aMule Bug Tracker - aMule
View Issue Details
0000794aMuleMulti Platformpublic2006-01-21 17:262006-03-19 23:46
complexity 
Kry 
normalcrashalways
resolvedfixed 
2.1.0 
SVN 
0000794: Imcompatible with Stack Protection in OpenBSD
Compiled amule with daemon, cmdline, and webgui support as described in documentation without problem. However, amuled will core dump in a few minutes with a message in the /var/log/message about stack overflow.

Jan 21 08:16:10 fugu amuled: stack overflow in function bool CClientTCPSocket::ProcessPacket(const char*, unsigned int, unsigned char)
fugu is the name of the OpenBSD 3.8 box.
this problem goes away when g++ is invoked with -nfo-stack-protector flag during compilation.

this problem has also been observed in the 2.0.3 release as well. But the offending function is CUpDownClient instead (see syslog message below):

Jan 21 08:16:10 fugu amuled: stack overflow in function void CUpDownClient::ProcessAICHFileHash(CSafeMemFile*, const CPartFile*)
No tags attached.
Issue History
2006-01-21 17:26complexityNew Issue
2006-01-22 10:58KryNote Added: 0001820
2006-01-25 03:32complexityNote Added: 0001825
2006-01-25 13:04XaignarNote Added: 0001826
2006-01-25 21:32complexityNote Added: 0001827
2006-01-25 21:34complexityNote Added: 0001828
2006-01-25 21:39complexityNote Added: 0001829
2006-01-25 21:41complexityNote Added: 0001830
2006-01-26 00:30XaignarNote Added: 0001831
2006-01-26 17:14complexityNote Added: 0001832
2006-01-26 17:46XaignarNote Added: 0001833
2006-01-26 19:54complexityNote Added: 0001834
2006-01-28 17:00XaignarNote Added: 0001835
2006-03-19 19:14complexityNote Added: 0001887
2006-03-19 23:46KryStatusnew => assigned
2006-03-19 23:46KryAssigned To => Kry
2006-03-19 23:46KryStatusassigned => resolved
2006-03-19 23:46KryFixed in Version => CVS
2006-03-19 23:46KryResolutionopen => fixed
2006-03-19 23:46KryNote Added: 0001888

Notes
(0001820)
Kry   
2006-01-22 10:58   
can you run it on GDB and provide a BT?
(0001825)
complexity   
2006-01-25 03:32   
Hello Kry,

It's been too long since I worked with GDB and doing Backtraces. Do you have some quick instructions on how to get these done?

Thx.

Chris
(0001826)
Xaignar   
2006-01-25 13:04   
See http://www.amule.org/wiki/index.php/Backtraces [^] ;)
(0001827)
complexity   
2006-01-25 21:32   
(gdb) bt
#0 0x0f866559 in kill () from /usr/lib/libc.so.38.2
0000001 0x0f888c38 in __stack_smash_handler () from /usr/lib/libc.so.38.2
0000002 0x1c04dd08 in CClientTCPSocket::ProcessPacket(char const*, unsigned, unsigned char) (this=0x83315600, buffer=0x888d8400 "\032ú\211ù\023ͦs", size=58,opcode=89 'Y') at ClientTCPSocket.cpp:1058
0000003 0x1c0521f9 in CClientTCPSocket::PacketReceived(CPacket*) (this=0x83315600, packet=0x80d515a0) at ClientTCPSocket.cpp:1798
0000004 0x1c072a86 in CEMSocket::OnReceive(int) (this=0x83315600, nErrorCode=0) at EMSocket.cpp:313
0000005 0x1c0519e4 in CClientTCPSocket::OnReceive(int) (this=0x83315600, nErrorCode=0) at ClientTCPSocket.cpp:1726
0000006 0x1c0472dc in CClientTCPSocketHandler::ClientTCPSocketHandler(wxSocketEvent&) (this=0x3c091c60, event=@0x80c7d200) at ClientTCPSocket.cpp:99
0000007 0x04a21aa4 in wxAppConsole::HandleEvent(wxEvtHandler*, void (wxEvtHandler::*)(wxEvent&), wxEvent&) const () from /usr/local/lib/libwx_base-2.6.so
0000008 0x04abb854 in wxEvtHandler::ProcessEventIfMatches(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) () from /usr/local/lib/libwx_base-2.6.so
0000009 0x04abaccd in wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) () from /usr/local/lib/libwx_base-2.6.so
0000010 0x04abb9cc in wxEvtHandler::ProcessEvent(wxEvent&) () from /usr/local/lib/libwx_base-2.6.so
#11 0x04abb7a7 in wxEvtHandler::ProcessPendingEvents() () from /usr/local/lib/libwx_base-2.6.so
0000012 0x04a21a25 in wxAppConsole::ProcessPendingEvents() () from /usr/local/lib/libwx_base-2.6.so
0000013 0x1c00c62a in CamuleDaemonApp::OnRun() (this=0x7e211100) at amuled.cpp:421
0000014 0x04a6174e in wxEntry(int&, char**) () from /usr/local/lib/libwx_base-2.6.so
0000015 0x1c00b5a5 in main (argc=2, argv=0xcfbeb368) at amuled.cpp:124
(0001828)
complexity   
2006-01-25 21:34   
(gdb) bt full
#0 0x0f866559 in kill () from /usr/lib/libc.so.38.2 No symbol table info available.
0000001 0x0f888c38 in __stack_smash_handler () from /usr/lib/libc.so.38.2 No symbol table info available.
0000002 0x1c04dd08 in CClientTCPSocket::ProcessPacket(char const*, unsigned, unsigned char) (this=0x83315600, buffer=0x888d8400 "\032ú\211ù\023ͦs", size=58,opcode=89 'Y') at ClientTCPSocket.cpp:1058 No locals.
0000003 0x1c0521f9 in CClientTCPSocket::PacketReceived(CPacket*) (this=0x83315600, packet=0x80d515a0) at ClientTCPSocket.cpp:1798
        bResult = false
        uRawSize = 58
        exception = {<wxStringBase> = {static npos = 4294967295,
    m_pchData = 0x249b8ca0 ""}, <No data fields>}
0000004 0x1c072a86 in CEMSocket::OnReceive(int) (this=0x83315600, nErrorCode=0)
    at EMSocket.cpp:313
        bPacketResult = 131
        toCopy = 58
        GlobalReadBuffer = "ã;\000\000\000Y\032ú\211ù\023ͦs\000\026dG\n`Rö(\000
Mac Osx 10.4 Tiger For Intel X86 Iso.rarã4\000\000\000P\032ú\211ù\023ͦs\000\026
dG\n`Rö\003\001", '\0' <repeats 24 times>, "\020\000\000\000\000\000\000\000\004
Ô£\024\000\000\202xÚ=Xy<\224m\027¶D\"·1\030\222=Kú¨,3!\224-ÙgcPd'ä\026\021\221\0
26[\224¬\031dI\"BH\212P$²$Â({$¼Ê\232ÊV}\230\236æßëw\236s®s\235í\036ÁÕ¨\025\236ö<
_\006\214\223>»\035"...
        readMax = 2000000
        ret = 1448
        rptr = 0x3c091d40 "ã4"
        rend = 0x3c0922a8 ""
0000005 0x1c0519e4 in CClientTCPSocket::OnReceive(int) (this=0x83315600,
    nErrorCode=0) at ClientTCPSocket.cpp:1726
No locals.
0000006 0x1c0472dc in CClientTCPSocketHandler::ClientTCPSocketHandler(wxSocketEvent&
) (this=0x3c091c60, event=@0x80c7d200) at ClientTCPSocket.cpp:99
        socket = (CClientTCPSocket *) 0x83315600
0000007 0x04a21aa4 in wxAppConsole::HandleEvent(wxEvtHandler*, void (wxEvtHandler::*
)(wxEvent&), wxEvent&) const () from /usr/local/lib/libwx_base-2.6.so
No symbol table info available.
0000008 0x04abb854 in wxEvtHandler::ProcessEventIfMatches(wxEventTableEntryBase cons
t&, wxEvtHandler*, wxEvent&) () from /usr/local/lib/libwx_base-2.6.so
No symbol table info available.
0000009 0x04abaccd in wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) ()
   from /usr/local/lib/libwx_base-2.6.so
No symbol table info available.
0000010 0x04abb9cc in wxEvtHandler::ProcessEvent(wxEvent&) ()
   from /usr/local/lib/libwx_base-2.6.so
No symbol table info available.
#11 0x04abb7a7 in wxEvtHandler::ProcessPendingEvents() ()
   from /usr/local/lib/libwx_base-2.6.so
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
0000012 0x04a21a25 in wxAppConsole::ProcessPendingEvents() ()
   from /usr/local/lib/libwx_base-2.6.so
No symbol table info available.
0000013 0x1c00c62a in CamuleDaemonApp::OnRun() (this=0x7e211100) at amuled.cpp:421
No locals.
0000014 0x04a6174e in wxEntry(int&, char**) ()
   from /usr/local/lib/libwx_base-2.6.so
No symbol table info available.
0000015 0x1c00b5a5 in main (argc=2, argv=0xcfbeb368) at amuled.cpp:124
No locals.
(0001829)
complexity   
2006-01-25 21:39   
FYI. the backtraces were done on binary compiled with gmake on openbsd 3.8 using the following configure statement:
./configure --enable-debug --disable-optimize --enable-amulecmd --enable-webserver --disable-monolithic --enable-amule-daemon
(0001830)
complexity   
2006-01-25 21:41   
One more thing, during the autoconf process, the following warning message about sys/mount.h was displayed and I noticed (in the stable binary compiled with the -fno-stack-protector flag) that amuled was having problems reading from /dev/urandom and complained of bad file descriptors on other files:

-bash-3.00$ ./configure --enable-debug --disable-optimize --enable-amulecmd --enable-webserver --disable-monolithic --enable-amule-daemon

checking sys/mount.h usability... no
checking sys/mount.h presence... yes
configure: WARNING: sys/mount.h: present but cannot be compiled
configure: WARNING: sys/mount.h: check for missing prerequisite headers?
configure: WARNING: sys/mount.h: see the Autoconf documentation
configure: WARNING: sys/mount.h: section "Present But Cannot Be Compiled"
configure: WARNING: sys/mount.h: proceeding with the preprocessor's result
configure: WARNING: sys/mount.h: in the future, the compiler will take precedence
configure: WARNING: ## ------------------------------ ##
configure: WARNING: ## Report this to admin@amule.org ##
configure: WARNING: ## ------------------------------ ##
(0001831)
Xaignar   
2006-01-26 00:30   
Hmmm, that's strange. Both of the crashes are from OP_REQFILENAMEANSWER packets, but I can't for the life of me see what should be the problem. Hopefully someone else can spot it.

I should also note that I've been running aMule 2.1.1-pre (no changes have been made to the relevant functions) compiled with a gcc4.1 snapshot and -fstack-protector, but didn't experience any stack-related crashes. Which version of gcc/propolice are you using?
(0001832)
complexity   
2006-01-26 17:14   
Now this is interesting... Xaignar's comment made me wonder if the problem was not with the code but with how OpenBSD 3.8 configures itself (by default)...

I increased the stacksize in /etc/login.conf to 32M (from the default 4M) and the amuled has been running, for the first time, error free and stable for the last 12 hours.

I don't ready access to a linux box to find out what the default "ulimit -n" values are for users, but this could be something worthnoting in the FAQ/README?

Chris
(0001833)
Xaignar   
2006-01-26 17:46   
Dont you mean -s? Here at least, -n is "open files".
Anyway, this is the value for my Arch install:
stack size (kbytes, -s) 8192
(0001834)
complexity   
2006-01-26 19:54   
yes, I meant "ulimit -s".

So maybe the appropriate stacksize is somewhere between 4M & 8M ?
(0001835)
Xaignar   
2006-01-28 17:00   
That seems to be the case.
(0001887)
complexity   
2006-03-19 19:14   
Anyways, this issue has been resovled by increasing the default stacksize to a value greater than 4M.

Thx.
(0001888)
Kry   
2006-03-19 23:46   
Let's close then.