New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

module-ssh2: crash in SFTPClient #1040

Closed
davidnich opened this Issue Jun 28, 2016 · 2 comments

Comments

Projects
None yet
2 participants
@davidnich
Contributor

davidnich commented Jun 28, 2016

backtrace retrieved form the Oracle ocilib signal handler and processed with c++filt:

libssh2_session_last_errno()+12
SFTPClient::doSessionErrUnlocked(ExceptionSink*, QoreStringNode*)+50
00002B7900000002
SFTPClient::~SFTPClient()
64894CFD8948E824

@davidnich davidnich added bug c++ labels Jun 28, 2016

@davidnich davidnich added this to the 0.8.12 milestone Jun 28, 2016

@tethal

This comment has been minimized.

Contributor

tethal commented Jun 28, 2016

This may be related - it segfaults randomly in the second call to connect():

%new-style
%enable-all-warnings
%require-types
%strict-args
%requires ssh2

SFTPClient c("sftp://demo.wftpserver.com:2222");
c.setUser("demo-user");
c.setPassword("demo-user");
printf("1\n");
c.connect();
printf("2\n");
c.connect();

backtrace:

#0  0x00007ffff4524150 in libssh2_session_last_errno () from /usr/lib/x86_64-linux-gnu/libssh2.so.1
#1  0x00007ffff4753ab9 in SFTPClient::doSessionErrUnlocked (this=0x8f4610, xsink=0x7fffffffdaa0, desc=0x8f4560) at /home/otethal/src/qore/git/module-ssh2/src/SFTPClient.cpp:1287
#2  0x00007ffff4753ecb in QSftpHelper::err (this=0x7fffffffc0c0, fmt=0x7ffff47673e0 "Unable to initialize SFTP session") at /home/otethal/src/qore/git/module-ssh2/src/SFTPClient.cpp:1334
#3  0x00007ffff475116e in SFTPClient::sftpConnectUnlocked (this=0x8f4610, timeout_ms=60000, xsink=0x7fffffffdaa0) at /home/otethal/src/qore/git/module-ssh2/src/SFTPClient.cpp:748
#4  0x00007ffff4751436 in SFTPClient::sftpConnect (this=0x8f4610, timeout_ms=60000, xsink=0x7fffffffdaa0) at /home/otethal/src/qore/git/module-ssh2/src/SFTPClient.cpp:786
#5  0x00007ffff4754776 in SFTPClient::connect (this=0x8f4610, timeout_ms=60000, xsink=0x7fffffffdaa0) at /home/otethal/src/qore/git/module-ssh2/src/SFTPClient.h:132
#6  0x00007ffff47620ce in SSH2Base_connect_Vt (self=0x8ee4c0, myself=0x8f4610, args=0x924db0, rtflags=0, xsink=0x7fffffffdaa0) at /home/otethal/src/qore/git/module-ssh2/src/QC_SSH2Base.qpp:66

This one is caused by an attempt to report an error after closing the connection:

if (libssh2_session_last_errno(ssh_session) == LIBSSH2_ERROR_EAGAIN) {
   if (qh.waitSocket())
      return -1;
}
else {
   disconnectUnlocked(true); // force shutdown     <----- ssh_session destroyed here
   if (xsink)
      qh.err("Unable to initialize SFTP session");    <----- ssh_session accessed here
   return -1;
}
@tethal

This comment has been minimized.

Contributor

tethal commented Jun 28, 2016

It is still not clear how to reproduce the original error (as far as I can see there is no way doSessionErrUnlocked() can be called from the SFTPClient::~SFTPClient() destructor) - however, a segfault in doSessionErrUnlocked() can happen anytime an error occurs:

void QSftpHelper::err(const char* fmt, ...) {
   tryClose();      <------ this may destroy ssh_session if an error occurs
   ...
   client->doSessionErrUnlocked(xsink, desc);   <------ this assumes that ssh_session exists
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment