Summary: | ktorrent segfaults due to SHA1HashGen::update() always seeing a data length of 0x4000 | ||
---|---|---|---|
Product: | [Applications] ktorrent | Reporter: | Rick <kde.hdb9z> |
Component: | general | Assignee: | Joris Guisson <joris.guisson> |
Status: | RESOLVED FIXED | ||
Severity: | crash | CC: | a.allford, ahepas1999, alex.rox.13, angeltronix, ankeandmalcolm, auimaue, bugs, chanweiyee, codysophiagreen, darkwaveguru, Erika.L.Fabricius, ezza71, garuda.lj, gokulsurendiran, kc9ddi, lewisnigh, mantvius, marco.goncalves, maxim, misc.narendra, nadia.linder, nicola.diruvo, piotrek.szz, post, sansey32, sathishkumarmnm, sela, tushar.pereira, xav.chezxav |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Slackware | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: | |||
Attachments: |
It's what I was going to cut-and-paste into your "Details"
test code and logfile showing problems in ChunkDownload::updateHash() |
Description
Rick
2011-03-10 21:33:02 UTC
Created attachment 57869 [details]
test code and logfile showing problems in ChunkDownload::updateHash()
Interesting, this bug was fixed in libktorrent 1.1beta1, but I did never quite got to the bottom of this issue. I think however your analysis is not correct, even though you have made me understand the problem completely. The problem is that the Piece parameter of ChunkDownload::piece is incomplete. The Piece should be a piece of 16K long, but it is only 0xD bytes. It should be 16K long because piece 0x79 is not the last piece (0x7f would be the last if num is 0x80). This 0xD bytes long piece is then put into a PieceData object which is put in the piece_data array. We then call updateHash, which then wrongfully assumes that the PieceData object is the entire piece, but there is only 0xD bytes in it. And this then directly leads to the segmentation fault, when the hash is being calculated. What I have fixed in 1.1 is the crash, but the initial problem is still there. A situation like this would lead to the calculated hash not matching the one specified in the torrent, and the chunk would have to be downloaded again. Either ktorrent is requesting a piece with the wrong size, or another peer is sending back a piece of the wrong length in reply to a request of ktorrent. Anyway a big thanks for looking into this, now I finally understand what is going wrong. Git commit b3cf06c2eb97303c746aed0759f930691002cee0 by Joris. Committed on 13/03/2011 at 11:07. Pushed by guisson into branch 'master'. Fix root cause of SHA1HashGen crashes in 1.0 series BUG: 268162 M +1 -0 ChangeLog M +2 -1 src/download/chunkdownload.cpp http://commits.kde.org/libktorrent/b3cf06c2eb97303c746aed0759f930691002cee0 Git commit 904864fe28fa4ad859d527f1b672444a2bb93fa4 by Joris. Committed on 13/03/2011 at 11:07. Pushed by guisson into branch '1.1'. Fix root cause of SHA1HashGen crashes in 1.0 series CCBUG: 268162 M +1 -0 ChangeLog M +2 -1 src/download/chunkdownload.cpp http://commits.kde.org/libktorrent/904864fe28fa4ad859d527f1b672444a2bb93fa4 *** Bug 270081 has been marked as a duplicate of this bug. *** *** Bug 270234 has been marked as a duplicate of this bug. *** *** Bug 270513 has been marked as a duplicate of this bug. *** *** Bug 271116 has been marked as a duplicate of this bug. *** *** Bug 272937 has been marked as a duplicate of this bug. *** *** Bug 273240 has been marked as a duplicate of this bug. *** *** Bug 273789 has been marked as a duplicate of this bug. *** *** Bug 274114 has been marked as a duplicate of this bug. *** *** Bug 274211 has been marked as a duplicate of this bug. *** *** Bug 274602 has been marked as a duplicate of this bug. *** *** Bug 275380 has been marked as a duplicate of this bug. *** *** Bug 275847 has been marked as a duplicate of this bug. *** *** Bug 276297 has been marked as a duplicate of this bug. *** *** Bug 277490 has been marked as a duplicate of this bug. *** *** Bug 277331 has been marked as a duplicate of this bug. *** *** Bug 278416 has been marked as a duplicate of this bug. *** *** Bug 278911 has been marked as a duplicate of this bug. *** *** Bug 278888 has been marked as a duplicate of this bug. *** *** Bug 280281 has been marked as a duplicate of this bug. *** *** Bug 280358 has been marked as a duplicate of this bug. *** *** Bug 280472 has been marked as a duplicate of this bug. *** *** Bug 280684 has been marked as a duplicate of this bug. *** *** Bug 280675 has been marked as a duplicate of this bug. *** *** Bug 280660 has been marked as a duplicate of this bug. *** *** Bug 280597 has been marked as a duplicate of this bug. *** *** Bug 280900 has been marked as a duplicate of this bug. *** *** Bug 280803 has been marked as a duplicate of this bug. *** *** Bug 282220 has been marked as a duplicate of this bug. *** *** Bug 283406 has been marked as a duplicate of this bug. *** *** Bug 288119 has been marked as a duplicate of this bug. *** *** Bug 297647 has been marked as a duplicate of this bug. *** *** Bug 297790 has been marked as a duplicate of this bug. *** *** Bug 300906 has been marked as a duplicate of this bug. *** |