However, I think the first case worked on 0.1 out of sheer memory-layout chance, because valgrind shows errors on both versions.
What makes it crash or not may even depend on the length of the output (and thus the contents of the remote server). And I have sometimes seen "lftp: RateLimit.cc:30: void RateLimit::AddXfer(int): Assertion `xfer_number>=0' failed." and other times only "Segmentation fault". But valgrind should reliably show that corruption happened whether it crashes in practice or not.
With 4.8.1-1ubuntu0.1:
$ valgrind lftp -e 'connect sftp://10.0.2.2 -u nicolas,longpassword42;ls /tmp;exit'
[trim directory listing]
==4276== Invalid read of size 4
==4276== at 0x2184B0: RateLimit::~RateLimit() (in /usr/bin/lftp)
==4276== by 0x218B18: xmap_p<RateLimit>::~xmap_p() (in /usr/bin/lftp)
==4276== by 0x6224160: __run_exit_handlers (exit.c:108)
==4276== by 0x6224259: exit (exit.c:139)
==4276== by 0x6202BFD: (below main) (libc-start.c:344)
==4276== Address 0x8053cd0 is 16 bytes inside a block of size 88 free'd
==4276== at 0x4C3323B: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4276== by 0x218B25: xmap_p<RateLimit>::~xmap_p() (in /usr/bin/lftp)
==4276== by 0x6224160: __run_exit_handlers (exit.c:108)
==4276== by 0x6224259: exit (exit.c:139)
==4276== by 0x6202BFD: (below main) (libc-start.c:344)
==4276== Block was alloc'd at
==4276== at 0x4C3217F: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4276== by 0x218A09: RateLimit::init(RateLimit::level_e, char const*) (in /usr/bin/lftp)
==4276== by 0x218A2C: RateLimit::init(RateLimit::level_e, char const*) (in /usr/bin/lftp)
==4276== by 0x211018: SFtp::Do() (in /usr/bin/lftp)
==4276== by 0x1A97C4: SMTask::ScheduleThis() (in /usr/bin/lftp)
==4276== by 0x1A99D0: SMTask::Schedule() (in /usr/bin/lftp)
==4276== by 0x16614C: Job::WaitDone() (in /usr/bin/lftp)
==4276== by 0x15CBE3: main (in /usr/bin/lftp)
==4276==
==4276== Invalid read of size 8
==4276== at 0x2184B5: RateLimit::~RateLimit() (in /usr/bin/lftp)
==4276== by 0x218B18: xmap_p<RateLimit>::~xmap_p() (in /usr/bin/lftp)
==4276== by 0x6224160: __run_exit_handlers (exit.c:108)
==4276== by 0x6224259: exit (exit.c:139)
==4276== by 0x6202BFD: (below main) (libc-start.c:344)
==4276== Address 0x8053cc8 is 8 bytes inside a block of size 88 free'd
==4276== at 0x4C3323B: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4276== by 0x218B25: xmap_p<RateLimit>::~xmap_p() (in /usr/bin/lftp)
==4276== by 0x6224160: __run_exit_handlers (exit.c:108)
==4276== by 0x6224259: exit (exit.c:139)
==4276== by 0x6202BFD: (below main) (libc-start.c:344)
==4276== Block was alloc'd at
==4276== at 0x4C3217F: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4276== by 0x218A09: RateLimit::init(RateLimit::level_e, char const*) (in /usr/bin/lftp)
==4276== by 0x218A2C: RateLimit::init(RateLimit::level_e, char const*) (in /usr/bin/lftp)
==4276== by 0x211018: SFtp::Do() (in /usr/bin/lftp)
==4276== by 0x1A97C4: SMTask::ScheduleThis() (in /usr/bin/lftp)
==4276== by 0x1A99D0: SMTask::Schedule() (in /usr/bin/lftp)
==4276== by 0x16614C: Job::WaitDone() (in /usr/bin/lftp)
==4276== by 0x15CBE3: main (in /usr/bin/lftp)
The 4.8.1-1ubuntu0.2 valgrind trace appears to be the same.
In my particular case, it *started* crashing after upgrading from 4.8.1-1ubuntu0.1 to 4.8.1-1ubuntu0.2.
With 4.8.1-1ubuntu0.1: 10.0.2. 2 -u nicolas, password42; ls /tmp;exit' # OK 10.0.2. 2 -u nicolas, password42; ls /tmp/ssltest;exit' # crash nss_db- 2.2.tar. gz;exit' ftp.gnu.org # crash, this was the LP:1902832 testcase
lftp -e 'connect sftp://
lftp -e 'connect sftp://
lftp -e 'get gnu/glibc/
With 4.8.1-1ubuntu0.2: 10.0.2. 2 -u nicolas, password42; ls /tmp;exit' # crash (regression) 10.0.2. 2 -u nicolas, password42; ls /tmp/ssltest;exit' # crash nss_db- 2.2.tar. gz;exit' ftp.gnu.org # OK (fixed)
lftp -e 'connect sftp://
lftp -e 'connect sftp://
lftp -e 'get gnu/glibc/
However, I think the first case worked on 0.1 out of sheer memory-layout chance, because valgrind shows errors on both versions.
What makes it crash or not may even depend on the length of the output (and thus the contents of the remote server). And I have sometimes seen "lftp: RateLimit.cc:30: void RateLimit: :AddXfer( int): Assertion `xfer_number>=0' failed." and other times only "Segmentation fault". But valgrind should reliably show that corruption happened whether it crashes in practice or not.
With 4.8.1-1ubuntu0.1: 10.0.2. 2 -u nicolas, longpassword42; ls /tmp;exit' :~RateLimit( ) (in /usr/bin/lftp) RateLimit> ::~xmap_ p() (in /usr/bin/lftp) valgrind/ vgpreload_ memcheck- amd64-linux. so) RateLimit> ::~xmap_ p() (in /usr/bin/lftp) valgrind/ vgpreload_ memcheck- amd64-linux. so) :init(RateLimit ::level_ e, char const*) (in /usr/bin/lftp) :init(RateLimit ::level_ e, char const*) (in /usr/bin/lftp) :ScheduleThis( ) (in /usr/bin/lftp) :~RateLimit( ) (in /usr/bin/lftp) RateLimit> ::~xmap_ p() (in /usr/bin/lftp) valgrind/ vgpreload_ memcheck- amd64-linux. so) RateLimit> ::~xmap_ p() (in /usr/bin/lftp) valgrind/ vgpreload_ memcheck- amd64-linux. so) :init(RateLimit ::level_ e, char const*) (in /usr/bin/lftp) :init(RateLimit ::level_ e, char const*) (in /usr/bin/lftp) :ScheduleThis( ) (in /usr/bin/lftp)
$ valgrind lftp -e 'connect sftp://
[trim directory listing]
==4276== Invalid read of size 4
==4276== at 0x2184B0: RateLimit:
==4276== by 0x218B18: xmap_p<
==4276== by 0x6224160: __run_exit_handlers (exit.c:108)
==4276== by 0x6224259: exit (exit.c:139)
==4276== by 0x6202BFD: (below main) (libc-start.c:344)
==4276== Address 0x8053cd0 is 16 bytes inside a block of size 88 free'd
==4276== at 0x4C3323B: operator delete(void*) (in /usr/lib/
==4276== by 0x218B25: xmap_p<
==4276== by 0x6224160: __run_exit_handlers (exit.c:108)
==4276== by 0x6224259: exit (exit.c:139)
==4276== by 0x6202BFD: (below main) (libc-start.c:344)
==4276== Block was alloc'd at
==4276== at 0x4C3217F: operator new(unsigned long) (in /usr/lib/
==4276== by 0x218A09: RateLimit:
==4276== by 0x218A2C: RateLimit:
==4276== by 0x211018: SFtp::Do() (in /usr/bin/lftp)
==4276== by 0x1A97C4: SMTask:
==4276== by 0x1A99D0: SMTask::Schedule() (in /usr/bin/lftp)
==4276== by 0x16614C: Job::WaitDone() (in /usr/bin/lftp)
==4276== by 0x15CBE3: main (in /usr/bin/lftp)
==4276==
==4276== Invalid read of size 8
==4276== at 0x2184B5: RateLimit:
==4276== by 0x218B18: xmap_p<
==4276== by 0x6224160: __run_exit_handlers (exit.c:108)
==4276== by 0x6224259: exit (exit.c:139)
==4276== by 0x6202BFD: (below main) (libc-start.c:344)
==4276== Address 0x8053cc8 is 8 bytes inside a block of size 88 free'd
==4276== at 0x4C3323B: operator delete(void*) (in /usr/lib/
==4276== by 0x218B25: xmap_p<
==4276== by 0x6224160: __run_exit_handlers (exit.c:108)
==4276== by 0x6224259: exit (exit.c:139)
==4276== by 0x6202BFD: (below main) (libc-start.c:344)
==4276== Block was alloc'd at
==4276== at 0x4C3217F: operator new(unsigned long) (in /usr/lib/
==4276== by 0x218A09: RateLimit:
==4276== by 0x218A2C: RateLimit:
==4276== by 0x211018: SFtp::Do() (in /usr/bin/lftp)
==4276== by 0x1A97C4: SMTask:
==4276== by 0x1A99D0: SMTask::Schedule() (in /usr/bin/lftp)
==4276== by 0x16614C: Job::WaitDone() (in /usr/bin/lftp)
==4276== by 0x15CBE3: main (in /usr/bin/lftp)
The 4.8.1-1ubuntu0.2 valgrind trace appears to be the same.