Re：Re:Re:Re: Segmentation fault libssh2_session_last_errno (session=0x0) at session.c:1219 (Daniel Stenberg

[balloon]

At 2013-07-08 18:00:03,libssh2-devel-requ...@cool.haxx.se wrote:

>Send libssh2-devel mailing list submissions to
>       libssh2-devel@cool.haxx.se
>
>To subscribe or unsubscribe via the World Wide Web, visit
>       http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
>or, via email, send a message with subject or body 'help' to
>       libssh2-devel-requ...@cool.haxx.se
>
>You can reach the person managing the list at
>       libssh2-devel-ow...@cool.haxx.se
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of libssh2-devel digest..."
>
>
>Today's Topics:
>
>   1. Re:Re:Re: Segmentation fault  libssh2_session_last_errno
>      (session=0x0) at session.c:1219 (Daniel Stenberg) (balloon)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Mon, 8 Jul 2013 10:46:30 +0800 (CST)
>From: balloon  <e_ball...@163.com>
>To: libssh2-devel@cool.haxx.se, curl-libr...@cool.haxx.se
>Subject: Re:Re:Re: Segmentation fault  libssh2_session_last_errno
>       (session=0x0) at session.c:1219 (Daniel Stenberg)
>Message-ID: <2f94c453.a1db.13fbc2c5b40.coremail.e_ball...@163.com>
>Content-Type: text/plain; charset="gbk"
>
>>This shows that the problem is in libcurl when sends a NULL to libssh2 so 
>>that 
>>it crashes.
>
>>I'm cc'ing this reply to the libcurl mailing list. Please take follow-ups 
>>there. I'd like you to rebuild libcurl with debug symbols left so that the 
>>stack trace becomes usable.
>
>>It shouldn't matter that it is Java, but it can very well be a problem that 
>>occurs only with that specific server implementation.
>I have tried hard to rebuild libcurl & libssh2 & openssl in debug mode. And 
>succeed to reproduce segmentation fault, though this time seg info seems 
>different.Here is my src code:#include <iostream>
>#include <curl.h>
>
>size_t write_callback(void *f_fp_ptr, size_t f_size, size_t f_nmemb, void 
>*fp_stream)
>{
>
>    size_t len = fwrite(f_fp_ptr, f_size, f_nmemb, (FILE *)fp_stream);
>    return len;
>}
>
>int main(int argc, char**argv)
>{
>char host[100];
>if(argc < 2)
>{
>std::cout<<"Nonono~~~input sftpserver ip pls."<<std::endl;
>return 1;
>}
>strcpy(host,argv[1]);
>std::string sftp_url="sftp://";;
>sftp_url+=host;
>sftp_url+="/a.txt";curl_easy_setopt(curl, CURLOPT_URL, sftp_url.c_str());    
>CURL *curl = curl_easy_init();
>    if (!curl)
>    {
>        std::cout<<"Fail to  initialize curl."<<std::endl;
>        return 1;
>    }
>    curl_easy_setopt(curl, CURLOPT_SSH_AUTH_TYPES, CURLSSH_AUTH_PASSWORD);
>    curl_easy_setopt(curl, CURLOPT_USERPWD, "test:test");
>    FILE *fd = fopen("tmp.txt", "w");
>    
>    curl_easy_setopt(curl, CURLOPT_WRITEDATA, fd);
>    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
>    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback);
>
>    // specify downloading file size
>    curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, (curl_off_t)1);
>    CURLcode res = CURL_LAST;
>
>    res = curl_easy_perform(curl);
>
>    if (CURLE_OK == res)
>    {
>         std::cout<<"succeed."<<std::endl;
>        curl_easy_cleanup(curl);
>       return 0;
>    }
>    else
>    {
>       std::cout<<"fail."<<std::endl;
>        curl_easy_cleanup(curl);
>       return 1;
>    }
>}
>
>Here is the result, pls let me know what can I do next.  Thanks.
>Starting program: /root/a.out 9.111.23.100
>warning: no loadable sections found in added symbol-file system-supplied DSO 
>at 0x2aaaaaaab000
>[Thread debugging using libthread_db enabled]
>sftp url: sftp://9.111.23.100/a.txt
>* STATE: INIT => CONNECT handle 0x86ecc8; line 1020 (connection #-5000) 
>* About to connect() to 9.111.23.100 port 22 (#0)
>*   Trying 9.111.23.100...
>* Adding handle: conn: 0x877cf8
>* Adding handle: send: 0
>* Adding handle: recv: 0
>* Curl_addHandleToPipeline: length: 1
>* 0x865828 is at send pipe head!
>* - Conn 0 (0x877cf8) send_pipe: 1, recv_pipe: 0
>* STATE: CONNECT => WAITCONNECT handle 0x86ecc8; line 1067 (connection #0) 
>* Connected to 9.111.23.100 (9.111.23.100) port 22 (#0)
>* SFTP 0x8781e0 state change from SSH_STOP to SSH_INIT
>* SFTP 0x8781e0 state change from SSH_INIT to SSH_S_STARTUP
>* STATE: WAITCONNECT => PROTOCONNECT handle 0x86ecc8; line 1180 (connection 
>#0) 
>
>Program received signal SIGSEGV, Segmentation fault.
>0x0000000000000000 in ?? ()
>(gdb) bt
>#0  0x0000000000000000 in ?? ()
>#1  0x00000000005c4a20 in DES_SPtrans ()
>#2  0x00000032759549e0 in ?? () from /lib64/libc.so.6
>#3  0x0000000000000014 in ?? ()
>#4  0x0000000000885778 in ?? ()
>#5  0x0000000000887437 in ?? ()
>#6  0x0000000000886780 in ?? ()
>#7  0x00000000008869c0 in ?? ()
>#8  0x0000000000886980 in ?? ()
>#9  0xc3e557dbb4ac6000 in ?? ()
>#10 0x22f09ddde873b1bc in ?? ()
>#11 0x000000005c053c02 in ?? ()
>#12 0x000000000088649c in ?? ()
>#13 0x00007fffffffce30 in ?? ()
>#14 0x000000000057f169 in hostkey_method_ssh_dss_sig_verify (session=Cannot 
>access memory at address 0xffffffffffffffe8
>)
>    at hostkey.c:329
>Backtrace stopped: previous frame inner to this frame (corrupt stack?)
>(gdb) 
>
I  can also send u the SFTP server binary to reproduce and investigate this 
issue, but I fail to attach it in this mail loop due to size limitation.
Pls specify some space that I can upload the SFTP server binary if u need it, 
thanks :)



_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel