View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0002139gnunet-gtkgnunet-fs-gtkpublic2012-02-05 22:382012-02-28 11:06
ReporterLRN Assigned ToChristian Grothoff  
PrioritylowSeveritycrashReproducibilityhave not tried
Status closedResolutionfixed 
Product VersionGit master 
Target Version0.9.2Fixed in Version0.9.2 
Summary0002139: Crash due to position miscalculation when communicating with dirscanner
Descriptionsubj
Additional Information
Program received signal SIGTRAP, Trace/breakpoint trap.
0x7712280d in KERNELBASE!DeleteAce () from C:\Windows\syswow64\KernelBase.dll
(gdb) up
#1  0x6be465a4 in GNUNET_abort () at common_logging.c:271
271       DebugBreak ();
(gdb)
#2  0x6be45c34 in GNUNET_xrealloc_ (ptr=0x0, n=4277075695, filename=0x6be91020 "server_mst.c", linenumber=277) at common_allocation.c:176
176         GNUNET_abort ();
(gdb)
#3  0x6be7c532 in GNUNET_SERVER_mst_receive (mst=0x5dc3b08, client_identity=0x0, buf=0x27fd7d "rmortgage\\WAV\\drums", size=1, purge=0, one_shot=0) at server_mst.c:277
277           mst->hdr = GNUNET_realloc (mst->hdr, size + mst->pos);
(gdb) do
#2  0x6be45c34 in GNUNET_xrealloc_ (ptr=0x0, n=4277075695, filename=0x6be91020 "server_mst.c", linenumber=277) at common_allocation.c:176
176         GNUNET_abort ();
(gdb) l
171     #endif
172       ptr = realloc (ptr, n);
173       if ((NULL == ptr) && (n > 0))
174       {
175         LOG_STRERROR (GNUNET_ERROR_TYPE_ERROR, "realloc");
176         GNUNET_abort ();
177       }
178     #ifdef W32_MEM_LIMIT
179       ptr = &((size_t *) ptr)[1];
180     #endif
(gdb) p n
$1 = 4277075695
(gdb) up
#3  0x6be7c532 in GNUNET_SERVER_mst_receive (mst=0x5dc3b08, client_identity=0x0, buf=0x27fd7d "rmortgage\\WAV\\drums", size=1, purge=0, one_shot=0) at server_mst.c:277
277           mst->hdr = GNUNET_realloc (mst->hdr, size + mst->pos);
(gdb) p size
$2 = 1
(gdb) p mst->pos
$3 = 4277075694
(gdb) up
#4  0x6be66d92 in helper_read (cls=0x5d72eb0, tc=0x28fc50) at helper.c:270
270           GNUNET_SERVER_mst_receive (h->mst, NULL, buf, t, GNUNET_NO, GNUNET_NO))
(gdb) bt
#0  0x7712280d in KERNELBASE!DeleteAce () from C:\Windows\syswow64\KernelBase.dll
#1  0x6be465a4 in GNUNET_abort () at common_logging.c:271
#2  0x6be45c34 in GNUNET_xrealloc_ (ptr=0x0, n=4277075695, filename=0x6be91020 "server_mst.c", linenumber=277) at common_allocation.c:176
#3  0x6be7c532 in GNUNET_SERVER_mst_receive (mst=0x5dc3b08, client_identity=0x0, buf=0x27fd7d "rmortgage\\WAV\\drums", size=1, purge=0, one_shot=0) at server_mst.c:277
#4  0x6be66d92 in helper_read (cls=0x5d72eb0, tc=0x28fc50) at helper.c:270
#5  0x6be77429 in run_ready (rs=0x3fe638, ws=0x30a1fd0) at scheduler.c:684
#6  0x6be77b9a in GNUNET_SCHEDULER_run (task=0x6be712c0 <program_main>, task_cls=0x28fddc) at scheduler.c:874
#7  0x6be71ad5 in GNUNET_PROGRAM_run (argc=1, argv=0x30987b0, binaryName=0x41a0c1 "gnunet-fs-gtk", binaryHelp=0x41a0f0 "GTK GUI for GNUnet", options=0x419000, task=0x415e9e <run_main_loop>, task_cls=0x28fe88) at program.c:250
#8  0x0041620f in GNUNET_GTK_main_loop_start (binary_name=0x41a0c1 "gnunet-fs-gtk", binary_help=0x41a0f0 "GTK GUI for GNUnet", argc=1, argv=0x30987b0, options=0x419000,
    main_window_file=0x41a0d0 "gnunet_fs_gtk_main_window.glade", main_task=0x401451 <run>) at ../../../gnunet-gtk-git-svn/src/lib/eventloop.c:908
#9  0x004015e9 in main (argc=1, argv=0x30987b0) at ../../../gnunet-gtk-git-svn/src/fs/gnunet-fs-gtk.c:197
TagsNo tags attached.
Attached Files
test2.mp3 (167,936 bytes)   
test2.mp3 (167,936 bytes)   

Activities

Christian Grothoff

2012-02-06 01:00

manager   ~0005443

How on earth did we get this!?

(gdb) p mst->pos
$3 = 4277075694

I'm a bit puzzled here. How exactly do you reproduce this one?

LRN

2012-02-06 01:57

developer   ~0005444

I was scanning a directory. I think it's because of a specific metadata combination. I've checked - it's 100% reproducible.

LRN

2012-02-06 02:06

developer   ~0005445

It happens when adding .mp3 files with UTF-16-encoded tags.

Christian Grothoff

2012-02-06 09:48

manager   ~0005446

Could you make that file available to me?

LRN

2012-02-06 10:30

developer   ~0005447

Uploaded test2.mp3

Christian Grothoff

2012-02-06 20:39

manager   ~0005449

I've tried the file, but could not reproduce the issue. I enabled *all* GNU libextractor plugins, tried with and without valgrind and using gnunet-publish and gnunet-fs-gtk. All of them should exercise this code, none of them gave me a hint of trouble. Maybe this is W32-specific?

LRN

2012-02-06 20:41

developer   ~0005450

Could be. I'll try to debug this further, when i get some time.

LRN

2012-02-07 17:51

developer   ~0005458

Can't reproduce with the same symptoms anymore. However, CRT now warns me about heap corruption:
HEAP: Free Heap block 4de88e8 modified at 4de88fc after it was freed

Surprising, considering the fact that you've used valgrind...

Christian Grothoff

2012-02-08 17:40

manager   ~0005460

(05:25:18 PM) LRN: grothoff, i think i know what's wrong with the scanner
(05:25:27 PM) LRN: At least one part of its wrongness
(05:28:42 PM) LRN: On helper failure (which is another matter entirely!) process_helper_msgs calls directory_scan_cb() with the proper arguments, which in turn calls GNUNET_FS_directory_scan_abort() calls GNUNET_HELPER_stop(), which destroys mst. Then it returns all the way back to process-helper_msgs(), which also returns, and now you're back in GNUNET_SERVER_mst_receive() - but mst is invalid. And that's when shit hits the fan.
(05:30:09 PM) LRN: So the right way to handle this, i suspect, is to return a value that orders GNUNET_SERVER_mst_receive() to stop receiving and kill itself, instead of killing it manually and returning with invalid context
(05:30:38 PM) LRN: (or postpone killing until you're out of mst context)
(05:33:11 PM) LRN: I'm still not sure why exactly it fails in the first place.

Christian Grothoff

2012-02-09 11:40

manager   ~0005461

Fixed in SVN 19741 by moving the dirscanner abort call into its own task (in gnunet-publish and gnunet-fs-gtk).

Issue History

Date Modified Username Field Change
2012-02-05 22:38 LRN New Issue
2012-02-06 00:58 Christian Grothoff Target Version => 0.9.2
2012-02-06 01:00 Christian Grothoff Note Added: 0005443
2012-02-06 01:01 Christian Grothoff Assigned To => Christian Grothoff
2012-02-06 01:01 Christian Grothoff Status new => feedback
2012-02-06 01:03 Christian Grothoff Priority normal => high
2012-02-06 01:03 Christian Grothoff Severity minor => crash
2012-02-06 01:57 LRN Note Added: 0005444
2012-02-06 01:57 LRN Status feedback => assigned
2012-02-06 02:06 LRN Note Added: 0005445
2012-02-06 09:48 Christian Grothoff Note Added: 0005446
2012-02-06 10:30 LRN File Added: test2.mp3
2012-02-06 10:30 LRN Note Added: 0005447
2012-02-06 20:39 Christian Grothoff Note Added: 0005449
2012-02-06 20:39 Christian Grothoff Status assigned => feedback
2012-02-06 20:40 Christian Grothoff Assigned To Christian Grothoff =>
2012-02-06 20:40 Christian Grothoff Priority high => low
2012-02-06 20:40 Christian Grothoff Target Version 0.9.2 =>
2012-02-06 20:41 LRN Note Added: 0005450
2012-02-06 20:41 LRN Status feedback => new
2012-02-06 20:42 Christian Grothoff Assigned To => LRN
2012-02-06 20:42 Christian Grothoff Status new => assigned
2012-02-07 17:51 LRN Note Added: 0005458
2012-02-08 17:40 Christian Grothoff Note Added: 0005460
2012-02-09 11:40 Christian Grothoff Note Added: 0005461
2012-02-09 11:40 Christian Grothoff Status assigned => resolved
2012-02-09 11:40 Christian Grothoff Fixed in Version => 0.9.2
2012-02-09 11:40 Christian Grothoff Resolution open => fixed
2012-02-09 11:40 Christian Grothoff Assigned To LRN => Christian Grothoff
2012-02-09 11:40 Christian Grothoff Target Version => 0.9.2
2012-02-28 11:06 Christian Grothoff Status resolved => closed