aMule Forum

English => Backtraces => Topic started by: phoenix on May 21, 2004, 02:32:33 PM

Title: More memory corruption I
Post by: phoenix on May 21, 2004, 02:32:33 PM

According to valgrind, the memory used in CUpDownClient::GetDownloadState has been previously freed in CClientReqSocket::Disconnect. cur_sock has been retrieved from socket_list in this routine:

Code: [Select]

void CListenSocket::Process()
{
// 042e + Kry changes for Destroy
NEWPOSITION pos2;
m_OpenSocketsInterval = 0;
opensockets = 0;
for(NEWPOSITION pos1 = socket_list.GetHeadPosition(); (pos2 = pos1) != NULL;) {
socket_list.GetNext(pos1);
CClientReqSocket* cur_sock = socket_list.GetAt(pos2);
opensockets++;

if (!cur_sock->OnDestroy) {
cur_sock->CheckTimeOut();
}
}
if ((GetOpenSockets()+5 < app_prefs->GetMaxConnections() || theApp.serverconnect->IsConnecting()) && !bListening) {
ReStartListening();
}
}
The call that originated the error, which is curiously not listed in the backtrace, was to this routine:

Code: [Select]

uint16 CPartFile::GetNotCurrentSourcesCount()
{
uint16 counter=0;

NEWPOSITION pos1,pos2;
for (int sl=0;sl for (pos1 = srclists[sl].GetHeadPosition();( pos2 = pos1 ) != NULL;){
srclists[sl].GetNext(pos1);
CUpDownClient* cur_src = srclists[sl].GetAt(pos2);
if (cur_src->GetDownloadState()!=DS_ONQUEUE && cur_src->GetDownloadState()!=DS_DOWNLOADING) {
counter++;
}
}
}
return counter;
}
The relevant line is the one with two calls to cur_src->GetDownloadState(). As we can see, cur_src was retrieved from srclists.

----------------
Valgrind output:
----------------
==888==
==888== Invalid read of size 1
==888==    at 0x8148000: CUpDownClient::GetDownloadState() (updownclient.h:277)
==888==    by 0x8184102: CDownloadListCtrl::DrawFileItem(wxDC*, int, RECT*, CtrlItem_Struct*) (DownloadListCtrl.cpp
:953)
==888==    by 0x8182217: CDownloadListCtrl::OnDrawItem(int, wxDC*, wxRect const&, wxRect const&, bool) (DownloadLis
tCtrl.cpp:489)
==888==    by 0x81CB15B: wxODListMainWindow::OnPaint(wxPaintEvent&) (listctrl.cpp:2999)
==888==    by 0x721E61: wxEvtHandler::SearchEventTable(wxEventTable&, wxEvent&) (in /usr/lib/libwx_gtk-2.4.so.0.1.1
)
==888==    by 0x721C8E: wxEvtHandler::ProcessEvent(wxEvent&) (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888==    by 0x6D6504: wxWindow::GtkSendPaintEvents() (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888==    by 0x6D62A8: wxWindow::GtkUpdate() (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888==    by 0x6D4F31: wxWindow::OnInternalIdle() (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888==    by 0x6868E3: wxApp::CallInternalIdle(wxWindow*) (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888==    Address 0x41CF7C26 is 382 bytes inside a block of size 572 free'd
==888==    at 0x36464C: __builtin_delete (vg_replace_malloc.c:244)
==888==    by 0x813F6EF: CClientReqSocket::Disconnect(CString) (ListenSocket.cpp:145)
==888==    by 0x813F497: CClientReqSocket::CheckTimeOut() (ListenSocket.cpp:115)
==888==    by 0x8146EA8: CListenSocket::Process() (ListenSocket.cpp:1841)
==888==    by 0x828CA97: TimerProc() (UploadQueue.cpp:756)
==888==    by 0x8295358: CamuleDlg::OnUQTimer(wxTimerEvent&) (amuleDlg.cpp:344)
==888==    by 0x721E61: wxEvtHandler::SearchEventTable(wxEventTable&, wxEvent&) (in /usr/lib/libwx_gtk-2.4.so.0.1.1
)
==888==    by 0x721C8E: wxEvtHandler::ProcessEvent(wxEvent&) (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888==    by 0x7AD866: wxTimerBase::Notify() (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888==    by 0x6CA96B: timeout_callback (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888==
==888== ---- Attach to GDB ? --- [Return/N/n/Y/y/C/c] ---- y
==888== starting GDB with cmd: /usr/bin/gdb -nw /proc/888/exe 888

---------------
gdb backtraces:
---------------

Code: [Select]

vg_do_syscall3 (syscallno=4294966784, arg1=992, arg2=0, arg3=0)
    at vg_mylibc.c:92
92      vg_mylibc.c: No such file or directory.
        in vg_mylibc.c
(gdb) bt
#0  vg_do_syscall3 (syscallno=4294966784, arg1=992, arg2=0, arg3=0)
    at vg_mylibc.c:92
#1  0x00be09fd in vgPlain_system (cmd=0x0) at vg_mylibc.c:1277
#2  0x00bdbe00 in vgPlain_start_GDB_whilst_on_client_stack () at vg_main.c:1816
#3  0x00be42ac in vgPlain_swizzle_esp_then_start_GDB ()
   from /usr/lib/valgrind/valgrind.so
#4  0x08148000 in CUpDownClient::GetDownloadState() (this=0xbff4b1e8)
    at updownclient.h:277
#5  0x08148000 in CUpDownClient::GetDownloadState() (this=0x41f49234)
    at updownclient.h:277
#6  0x08184103 in CDownloadListCtrl::DrawFileItem(wxDC*, int, RECT*, CtrlItem_Struct*) (this=0x5e43030, dc=0xbff4b840, nColumn=6, lpRect=0xbff4b6c0,
    lpCtrlItem=0x3e042a0) at DownloadListCtrl.cpp:953
#7  0x08182218 in CDownloadListCtrl::OnDrawItem(int, wxDC*, wxRect const&, wxRect const&, bool) (this=0x5e43030, item=13, dc=0xbff4b840, rect=@0xbff4b810,
    rectHL=@0xbff4b770, highlighted=false) at DownloadListCtrl.cpp:489
#8  0x081cb15c in wxODListMainWindow::OnPaint(wxPaintEvent&) (this=0x5e4383c)
    at listctrl.cpp:2999
#9  0x00721e62 in wxEvtHandler::SearchEventTable(wxEventTable&, wxEvent&) ()
   from /usr/lib/libwx_gtk-2.4.so.0
#10 0x00721c8f in wxEvtHandler::ProcessEvent(wxEvent&) ()
   from /usr/lib/libwx_gtk-2.4.so.0
#11 0x006d6505 in wxWindow::GtkSendPaintEvents() ()
   from /usr/lib/libwx_gtk-2.4.so.0
#12 0x006d62a9 in wxWindow::GtkUpdate() () from /usr/lib/libwx_gtk-2.4.so.0
#13 0x006d4f32 in wxWindow::OnInternalIdle() ()
   from /usr/lib/libwx_gtk-2.4.so.0
#14 0x006868e4 in wxApp::CallInternalIdle(wxWindow*) ()
   from /usr/lib/libwx_gtk-2.4.so.0
#15 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
   from /usr/lib/libwx_gtk-2.4.so.0
#16 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
   from /usr/lib/libwx_gtk-2.4.so.0
#17 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
   from /usr/lib/libwx_gtk-2.4.so.0
#18 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
   from /usr/lib/libwx_gtk-2.4.so.0
#19 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
   from /usr/lib/libwx_gtk-2.4.so.0
#20 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
   from /usr/lib/libwx_gtk-2.4.so.0
#21 0x00686780 in wxApp::ProcessIdle() () from /usr/lib/libwx_gtk-2.4.so.0
#22 0x0068610f in wxapp_idle_callback () from /usr/lib/libwx_gtk-2.4.so.0
#23 0x002a34ef in g_timeout_add () from /usr/lib/libglib-1.2.so.0
#24 0x002a235b in g_get_current_time () from /usr/lib/libglib-1.2.so.0
#25 0x002a2846 in g_get_current_time () from /usr/lib/libglib-1.2.so.0
#26 0x002a2af4 in g_main_run () from /usr/lib/libglib-1.2.so.0
#27 0x001b56af in gtk_main () from /usr/lib/libgtk-1.2.so.0
#28 0x006869f2 in wxApp::MainLoop() () from /usr/lib/libwx_gtk-2.4.so.0
#29 0x006d8610 in wxAppBase::OnRun() () from /usr/lib/libwx_gtk-2.4.so.0
#30 0x006870cd in wxEntry(int, char**) () from /usr/lib/libwx_gtk-2.4.so.0
#31 0x0828df7a in main (argc=1, argv=0xbff4c094) at amule.cpp:114
Current language:  auto; currently c
(gdb) bt full
#0  vg_do_syscall3 (syscallno=4294966784, arg1=992, arg2=0, arg3=0)
    at vg_mylibc.c:92
        __res = 4294966784
#1  0x00be09fd in vgPlain_system (cmd=0x0) at vg_mylibc.c:1277
        pid = 992
        res = -512
        environ = {0x0}
#2  0x00bdbe00 in vgPlain_start_GDB_whilst_on_client_stack () at vg_main.c:1816
        res = -512
        buf = "/usr/bin/gdb -nw /proc/888/exe 888\000Bb\000\000\000@¸ô¿L¹ô¿\021\000\000\000\177\f\177\003+\003\000\000\a\001\000\000b\000\000\000\021\000\000\000+\003\000\000\a\001\000\000b\000\000\000\021\000\000\000XTà\003¬\r\220\000ȱô¿"
#3  0x00be42ac in vgPlain_swizzle_esp_then_start_GDB ()
   from /usr/lib/valgrind/valgrind.so
No symbol table info available.
#4  0x08148000 in CUpDownClient::GetDownloadState() (this=0xbff4b1e8)
    at updownclient.h:277
No locals.
#5  0x08148000 in CUpDownClient::GetDownloadState() (this=0x41f49234)
    at updownclient.h:277
No locals.
#6  0x08184103 in CDownloadListCtrl::DrawFileItem(wxDC*, int, RECT*, CtrlItem_Struct*) (this=0x5e43030, dc=0xbff4b840, nColumn=6, lpRect=0xbff4b6c0,
    lpCtrlItem=0x3e042a0) at DownloadListCtrl.cpp:953
        sc = 47
        ncsc = 394
        clipper =
        buffer = {<> = {}, }
        lpPartFile = (class CPartFile *) 0x41f49234
#7  0x08182218 in CDownloadListCtrl::OnDrawItem(int, wxDC*, wxRect const&, wxRect const&, bool) (this=0x5e43030, item=13, dc=0xbff4b840, rect=@0xbff4b810,
    rectHL=@0xbff4b770, highlighted=false) at DownloadListCtrl.cpp:489
        iColumn = 6
        listitem = {<> = {}, m_mask = 98, m_itemId = 0,
  m_col = 0, m_state = 0, m_stateMask = 0, m_text = ,
  m_image = -1, m_data = 0, m_format = 0, m_width = 107, m_attr = 0x0,
  static sm_classwxListItem = {}}
        cx = 107
        iCurrent = 6
        content = (CtrlItem_Struct *) 0x3e042a0
        file = (class CPartFile *) 0x41f49234
        mypen =
        cur_rec = {left = 811, top = 263, right = 911, bottom = 280}
        tree_start = 638
        tree_end = 645

        notLast = true
        notFirst = true
        iOffset = 4
        iCount = 12
#8  0x081cb15c in wxODListMainWindow::OnPaint(wxPaintEvent&) (this=0x5e4383c)
    at listctrl.cpp:2999
        line = 13
        visibleTo = 16
        rectLine =
        xOrig = 0
        lineHeight = 20
        visibleFrom = 0
        yOrig = 0
        dc =
        dev_x = 0
        dev_y = 0
#9  0x00721e62 in wxEvtHandler::SearchEventTable(wxEventTable&, wxEvent&) ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#10 0x00721c8f in wxEvtHandler::ProcessEvent(wxEvent&) ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#11 0x006d6505 in wxWindow::GtkSendPaintEvents() ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#12 0x006d62a9 in wxWindow::GtkUpdate() () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#13 0x006d4f32 in wxWindow::OnInternalIdle() ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#14 0x006868e4 in wxApp::CallInternalIdle(wxWindow*) ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#15 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#16 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#17 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#18 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#19 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
#20 0x006868fc in wxApp::CallInternalIdle(wxWindow*) ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#21 0x00686780 in wxApp::ProcessIdle() () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#22 0x0068610f in wxapp_idle_callback () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#23 0x002a34ef in g_timeout_add () from /usr/lib/libglib-1.2.so.0
No symbol table info available.
#24 0x002a235b in g_get_current_time () from /usr/lib/libglib-1.2.so.0
No symbol table info available.
#25 0x002a2846 in g_get_current_time () from /usr/lib/libglib-1.2.so.0
No symbol table info available.
#26 0x002a2af4 in g_main_run () from /usr/lib/libglib-1.2.so.0
No symbol table info available.
#27 0x001b56af in gtk_main () from /usr/lib/libgtk-1.2.so.0
No symbol table info available.
#28 0x006869f2 in wxApp::MainLoop() () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#29 0x006d8610 in wxAppBase::OnRun() () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#30 0x006870cd in wxEntry(int, char**) () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#31 0x0828df7a in main (argc=1, argv=0xbff4c094) at amule.cpp:114
No locals.