Subject: Re£ºRe:Re:Re: Segmentation fault libssh2_session_last_errno (session=0x0) at session.c:1219 (Daniel Stenberg

Re£ºRe:Re:Re: Segmentation fault libssh2_session_last_errno (session=0x0) at session.c:1219 (Daniel Stenberg

From: balloon <e_balloon_at_163.com>
Date: Thu, 11 Jul 2013 10:06:27 +0800 (CST)

At 2013-07-08 18:00:03,libssh2-devel-request_at_cool.haxx.se wrote:

>Send libssh2-devel mailing list submissions to
> libssh2-devel_at_cool.haxx.se
>
>To subscribe or unsubscribe via the World Wide Web, visit
> http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
>or, via email, send a message with subject or body 'help' to
> libssh2-devel-request_at_cool.haxx.se
>
>You can reach the person managing the list at
> libssh2-devel-owner_at_cool.haxx.se
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of libssh2-devel digest..."
>
>
>Today's Topics:
>
> 1. Re:Re:Re: Segmentation fault libssh2_session_last_errno
> (session=0x0) at session.c:1219 (Daniel Stenberg) (balloon)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Mon, 8 Jul 2013 10:46:30 +0800 (CST)
>From: balloon <e_balloon_at_163.com>
>To: libssh2-devel_at_cool.haxx.se, curl-library_at_cool.haxx.se
>Subject: Re:Re:Re: Segmentation fault libssh2_session_last_errno
> (session=0x0) at session.c:1219 (Daniel Stenberg)
>Message-ID: <2f94c453.a1db.13fbc2c5b40.Coremail.e_balloon_at_163.com>
>Content-Type: text/plain; charset="gbk"
>
>>This shows that the problem is in libcurl when sends a NULL to libssh2 so that
>>it crashes.
>
>>I'm cc'ing this reply to the libcurl mailing list. Please take follow-ups
>>there. I'd like you to rebuild libcurl with debug symbols left so that the
>>stack trace becomes usable.
>
>>It shouldn't matter that it is Java, but it can very well be a problem that
>>occurs only with that specific server implementation.
>I have tried hard to rebuild libcurl & libssh2 & openssl in debug mode. And succeed to reproduce segmentation fault, though this time seg info seems different.Here is my src code:#include <iostream>
>#include <curl.h>
>
>size_t write_callback(void *f_fp_ptr, size_t f_size, size_t f_nmemb, void *fp_stream)
>{
>
> size_t len = fwrite(f_fp_ptr, f_size, f_nmemb, (FILE *)fp_stream);
> return len;
>}
>
>int main(int argc, char**argv)
>{
>char host[100];
>if(argc < 2)
>{
>std::cout<<"Nonono~~~input sftpserver ip pls."<<std::endl;
>return 1;
>}
>strcpy(host,argv[1]);
>std::string sftp_url="sftp://";
>sftp_url+=host;
>sftp_url+="/a.txt";curl_easy_setopt(curl, CURLOPT_URL, sftp_url.c_str()); CURL *curl = curl_easy_init();
> if (!curl)
> {
> std::cout<<"Fail to initialize curl."<<std::endl;
> return 1;
> }
> curl_easy_setopt(curl, CURLOPT_SSH_AUTH_TYPES, CURLSSH_AUTH_PASSWORD);
> curl_easy_setopt(curl, CURLOPT_USERPWD, "test:test");
> FILE *fd = fopen("tmp.txt", "w");
>
> curl_easy_setopt(curl, CURLOPT_WRITEDATA, fd);
> curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
> curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback);
>
> // specify downloading file size
> curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, (curl_off_t)1);
> CURLcode res = CURL_LAST;
>
> res = curl_easy_perform(curl);
>
> if (CURLE_OK == res)
> {
> std::cout<<"succeed."<<std::endl;
> curl_easy_cleanup(curl);
> return 0;
> }
> else
> {
> std::cout<<"fail."<<std::endl;
> curl_easy_cleanup(curl);
> return 1;
> }
>}
>
>Here is the result, pls let me know what can I do next. Thanks.
>Starting program: /root/a.out 9.111.23.100
>warning: no loadable sections found in added symbol-file system-supplied DSO at 0x2aaaaaaab000
>[Thread debugging using libthread_db enabled]
>sftp url: sftp://9.111.23.100/a.txt
>* STATE: INIT => CONNECT handle 0x86ecc8; line 1020 (connection #-5000)
>* About to connect() to 9.111.23.100 port 22 (#0)
>* Trying 9.111.23.100...
>* Adding handle: conn: 0x877cf8
>* Adding handle: send: 0
>* Adding handle: recv: 0
>* Curl_addHandleToPipeline: length: 1
>* 0x865828 is at send pipe head!
>* - Conn 0 (0x877cf8) send_pipe: 1, recv_pipe: 0
>* STATE: CONNECT => WAITCONNECT handle 0x86ecc8; line 1067 (connection #0)
>* Connected to 9.111.23.100 (9.111.23.100) port 22 (#0)
>* SFTP 0x8781e0 state change from SSH_STOP to SSH_INIT
>* SFTP 0x8781e0 state change from SSH_INIT to SSH_S_STARTUP
>* STATE: WAITCONNECT => PROTOCONNECT handle 0x86ecc8; line 1180 (connection #0)
>
>Program received signal SIGSEGV, Segmentation fault.
>0x0000000000000000 in ?? ()
>(gdb) bt
>#0 0x0000000000000000 in ?? ()
>#1 0x00000000005c4a20 in DES_SPtrans ()
>#2 0x00000032759549e0 in ?? () from /lib64/libc.so.6
>#3 0x0000000000000014 in ?? ()
>#4 0x0000000000885778 in ?? ()
>#5 0x0000000000887437 in ?? ()
>#6 0x0000000000886780 in ?? ()
>#7 0x00000000008869c0 in ?? ()
>#8 0x0000000000886980 in ?? ()
>#9 0xc3e557dbb4ac6000 in ?? ()
>#10 0x22f09ddde873b1bc in ?? ()
>#11 0x000000005c053c02 in ?? ()
>#12 0x000000000088649c in ?? ()
>#13 0x00007fffffffce30 in ?? ()
>#14 0x000000000057f169 in hostkey_method_ssh_dss_sig_verify (session=Cannot access memory at address 0xffffffffffffffe8
>)
> at hostkey.c:329
>Backtrace stopped: previous frame inner to this frame (corrupt stack?)
>(gdb)
>
I can also send u the SFTP server binary to reproduce and investigate this issue, but I fail to attach it in this mail loop due to size limitation.
Pls specify some space that I can upload the SFTP server binary if u need it, thanks :)

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2013-07-11