LinuxDC++

Remote crash when user downloads from merged share

Bug #480065 reported by E_zombie on 2009-11-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	DC++	Invalid	Critical	Unassigned
	LinuxDC++	Fix Released	Critical	Steven Sheehy	LinuxDC++ 1.1.0

Bug Description

revno: 337

$ linuxdcpp
Loading: Hash database
Loading: Shared Files
Loading: Download Queue
terminate called after throwing an instance of 'std::length_error'
what(): basic_string::_S_create
Аварийный останов (core dumped)

core+linuxdcpp

ftp://ftp.san.ru/temp/crash-linuxdcpp/2009111001/

Tags:

Related branches

lp:linuxdcpp

Revision history for this message

Steven Sheehy (steven-sheehy) wrote on 2009-11-11:

Is this reproducible? It seems to crash when someone searches your share. Any idea what they searched for and on what share item it crashed? It would be nice if we could add some print outs to determine those.

std::length_error is thrown when string attempted to be created that is greater than its maximum possible size. It looks like it occurs when generating the search result path, but I don't think it's possible that you are sharing a path that is greater than 4611686018427387897 characters.

Also, your executable is i386 (I'm x86-64) and is not in debug mode so I am not able to see all symbols. It would be preferable if you compiled it in debug mode, reproduced it, and attached the output of "backtrace full" as a text file to this bug.

Changed in linuxdcpp:
status:	New → Incomplete
tags:	added: core crash

Revision history for this message

Steven Sheehy (steven-sheehy) wrote on 2009-11-16:

Please try latest ppa that has debugs enabled:

https://launchpad.net/~linuxdcpp-team/+archive/ppa

Revision history for this message

E_zombie (lv77) wrote on 2009-11-16:

linuxdcpp-crash-merge.png Edit (59.3 KiB, image/png)

crash 100% reproduce after add other "download" directory in share.

....................
Adding new directory mp3
Adding new directory download
Adding new directory мой_рабочай_комп
Adding new directory православие
Adding new directory video
Adding new directory anime
Merging directory download
Adding new directory games-ftp.san.ru
Adding new directory linux
........

[] 11:11:51 /home/lv77/Общедоступные :
# du -sh ./
146M ./

# du -sh /mnt/msa2012i.1/download/
3,6G /mnt/msa2012i.1/download/

Revision history for this message

E_zombie (lv77) wrote on 2009-11-16:

core + bin + filelist

ftp://ftp.san.ru/temp/crash-linuxdcpp/2009111601/

Revision history for this message

Steven Sheehy (steven-sheehy) wrote on 2009-11-17:

Please do not provide core + bin files. I am on a different architecture than you. Please run `gdb --core=core.31986 linuxdcpp` and attach the output of "backtrace full" as a text file to this bug.

Revision history for this message

Steven Sheehy (steven-sheehy) wrote on 2009-11-17:

Also, did your /mnt/*/download show up in your share? I don't see it in your filelist (but maybe it just hadn't refreshed yet). And did it crash while hashing one of the download folders or did it crash when somebody tried to download a file from the download directories?

Revision history for this message

Steven Sheehy (steven-sheehy) wrote on 2009-11-17:

Ok, nevermind about files showing up in share. They should be combined under one download hierarchy in your filelist, not separate like I assumed.

Revision history for this message

Steven Sheehy (steven-sheehy) wrote on 2009-11-17:

I was able to reproduce it. This is a remote crashing bug that is a side-effect of the fix for bug #351393. In that bug, we changed ShareManager::Directory::File to not store an intrusive_ptr since it was leaking memory. This is fine for normal directories since its ptr will be kept around elsewhere, but when a directory is merged into another virtual directory that intrusive_ptr reference gets lost and the object is garbage collected. Later when a user tries to download a file from this merged directory, it tries to get the real path using the previously gc'd object and crashes.

1) Add path /A/ to virtual share C
2) Add path /B/ to virtual share C. B is merged into share C
3) User downloads C/a (real path /A/a) and is successful
4) User downloads C/b (real path /B/b) and remotely crashes client

Changed in linuxdcpp:
importance:	Undecided → Critical
milestone:	none → 1.1.0
status:	Incomplete → Confirmed
Changed in dcplusplus:
importance:	Undecided → Critical
status:	New → Confirmed
summary:	- revno: 337 crash. terminate called after throwing an instance of - 'std::length_error' + Remote crash when user downloads from merged share

Revision history for this message

Jacek Sieka (arnetheduck) wrote on 2009-11-17:

Sounds reasonable, I added refcounting there so that I wouldn't have to keep track of virtual shares manually...
Could someone revert the patch for now? (better eat memory than crash...)

Revision history for this message

Jacek Sieka (arnetheduck) wrote on 2009-12-25:

#10

this was never realeased so we don't need the bug...fixed anyway...

Changed in dcplusplus:
status:	Confirmed → Invalid

Revision history for this message

Steven Sheehy (steven-sheehy) wrote on 2009-12-27:

#11

Just because it wasn't released doesn't mean the bug is marked invalid. Doing so discourages people from running the latest trunk to test and find regressions. Regressions are of course not mentioned in the release notes, but they should still be tracked and marked as fixed in the bug tracker.

Regardless, I've ported Jacek's fix to latest linuxdcpp trunk so marking as fixed.