Topic: More memory corruption II (Read 2273 times)

phoenix · « **on:** May 21, 2004, 02:35:28 PM »

Now this shows that there's definetrly something stinky here. The wxListItem destructor that appears in the valgrind backtrace was called for the destruction of a local variable "item" in wxODListMainWindow::FindItem. This varible was surely NOT in any other list. This is memory corruption. But where?????

==888==
==888== Invalid read of size 4
==888== at 0x8147EC4: CUpDownClient::GetIP() (updownclient.h:146)
==888== by 0x8174EFE: CClientUDPSocket::ProcessPacket(char*, unsigned short, unsigned char, char*, unsigned short) (ClientUDPSocket.cpp:180)
==888== by 0x817473D: CClientUDPSocket::OnReceive(int) (ClientUDPSocket.cpp:92)
==888== by 0x8295894: CamuleDlg::socketHandler(wxSocketEvent&) (amuleDlg.cpp:493)
==888== by 0x721E61: wxEvtHandler::SearchEventTable(wxEventTable&, wxEvent&) (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888== by 0x721C8E: wxEvtHandler::ProcessEvent(wxEvent&) (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888== by 0x721BCA: wxEvtHandler::ProcessPendingEvents() (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888== by 0x6D8758: wxAppBase::ProcessPendingEvents() (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888== by 0x68683E: wxApp::OnIdle(wxIdleEvent&) (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888== by 0x721E61: wxEvtHandler::SearchEventTable(wxEventTable&, wxEvent&) (in /usr/lib/libwx_gtk-2.4.so.0.1.1)
==888== Address 0x41CF7ACC is 0 bytes after a block of size 36 free'd
==888== at 0x36464C: __builtin_delete (vg_replace_malloc.c:244)
==888== by 0x818961F: wxListItem::~wxListItem() (listbase.h:210)
==888== by 0x81CEEDA: wxODListMainWindow::FindItem(long, long) (listctrl.cpp:4569)
==888== by 0x81D0A34: wxODGenericListCtrl::FindItem(long, long) (listctrl.cpp:5278)
==888== by 0x8183820: CDownloadListCtrl::UpdateItem(void*) (DownloadListCtrl.cpp:805)
==888== by 0x817D3AC: CUpDownClient::UpdateDisplayedInfo(bool) (DownloadClient.cpp:1197)
==888== by 0x817B756: CUpDownClient::SetDownloadState(unsigned char) (DownloadClient.cpp:603)
==888== by 0x8155DE1: CUpDownClient::ConnectionEstablished() (BaseClient.cpp:1296)
==888== by 0x813F884: CClientReqSocket::ProcessPacket(char*, unsigned, unsigned char) (ListenSocket.cpp:203)
==888== by 0x81461ED: CClientReqSocket::PacketReceived(Packet*) (ListenSocket.cpp:1702)
==888==
==888== ---- Attach to GDB ? --- [Return/N/n/Y/y/C/c] ---- y
==888== starting GDB with cmd: /usr/bin/gdb -nw /proc/888/exe 888

Code: [Select]

#0  vg_do_syscall3 (syscallno=4294966784, arg1=5837, arg2=0, arg3=0)
    at vg_mylibc.c:92
#1  0x00be09fd in vgPlain_system (cmd=0x0) at vg_mylibc.c:1277
#2  0x00bdbe00 in vgPlain_start_GDB_whilst_on_client_stack () at vg_main.c:1816
#3  0x00be42ac in vgPlain_swizzle_esp_then_start_GDB ()
   from /usr/lib/valgrind/valgrind.so
#4  0x08147ec4 in CUpDownClient::GetIP() (this=0xbff4a738)
    at updownclient.h:146
#5  0x08147ec4 in CUpDownClient::GetIP() (this=0x40f4e3b4)
    at updownclient.h:146
#6  0x08174eff in CClientUDPSocket::ProcessPacket(char*, unsigned short, unsigned char, char*, unsigned short) (this=0x40efc154, packet=0xbff4a8a2 "", size=4,
    opcode=145 '\221', host=0x40f8950c "81.56.24.58", port=4672)
    at ClientUDPSocket.cpp:180
#7  0x0817473e in CClientUDPSocket::OnReceive(int) (this=0x40efc154,
    nErrorCode=0) at ClientUDPSocket.cpp:92
#8  0x08295895 in CamuleDlg::socketHandler(wxSocketEvent&) (this=0x3e5982c,
    event=@0x438a7c54) at amuleDlg.cpp:493
#9  0x00721e62 in wxEvtHandler::SearchEventTable(wxEventTable&, wxEvent&) ()
   from /usr/lib/libwx_gtk-2.4.so.0
#10 0x00721c8f in wxEvtHandler::ProcessEvent(wxEvent&) ()
   from /usr/lib/libwx_gtk-2.4.so.0
#11 0x00721bcb in wxEvtHandler::ProcessPendingEvents() ()
   from /usr/lib/libwx_gtk-2.4.so.0
#12 0x006d8759 in wxAppBase::ProcessPendingEvents() ()
   from /usr/lib/libwx_gtk-2.4.so.0
#13 0x0068683f in wxApp::OnIdle(wxIdleEvent&) ()
   from /usr/lib/libwx_gtk-2.4.so.0
#14 0x00721e62 in wxEvtHandler::SearchEventTable(wxEventTable&, wxEvent&) ()
   from /usr/lib/libwx_gtk-2.4.so.0
#15 0x00721c8f in wxEvtHandler::ProcessEvent(wxEvent&) ()
   from /usr/lib/libwx_gtk-2.4.so.0
#16 0x006867c1 in wxApp::ProcessIdle() () from /usr/lib/libwx_gtk-2.4.so.0
#17 0x0068610f in wxapp_idle_callback () from /usr/lib/libwx_gtk-2.4.so.0
#18 0x002a34ef in g_timeout_add () from /usr/lib/libglib-1.2.so.0
#19 0x002a235b in g_get_current_time () from /usr/lib/libglib-1.2.so.0
#20 0x002a2846 in g_get_current_time () from /usr/lib/libglib-1.2.so.0
#21 0x002a2af4 in g_main_run () from /usr/lib/libglib-1.2.so.0
#22 0x001b56af in gtk_main () from /usr/lib/libgtk-1.2.so.0
#23 0x006869f2 in wxApp::MainLoop() () from /usr/lib/libwx_gtk-2.4.so.0
#24 0x006d8610 in wxAppBase::OnRun() () from /usr/lib/libwx_gtk-2.4.so.0
#25 0x006870cd in wxEntry(int, char**) () from /usr/lib/libwx_gtk-2.4.so.0
#26 0x0828df7a in main (argc=1, argv=0xbff4c094) at amule.cpp:114
Current language:  auto; currently c
(gdb) bt full
#0  vg_do_syscall3 (syscallno=4294966784, arg1=5837, arg2=0, arg3=0)
    at vg_mylibc.c:92
        __res = 4294966784
#1  0x00be09fd in vgPlain_system (cmd=0x0) at vg_mylibc.c:1277
        pid = 5837
        res = -512
        environ = {0x0}
#2  0x00bdbe00 in vgPlain_start_GDB_whilst_on_client_stack () at vg_main.c:1816
        res = -512
        buf = "/usr/bin/gdb -nw /proc/888/exe 888\000¿\027\030\031\bÐ¦ô¿èãô@è¦ô¿#\030\031\bÐ¦ô¿", '\0' , "d2\207C\2341\207C\2343\207Cø>à\005\000l\n\001¬\r\220\000\b§ô¿"
#3  0x00be42ac in vgPlain_swizzle_esp_then_start_GDB ()
   from /usr/lib/valgrind/valgrind.so
No symbol table info available.
#4  0x08147ec4 in CUpDownClient::GetIP() (this=0xbff4a738)
    at updownclient.h:146
No locals.
#5  0x08147ec4 in CUpDownClient::GetIP() (this=0x40f4e3b4)
    at updownclient.h:146
No locals.
#6  0x08174eff in CClientUDPSocket::ProcessPacket(char*, unsigned short, unsigned char, char*, unsigned short) (this=0x40efc154, packet=0xbff4a8a2 "", size=4, opcode=145 '\221', host=0x40f8950c "81.56.24.58", port=4672) at ClientUDPSocket.cpp:180
        sender = (CUpDownClient *) 0x358fc0
#7  0x0817473e in CClientUDPSocket::OnReceive(int) (this=0x40efc154, nErrorCode=0) at ClientUDPSocket.cpp:92
        buffer = "Å\221\000\000r\036%ø\031!júÆ\032*n_cP\205Ó©6\022\006\000\000\000\002\001\000\001&\000some file name some file name some.mpg\003\001\000\002\004(\t3\003\001\000\025\006\000\000\000\003\a\000bitrate®v\000\000\002\005\000codec\004\000div3\002\006\000length\a\0001:40:22\000\000\020\000\000\000\001\000\000\000`<\t\001\001\000\000\000ÿÿÿÿ\003\000\000\000\000\000\000À\036W:@x©ô¿´\\%\000Tw$\000\000\000\000\000\032\000\000\000\005\000\000\000\003\000\000\000\f", '\0' ...
        serverbuffer = 
        addr = 
        length = 6
        addr_in = {s_addr = 974665809}
        fromIP = 0x40f8950c "81.56.24.58"
#8  0x08295895 in CamuleDlg::socketHandler(wxSocketEvent&) (this=0x3e5982c, event=@0x438a7c54) at amuleDlg.cpp:493
        soc = (class CClientUDPSocket *) 0x40efc154
        current_socket = (struct wxSocketBase *) 0x40efc154
#9  0x00721e62 in wxEvtHandler::SearchEventTable(wxEventTable&, wxEvent&) ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#10 0x00721c8f in wxEvtHandler::ProcessEvent(wxEvent&) ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#11 0x00721bcb in wxEvtHandler::ProcessPendingEvents() ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#12 0x006d8759 in wxAppBase::ProcessPendingEvents() ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#13 0x0068683f in wxApp::OnIdle(wxIdleEvent&) ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#14 0x00721e62 in wxEvtHandler::SearchEventTable(wxEventTable&, wxEvent&) ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#15 0x00721c8f in wxEvtHandler::ProcessEvent(wxEvent&) ()
   from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#16 0x006867c1 in wxApp::ProcessIdle() () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#17 0x0068610f in wxapp_idle_callback () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#18 0x002a34ef in g_timeout_add () from /usr/lib/libglib-1.2.so.0
No symbol table info available.
#19 0x002a235b in g_get_current_time () from /usr/lib/libglib-1.2.so.0
No symbol table info available.
#20 0x002a2846 in g_get_current_time () from /usr/lib/libglib-1.2.so.0
No symbol table info available.
#21 0x002a2af4 in g_main_run () from /usr/lib/libglib-1.2.so.0
No symbol table info available.
#22 0x001b56af in gtk_main () from /usr/lib/libgtk-1.2.so.0
No symbol table info available.
#23 0x006869f2 in wxApp::MainLoop() () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#24 0x006d8610 in wxAppBase::OnRun() () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#25 0x006870cd in wxEntry(int, char**) () from /usr/lib/libwx_gtk-2.4.so.0
No symbol table info available.
#26 0x0828df7a in main (argc=1, argv=0xbff4c094) at amule.cpp:114
No locals.
(gdb)

Kry · « **Reply #1 on:** May 21, 2004, 04:01:26 PM »

we're double-deleting a socket OR we're processing a socket deleted.

The first one is unlikely. I added a check code and it's not happening that.

So we're processing a deleted socket, probably. I made changes to socket handling that you SHOULD see and test, so come to irc.

aMule Forum

News:

Author Topic: More memory corruption II (Read 2273 times)

phoenix

More memory corruption II

Kry

Re: More memory corruption II