Topic: ECSocket bug (Read 2724 times)

ced · « **on:** November 27, 2005, 05:39:22 PM »

Bug when connect to external port connection with special requests.
Here the code to reproduce the bug:


/*
	Bug in ECSocket code

	- aMule-2.0.3:
	amuled segfault

	- aMule-CVS-20051127:
	enter infinite loop error after the socket 10sec timeout
	(ECSocket error: Invalid socket (uninitialized)).
	webserver and amulecmd segfault when you connect
	to external port connection.
	Amuled don't crash but seriously disturbed
	Probably buggy on previous cvs version but not tested.
 */

#include 
#include 
#include 
#include 
#include 

int main(int argc, char **argv)
{
	struct sockaddr_in to;
	char buf[8];

	int sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
	if (sock < 0) {
		perror("socket");
		return -1;
	}

	to.sin_addr.s_addr = inet_addr("10.0.0.1");
	to.sin_port = htons(4712);
	to.sin_family = AF_INET;

	if (connect(sock, (const struct sockaddr *)&to, sizeof(to)) < 0) {
		perror("connect");
		return -1;
	}

	memset(buf, 0, 8);
	memcpy(buf, "\x01", 1);
	strcat(buf, "ed2k");

	send(sock, "\x20", 1, 0);
	send(sock, buf, strlen(buf), 0);

	close(sock);

	return 0;
}

Anyone can confirm bug.

ced · « **Reply #1 on:** November 27, 2005, 07:12:38 PM »

Code: [Select]


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 7247)]
0x403e165f in memcpy () from /lib/libc.so.6
(gdb) bt
#0  0x403e165f in memcpy () from /lib/libc.so.6
#1  0x080ab094 in ECSocket::ReadBuffer (this=0x9584d60, buffer=0x4096b008, len=1278269979) at ECSocket.cpp:459
#2  0x080ad55c in CECTag (this=0xbffff3a0, socket=@0x9584d60) at ECPacket.cpp:436
#3  0x080ad75e in CECTag::ReadChildren (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:483
#4  0x080ad4f0 in CECTag (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:428
#5  0x080ad75e in CECTag::ReadChildren (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:483
#6  0x080ad4f0 in CECTag (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:428
#7  0x080ad75e in CECTag::ReadChildren (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:483
#8  0x080adbb3 in CECPacket (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:728
#9  0x080ab8f5 in ECSocket::ReadPacket (this=0x9584d60) at ECSocket.cpp:691
#10 0x080c7f1b in ExternalConn::OnSocketEvent (this=0x9457a18, event=@0x9668a98) at ExternalConn.cpp:149
#11 0x400db5f7 in wxAppConsole::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
#12 0x40186e70 in wxEvtHandler::ProcessEventIfMatches () from /usr/lib/libwx_base-2.6.so.0
#13 0x401862df in wxEventHashTable::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
#14 0x40187010 in wxEvtHandler::ProcessEvent () from /usr/lib/libwx_base-2.6.so.0
#15 0x40186db6 in wxEvtHandler::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
#16 0x400db579 in wxAppConsole::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
#17 0x080645d6 in CamuleDaemonApp::OnRun (this=0x84145d8) at amuled.cpp:397
#18 0x40120fa8 in wxEntry () from /usr/lib/libwx_base-2.6.so.0
#19 0x08063678 in main (argc=1, argv=0xbffff7f4) at amuled.cpp:124
(gdb) bt full
#0  0x403e165f in memcpy () from /lib/libc.so.6
No symbol table info available.
#1  0x080ab094 in ECSocket::ReadBuffer (this=0x9584d60, buffer=0x4096b008, len=1278269979) at ECSocket.cpp:459
No locals.
#2  0x080ad55c in CECTag (this=0xbffff3a0, socket=@0x9584d60) at ECPacket.cpp:436
No locals.
#3  0x080ad75e in CECTag::ReadChildren (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:483
        i = 0
        tmp_tagCount = 13584
#4  0x080ad4f0 in CECTag (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:428
No locals.
#5  0x080ad75e in CECTag::ReadChildren (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:483
        i = 0
        tmp_tagCount = 47990
#6  0x080ad4f0 in CECTag (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:428
No locals.
#7  0x080ad75e in CECTag::ReadChildren (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:483
        i = 1
        tmp_tagCount = 25956
#8  0x080adbb3 in CECPacket (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:728
No locals.
#9  0x080ab8f5 in ECSocket::ReadPacket (this=0x9584d60) at ECSocket.cpp:691
        flags = 32
        p = (class CECPacket *) 0x0
#10 0x080c7f1b in ExternalConn::OnSocketEvent (this=0x9457a18, event=@0x9668a98) at ExternalConn.cpp:149
        sock = (class ECSocket *) 0x9584d60
        request = (class CECPacket *) 0x0
        response = (class CECPacket *) 0x0
#11 0x400db5f7 in wxAppConsole::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
#12 0x40186e70 in wxEvtHandler::ProcessEventIfMatches () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
#13 0x401862df in wxEventHashTable::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
#14 0x40187010 in wxEvtHandler::ProcessEvent () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
#15 0x40186db6 in wxEvtHandler::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
#16 0x400db579 in wxAppConsole::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
#17 0x080645d6 in CamuleDaemonApp::OnRun (this=0x84145d8) at amuled.cpp:397
No locals.
#18 0x40120fa8 in wxEntry () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
#19 0x08063678 in main (argc=1, argv=0xbffff7f4) at amuled.cpp:124
No locals.
(gdb) thread apply all bt

Thread 4 (Thread 32771 (LWP 7253)):
#0  0x4002f186 in nanosleep () from /lib/libpthread.so.0
#1  0x00000000 in ?? ()
#2  0x4018b42a in wxMicroSleep () from /usr/lib/libwx_base-2.6.so.0
#3  0x4018b465 in wxMilliSleep () from /usr/lib/libwx_base-2.6.so.0
#4  0x4018376f in wxThread::Sleep () from /usr/lib/libwx_base-2.6.so.0
#5  0x08171606 in CTimer::CTimerThread::Entry (this=0x841b0e0) at Timer.cpp:100
#6  0x4018314b in wxThreadInternal::PthreadStart () from /usr/lib/libwx_base-2.6.so.0
#7  0x4018301f in wxPthreadStart () from /usr/lib/libwx_base-2.6.so.0
#8  0x400294eb in pthread_start_thread () from /lib/libpthread.so.0
#9  0x4002957f in pthread_start_thread_event () from /lib/libpthread.so.0
#10 0x4042fb0a in clone () from /lib/libc.so.6

Thread 2 (Thread 32769 (LWP 7250)):
#0  0x404272da in poll () from /lib/libc.so.6
#1  0x40028990 in __pthread_manager () from /lib/libpthread.so.0
#2  0x40028bb7 in __pthread_manager_event () from /lib/libpthread.so.0
#3  0x4042fb0a in clone () from /lib/libc.so.6

Thread 1 (Thread 16384 (LWP 7247)):
#0  0x403e165f in memcpy () from /lib/libc.so.6
#1  0x080ab094 in ECSocket::ReadBuffer (this=0x9584d60, buffer=0x4096b008, len=1278269979) at ECSocket.cpp:459
#2  0x080ad55c in CECTag (this=0xbffff3a0, socket=@0x9584d60) at ECPacket.cpp:436
#3  0x080ad75e in CECTag::ReadChildren (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:483
#4  0x080ad4f0 in CECTag (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:428
#5  0x080ad75e in CECTag::ReadChildren (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:483
#6  0x080ad4f0 in CECTag (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:428
#7  0x080ad75e in CECTag::ReadChildren (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:483
#8  0x080adbb3 in CECPacket (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:728
#9  0x080ab8f5 in ECSocket::ReadPacket (this=0x9584d60) at ECSocket.cpp:691
#10 0x080c7f1b in ExternalConn::OnSocketEvent (this=0x9457a18, event=@0x9668a98) at ExternalConn.cpp:149
#11 0x400db5f7 in wxAppConsole::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
#12 0x40186e70 in wxEvtHandler::ProcessEventIfMatches () from /usr/lib/libwx_base-2.6.so.0
#13 0x401862df in wxEventHashTable::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
#14 0x40187010 in wxEvtHandler::ProcessEvent () from /usr/lib/libwx_base-2.6.so.0
#15 0x40186db6 in wxEvtHandler::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
#16 0x400db579 in wxAppConsole::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
#17 0x080645d6 in CamuleDaemonApp::OnRun (this=0x84145d8) at amuled.cpp:397
#18 0x40120fa8 in wxEntry () from /usr/lib/libwx_base-2.6.so.0
#19 0x08063678 in main (argc=1, argv=0xbffff7f4) at amuled.cpp:124

lfroen · « **Reply #2 on:** November 27, 2005, 07:36:02 PM »

You don't need special program to reproduce this bug: remote gui hit it just fine: do some searches with enough results and:

Code: [Select]

Remote GUI EC event handler
LOG: Succeeded! Connection established to aMule CVS
LOG:
LOG:  - This is aMule CVS using wxGTK2 v2.7.0 (Snapshot: rev. 5885) based on eMule.
LOG:    Running on Linux 2.6.12.3-profile i686
LOG:  - Visit [URL]http://www.amule.org[/URL] to check if a new version is available.
LOG:
CECSocket error: The timeout for this operation expired
CECSocket error: Invalid socket (uninitialized)
CECSocket error: Invalid socket (uninitialized)
Remote GUI EC event handler
LOG: Connection failure
Going down
CECSocket error: Invalid socket (uninitialized)
CECSocket error: Invalid socket (uninitialized)

ced · « **Reply #3 on:** November 27, 2005, 08:10:28 PM »

I program an extension for firefox to handle ed2k link via XPCOM and send request to external port connection, I have tested with a small C program (pasted above) in order to understand the data structure to send (I found that bug unfortunately). Better regard in EC_Protocol.txt

GonoszTopi · « **Reply #4 on:** November 27, 2005, 11:30:59 PM »

Fixed.

@ced: You could also capture real EC transfers with ethereal and study them - possibly amulecmd's 'add' command - to understand it better / have some examples how it should look.

ced · « **Reply #5 on:** November 27, 2005, 11:54:58 PM »

Thanks for your informations GonoszTopi. I found my happiness in EC_Protocol.txt (in latest cvs that i have downloaded) and tcpdump log.

Good reactivity to correct bug.

aMule Forum

News:

Author Topic: ECSocket bug (Read 2724 times)

ced

ECSocket bug

ced

Backtrace for amule-2.0.3

lfroen

Re: ECSocket bug

ced

ECSocket bug

GonoszTopi

Re: ECSocket bug

ced

ECSocket bug