aMule Forum
English => en_Bugs => Topic started by: ced on November 27, 2005, 05:39:22 PM
-
Bug when connect to external port connection with special requests.
Here the code to reproduce the bug:
/*
Bug in ECSocket code
- aMule-2.0.3:
amuled segfault
- aMule-CVS-20051127:
enter infinite loop error after the socket 10sec timeout
(ECSocket error: Invalid socket (uninitialized)).
webserver and amulecmd segfault when you connect
to external port connection.
Amuled don't crash but seriously disturbed
Probably buggy on previous cvs version but not tested.
*/
#include
#include
#include
#include
#include
int main(int argc, char **argv)
{
struct sockaddr_in to;
char buf[8];
int sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (sock < 0) {
perror("socket");
return -1;
}
to.sin_addr.s_addr = inet_addr("10.0.0.1");
to.sin_port = htons(4712);
to.sin_family = AF_INET;
if (connect(sock, (const struct sockaddr *)&to, sizeof(to)) < 0) {
perror("connect");
return -1;
}
memset(buf, 0, 8);
memcpy(buf, "\x01", 1);
strcat(buf, "ed2k");
send(sock, "\x20", 1, 0);
send(sock, buf, strlen(buf), 0);
close(sock);
return 0;
}
Anyone can confirm bug.
-
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 7247)]
0x403e165f in memcpy () from /lib/libc.so.6
(gdb) bt
#0 0x403e165f in memcpy () from /lib/libc.so.6
#1 0x080ab094 in ECSocket::ReadBuffer (this=0x9584d60, buffer=0x4096b008, len=1278269979) at ECSocket.cpp:459
#2 0x080ad55c in CECTag (this=0xbffff3a0, socket=@0x9584d60) at ECPacket.cpp:436
#3 0x080ad75e in CECTag::ReadChildren (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:483
#4 0x080ad4f0 in CECTag (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:428
#5 0x080ad75e in CECTag::ReadChildren (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:483
#6 0x080ad4f0 in CECTag (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:428
#7 0x080ad75e in CECTag::ReadChildren (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:483
#8 0x080adbb3 in CECPacket (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:728
#9 0x080ab8f5 in ECSocket::ReadPacket (this=0x9584d60) at ECSocket.cpp:691
#10 0x080c7f1b in ExternalConn::OnSocketEvent (this=0x9457a18, event=@0x9668a98) at ExternalConn.cpp:149
#11 0x400db5f7 in wxAppConsole::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
#12 0x40186e70 in wxEvtHandler::ProcessEventIfMatches () from /usr/lib/libwx_base-2.6.so.0
#13 0x401862df in wxEventHashTable::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
#14 0x40187010 in wxEvtHandler::ProcessEvent () from /usr/lib/libwx_base-2.6.so.0
#15 0x40186db6 in wxEvtHandler::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
#16 0x400db579 in wxAppConsole::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
#17 0x080645d6 in CamuleDaemonApp::OnRun (this=0x84145d8) at amuled.cpp:397
#18 0x40120fa8 in wxEntry () from /usr/lib/libwx_base-2.6.so.0
#19 0x08063678 in main (argc=1, argv=0xbffff7f4) at amuled.cpp:124
(gdb) bt full
#0 0x403e165f in memcpy () from /lib/libc.so.6
No symbol table info available.
#1 0x080ab094 in ECSocket::ReadBuffer (this=0x9584d60, buffer=0x4096b008, len=1278269979) at ECSocket.cpp:459
No locals.
#2 0x080ad55c in CECTag (this=0xbffff3a0, socket=@0x9584d60) at ECPacket.cpp:436
No locals.
#3 0x080ad75e in CECTag::ReadChildren (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:483
i = 0
tmp_tagCount = 13584
#4 0x080ad4f0 in CECTag (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:428
No locals.
#5 0x080ad75e in CECTag::ReadChildren (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:483
i = 0
tmp_tagCount = 47990
#6 0x080ad4f0 in CECTag (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:428
No locals.
#7 0x080ad75e in CECTag::ReadChildren (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:483
i = 1
tmp_tagCount = 25956
#8 0x080adbb3 in CECPacket (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:728
No locals.
#9 0x080ab8f5 in ECSocket::ReadPacket (this=0x9584d60) at ECSocket.cpp:691
flags = 32
p = (class CECPacket *) 0x0
#10 0x080c7f1b in ExternalConn::OnSocketEvent (this=0x9457a18, event=@0x9668a98) at ExternalConn.cpp:149
sock = (class ECSocket *) 0x9584d60
request = (class CECPacket *) 0x0
response = (class CECPacket *) 0x0
#11 0x400db5f7 in wxAppConsole::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
#12 0x40186e70 in wxEvtHandler::ProcessEventIfMatches () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
#13 0x401862df in wxEventHashTable::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
#14 0x40187010 in wxEvtHandler::ProcessEvent () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
#15 0x40186db6 in wxEvtHandler::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
#16 0x400db579 in wxAppConsole::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
#17 0x080645d6 in CamuleDaemonApp::OnRun (this=0x84145d8) at amuled.cpp:397
No locals.
#18 0x40120fa8 in wxEntry () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
#19 0x08063678 in main (argc=1, argv=0xbffff7f4) at amuled.cpp:124
No locals.
(gdb) thread apply all bt
Thread 4 (Thread 32771 (LWP 7253)):
#0 0x4002f186 in nanosleep () from /lib/libpthread.so.0
#1 0x00000000 in ?? ()
#2 0x4018b42a in wxMicroSleep () from /usr/lib/libwx_base-2.6.so.0
#3 0x4018b465 in wxMilliSleep () from /usr/lib/libwx_base-2.6.so.0
#4 0x4018376f in wxThread::Sleep () from /usr/lib/libwx_base-2.6.so.0
#5 0x08171606 in CTimer::CTimerThread::Entry (this=0x841b0e0) at Timer.cpp:100
#6 0x4018314b in wxThreadInternal::PthreadStart () from /usr/lib/libwx_base-2.6.so.0
#7 0x4018301f in wxPthreadStart () from /usr/lib/libwx_base-2.6.so.0
#8 0x400294eb in pthread_start_thread () from /lib/libpthread.so.0
#9 0x4002957f in pthread_start_thread_event () from /lib/libpthread.so.0
#10 0x4042fb0a in clone () from /lib/libc.so.6
Thread 2 (Thread 32769 (LWP 7250)):
#0 0x404272da in poll () from /lib/libc.so.6
#1 0x40028990 in __pthread_manager () from /lib/libpthread.so.0
#2 0x40028bb7 in __pthread_manager_event () from /lib/libpthread.so.0
#3 0x4042fb0a in clone () from /lib/libc.so.6
Thread 1 (Thread 16384 (LWP 7247)):
#0 0x403e165f in memcpy () from /lib/libc.so.6
#1 0x080ab094 in ECSocket::ReadBuffer (this=0x9584d60, buffer=0x4096b008, len=1278269979) at ECSocket.cpp:459
#2 0x080ad55c in CECTag (this=0xbffff3a0, socket=@0x9584d60) at ECPacket.cpp:436
#3 0x080ad75e in CECTag::ReadChildren (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:483
#4 0x080ad4f0 in CECTag (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:428
#5 0x080ad75e in CECTag::ReadChildren (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:483
#6 0x080ad4f0 in CECTag (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:428
#7 0x080ad75e in CECTag::ReadChildren (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:483
#8 0x080adbb3 in CECPacket (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:728
#9 0x080ab8f5 in ECSocket::ReadPacket (this=0x9584d60) at ECSocket.cpp:691
#10 0x080c7f1b in ExternalConn::OnSocketEvent (this=0x9457a18, event=@0x9668a98) at ExternalConn.cpp:149
#11 0x400db5f7 in wxAppConsole::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
#12 0x40186e70 in wxEvtHandler::ProcessEventIfMatches () from /usr/lib/libwx_base-2.6.so.0
#13 0x401862df in wxEventHashTable::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
#14 0x40187010 in wxEvtHandler::ProcessEvent () from /usr/lib/libwx_base-2.6.so.0
#15 0x40186db6 in wxEvtHandler::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
#16 0x400db579 in wxAppConsole::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
#17 0x080645d6 in CamuleDaemonApp::OnRun (this=0x84145d8) at amuled.cpp:397
#18 0x40120fa8 in wxEntry () from /usr/lib/libwx_base-2.6.so.0
#19 0x08063678 in main (argc=1, argv=0xbffff7f4) at amuled.cpp:124
-
You don't need special program to reproduce this bug: remote gui hit it just fine: do some searches with enough results and:
Remote GUI EC event handler
LOG: Succeeded! Connection established to aMule CVS
LOG:
LOG: - This is aMule CVS using wxGTK2 v2.7.0 (Snapshot: rev. 5885) based on eMule.
LOG: Running on Linux 2.6.12.3-profile i686
LOG: - Visit [URL]http://www.amule.org[/URL] to check if a new version is available.
LOG:
CECSocket error: The timeout for this operation expired
CECSocket error: Invalid socket (uninitialized)
CECSocket error: Invalid socket (uninitialized)
Remote GUI EC event handler
LOG: Connection failure
Going down
CECSocket error: Invalid socket (uninitialized)
CECSocket error: Invalid socket (uninitialized)
-
I program an extension for firefox to handle ed2k link via XPCOM and send request to external port connection, I have tested with a small C program (pasted above) in order to understand the data structure to send (I found that bug unfortunately). Better regard in EC_Protocol.txt
-
Fixed.
@ced: You could also capture real EC transfers with ethereal and study them - possibly amulecmd's 'add' command - to understand it better / have some examples how it should look.
-
Thanks for your informations GonoszTopi. I found my happiness in EC_Protocol.txt (in latest cvs that i have downloaded) and tcpdump log.
Good reactivity to correct bug.