Topic: aMule 2.2.0 crashes whenever I get a message (Read 5071 times)

Excalibre · « **on:** January 02, 2008, 07:41:02 PM »

I'm running aMule 2.2.0 on Ubuntu Gutsy-64 and it crashes whenever I receive a message, which means every couple hours when I get a spam message the thing goes down. Every log file ends with me receiving a message. I'm running one of the distro-specific packages and I'm now trying filtering all incoming messages (don't know if it's working yet) but I wanted to know if this is a behavior anyone else has seen.

Stu Redman · « **Reply #1 on:** January 03, 2008, 12:17:45 AM »

Yes, I've seen that and tried to backtrace it. Seems like the wxString carrying the message gets so broken that aMule crashes on access of it.

At a quick glance I would suggest to change ClientTCPSocket.cpp/ProcessPacket

Code: [Select]

			wxString message = message_file.ReadString(m_client->GetUnicodeSupport());

to

Code: [Select]

			wxString message = message_file.ReadString(m_client->GetUnicodeSupport(), 2, true);

to activate SafeRead mode of CMemFile/CFileDataIO::Readstring .
As it is now, a malicious or buggy client can send a message with a longer length preceeding the content, and Readstring reads happily beyond its buffer.
I haven't tested it though. I had the crashes one evening, and never since, so I'm convinced they are provoked by certain malformed packets from outside.

Cheers, Stu

skolnick · « **Reply #2 on:** January 03, 2008, 04:45:48 AM »

Yep, I've also seen this, but since my amule is usually compiled with no debug, I could never post a useful backtrace. Thanks for the suggestion, sturedman.

Regards.

phoenix · « **Reply #3 on:** January 03, 2008, 01:01:07 PM »

sturedman,

Your suggestion was accepted, your modification has been committed.

Thanks a lot!

Xaignar · « **Reply #4 on:** January 04, 2008, 09:26:22 PM »

Actually, this shouldn't fix it, and moreover, is probably the wrong approch anyway:

The reason why it shouldn't fix it, is that we already handle any EOF exceptions that might result from trying to read a too long string (it's handled in CClientTCPSocket::PacketReceived where ProcessPacket is called from). Hence, no crash should result, suggesting that the problem lies elsewhere. CMemFile::doRead itself does not permit readings beyond its buffer, happily or not, and if it does happen, then it's CMemFile that should be fixed.

And as we now have no idea if the client sent a (possibly) corrupted message packet, we now cannot do the appropriate thing. In fact, given that the package is corrupted, we might even display an invalid string (making me wonder why we have "SafeRead" in the first place).

So I would vote for reverting that commit. If that was the cause, then amule should display an appropriate message on the console ("Terminated after throwing an instance of ..."), due to the unhandled exception, and I would ask Excalibre to try running aMule from a console and checking for any such error-messages.

sturedman, if you have a backtrace, please post it.

Stu Redman · « **Reply #5 on:** January 04, 2008, 09:45:14 PM »

Sorry, don't have it anymore.

The crash was definitely not in the reception of the message packet. It was on access of the wxString carrying the message when amuled tried to send it to the remotegui (then I was working on that feature). Seems the wxString structure itself got corrupted somehow, strange as it may sound.

kuanto · « **Reply #6 on:** January 04, 2008, 11:09:50 PM »

Quote from: Xaignar on January 04, 2008, 09:26:22 PM

sturedman, if you have a backtrace, please post it.

I posted a backtrace about this crash some time ago here: http://forum.amule.org/index.php?topic=13914.0

EDIT: grammar: post->posted

Xaignar · « **Reply #7 on:** January 04, 2008, 11:27:57 PM »

Quote from: kuanto on January 04, 2008, 11:09:50 PM

I post a backtrace about this crash some time ago here: http://forum.amule.org/index.php?topic=13914.0

Am I understanding you correctly that the crash can be avoided either by filtering all messages, or by disabling GeoIP?

kuanto · « **Reply #8 on:** January 04, 2008, 11:32:59 PM »

Quote from: Xaignar on January 04, 2008, 11:27:57 PM

Quote from: kuanto on January 04, 2008, 11:09:50 PM
I post a backtrace about this crash some time ago here: http://forum.amule.org/index.php?topic=13914.0
Am I understanding you correctly that the crash can be avoided either by filtering all messages, or by disabling GeoIP?

Yes, that is what happens inmy machine.

Stu Redman · « **Reply #9 on:** January 04, 2008, 11:44:26 PM »

I'm afraid I mixed two things up.

The crash I was talking about all the time occured on arrival of a certain file comment.
The subject here is a message however. So ignore my comments please.

phoenix · « **Reply #10 on:** January 05, 2008, 12:45:02 AM »

Xaignar, ok I have reverted the patch.

aMule Forum

News:

Author Topic: aMule 2.2.0 crashes whenever I get a message (Read 5071 times)

Excalibre

aMule 2.2.0 crashes whenever I get a message

Stu Redman

Re: aMule 2.2.0 crashes whenever I get a message

skolnick

Re: aMule 2.2.0 crashes whenever I get a message

phoenix

Re: aMule 2.2.0 crashes whenever I get a message

Xaignar

Re: aMule 2.2.0 crashes whenever I get a message

Stu Redman

Re: aMule 2.2.0 crashes whenever I get a message

kuanto

Re: aMule 2.2.0 crashes whenever I get a message

Xaignar

Re: aMule 2.2.0 crashes whenever I get a message

kuanto

Re: aMule 2.2.0 crashes whenever I get a message

Stu Redman

Re: aMule 2.2.0 crashes whenever I get a message

phoenix

Re: aMule 2.2.0 crashes whenever I get a message