:

Hi,

I encountered permanent crash when calling sftp_readdir with the latest
git version. I am not quite sure how to fix it this time. This is what I
got in gdb, please help:

#0  0xb8080424 in __kernel_vsyscall ()
(gdb) up
#1  0xb75a23d0 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
	in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb)#2 0xb75a5a85 in *__GI_abort () at abort.c:88
88	abort.c: No such file or directory.
	in abort.c
(gdb)#3 0xb75db2ed in __libc_message (do_abort=2,fmt=0xb76b8328 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:173
173	../sysdeps/unix/sysv/linux/libc_fatal.c: No such file or directory.
	in ../sysdeps/unix/sysv/linux/libc_fatal.c
(gdb)#4 0xb75e58f4 in malloc_printerr (action=2,str=0xb76b8374 "free(): invalid next size (fast)", ptr=0x853c9c8)
    at malloc.c:5994
5994	malloc.c: No such file or directory.
	in malloc.c
(gdb)#5 0xb75e7896 in *__GI___libc_free (mem=0x853c9c8) at malloc.c:3625
3625	in malloc.c
(gdb)#6 0xb773f456 in status_msg_free (status=0x853c9c8)
    at /home/vic/git/libssh/libssh/sftp.c:774
774	  SAFE_FREE(status);
(gdb)#7 0xb7740738 in sftp_readdir (sftp=0x8520b28, dir=0x8527990)
    at /home/vic/git/libssh/libssh/sftp.c:1323
1323	            status_msg_free(status);
(gdb)#8 0x08075388 in remmina_sftp_window_on_opendir (window=0x8548820,dir=0x807b1b6 ".", data=0x0) at remminasftpwindow.c:598
598	    while ((sftpattr = sftp_readdir (window->sftp->sftp_sess,
sftpdir)))
(gdb)
Vic

References:
Crash in sftp_readdir (git)	Vic Lee <llyzs@xxxxxxx>
Re: Crash in sftp_readdir (git)	Vic Lee <llyzs@xxxxxxx>
Re: Crash in sftp_readdir (git) - SOLVED	Vic Lee <llyzs@xxxxxxx>

Archive administrator: postmaster@lists.cynapses.org