Date: Sun, 26 Aug 2007 18:50:15 GMT From: Barbara <barbara.xxx1975@libero.it> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/115838: net-p2p/amule2 crashes if getting server list takes too long Message-ID: <200708261850.l7QIoFTM044294@www.freebsd.org> Resent-Message-ID: <200708261900.l7QJ045h068197@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 115838
>Category: ports
>Synopsis: net-p2p/amule2 crashes if getting server list takes too long
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Aug 26 19:00:03 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Barbara
>Release: 6.2-STABLE
>Organization:
>Environment:
FreeBSD satanasso.local.domain 6.2-STABLE FreeBSD 6.2-STABLE #0: Sat Aug 25 01:16:14 CEST 2007 root@satanasso.local.domain:/usr/obj/usr/src/sys/SATANASSO i386
>Description:
I had some crashes with net-p2p/amule2 trying to update the servers list.
The crashes happened when the downloads were taking too long.
I've noticed that the crashes were all happening exactly in the moment in which the rabbit, moved from right to left, is turning back to go to right again.
This should be caused by a wrong check on the number of the frames of the animated gif.
(GDB) bt full
#0 0x28a9120b in pthread_testcancel () from /lib/libpthread.so.2
No symbol table info available.
#1 0x28a7f73d in sigaction () from /lib/libpthread.so.2
No symbol table info available.
#2 0x28a78c95 in pthread_kill () from /lib/libpthread.so.2
No symbol table info available.
#3 0x28a78514 in raise () from /lib/libpthread.so.2
No symbol table info available.
#4 0x28b6773c in abort () from /lib/libc.so.6
No symbol table info available.
#5 0x289223b1 in wxFatalSignalHandler () at ./src/unix/utilsunx.cpp:1105
No locals.
#6 0x28a7d5f8 in sigaction () from /lib/libpthread.so.2
No symbol table info available.
#7 0x28a7f1c9 in sigaction () from /lib/libpthread.so.2
No symbol table info available.
#8 0x28a88245 in pthread_mutexattr_init () from /lib/libpthread.so.2
No symbol table info available.
#9 0x28a882c2 in pthread_mutexattr_init () from /lib/libpthread.so.2
No symbol table info available.
#10 0x28b50c43 in _ctx_start () from /lib/libc.so.6
No symbol table info available.
#11 0x00000000 in ?? ()
No symbol table info available.
#12 0xbfbfe2d0 in ?? ()
No symbol table info available.
#13 0xbfbfe010 in ?? ()
No symbol table info available.
#14 0x00000000 in ?? ()
No symbol table info available.
#15 0x28a88280 in pthread_mutexattr_init () from /lib/libpthread.so.2
No symbol table info available.
#16 0x28674b5a in wxGIFDecoder::ConvertToImage (this=0x8c33a00, frame=36,
image=0xbfbfe6e0) at ./src/common/gifdecod.cpp:119
pal = (unsigned char *) 0x55c048 <Address 0x55c048 out of bounds>
g = "\000\000\000\000^]\000\000����3�\033\b\220xg\b\000\000\000\000\000\000\000\000\000�\222\b\000\000\000\000\000\000\000\000\030���Lxg\b,xg\b<xg\b\000\000\000\000\200W�@\001�\222\b\220xg\bK\"�(\001\000\000\000\000\000\000\000\000�U\b8���YW�(\000AU\bH�U\b\017\000\000\000\177�\033\b$xg\b\000AU\b\024\001\000\000\000\000\000\000\234�+\b\000AU\b\000�U\b\001\000\000\000�G�(\000�U\bh���\220p�(\000AU\bH�U\b\017\000\000\000�h�(\000\000\000\000\030'V(`\002�\b \003�\b", '\0' <repeats 12 times>...
npixel = 146867360
src = (unsigned char *) 0x88bb800 "��+\b"
transparent = 682121049
r = "\000\000\000\000\000�U\b����YW�(\000\000X\bH�U\b\017\000\000\000\23
5�U(\000p�\b\000\000X\bK\"�(\001\000\000\000\000\000\000\000\000�U\b\030���YW�(\200e[\bH�U\b\017\000\000\000�D�( �V\b\200e[\b\000�U\b\001\000\000\000 \233X\b\000�U\b8���\220p�(\200e[\bH�U\b\017\000\000\000�D�( \233X\b\000�U\b8����j�(", '\0' <repeats 12 times>, "��\227(\234�+\b@\017f\bX���\215t\221( \233X\b��\227(", '\0' <repeats 12 times>, "��\227(x���"...
b = "\000\b\000\000\000��\b����c��(�G�(���(x���\231��(�\036�(\000�U\b\b���YW�(\200�\222\bH�U\b\017\000\000\000YW�\000\000\000\000\000\200�\222\bK\"�(\001\000\000\000\000\000\000\000\000�U\b8���YW�(\000^g\bH�U\b\017\000\000\000\000\000\000\000pN\222\b\000^g\b\000�U\b\001\000\000\000\220cg\b\000�U\bX���\220p�(\000^g\bH�U\b\017\000\000\000�D�(\220cg\b\000�U\bX����j�(", '\0' <repeats 12 times>, "��\227(\000\000\000\000$xg\bx�"...
dst = (unsigned char *) 0x7b64 <Address 0x7b64 out of bounds>
i = 139987584
sz = {x = 0, y = 139837440}
#17 0x08255333 in MuleGifCtrl::OnTimer (this=0x8601e00) at MuleGifCtrl.cpp:58
frame = {<wxObject> = {_vptr$wxObject = 0x83616b0,
static ms_classInfo = {m_className = 0x28943204, m_objectSize = 8,
m_objectConstructor = 0, m_baseInfo1 = 0x0, m_baseInfo2 = 0x0,
static sm_first = 0x0, m_next = 0x28985524,
static sm_classTable = 0x855f000}, m_refData = 0x0},
static sm_handlers = {<wxObjectList> = {<wxListBase> = {<wxObject> = {
_vptr$wxObject = 0x2894e7a8, static ms_classInfo = {
m_className = 0x28943204, m_objectSize = 8,
m_objectConstructor = 0, m_baseInfo1 = 0x0, m_baseInfo2 = 0x0,
static sm_first = 0x0, m_next = 0x28985524,
static sm_classTable = 0x855f000}, m_refData = 0x0}, m_count = 12,
m_destroy = false, m_nodeFirst = 0x85b5e60, m_nodeLast = 0x894f7a0,
m_keyType = wxKEY_NONE}, <No data fields>}, static ms_classInfo = {
m_className = 0x28942990, m_objectSize = 28,
m_objectConstructor = 0x288bb980 <wxList::wxCreateObject()>,
m_baseInfo1 = 0x289854b4, m_baseInfo2 = 0x0, static sm_first = 0x0,
m_next = 0x28985458, static sm_classTable = 0x855f000}},
static ms_classInfo = {m_className = 0x28738b84, m_objectSize = 8,
m_objectConstructor = 0x2867d190 <wxImage::wxCreateObject()>,
m_baseInfo1 = 0x289854b4, m_baseInfo2 = 0x0, static sm_first = 0x0,
m_next = 0x287ca1b4, static sm_classTable = 0x855f000}}
#18 0x2886953e in wxAppConsole::HandleEvent (this=0x855c800,
handler=0x8601e00, func=
{__pfn = 0x82552e0 <MuleGifCtrl::OnTimer(wxTimerEvent&)>, __delta = 0},
event=@0xbfbfe7f0) at ./src/common/appbase.cpp:320
No locals.
#19 0x2891bfcd in wxEvtHandler::ProcessEventIfMatches (entry=@0x8551f60,
handler=0x8601e00, event=@0xbfbfe7f0) at ./src/common/event.cpp:1204
tableId1 = 271283
tableId2 = -1
#20 0x2891afee in wxEventHashTable::HandleEvent (this=0x8551fc0,
event=@0xbfbfe7f0, self=0x8601e00) at ./src/common/event.cpp:877
n = 0
eventEntryTable = (
const wxEventTableEntryPointerArray &) @0x8c85194: {<wxBaseArrayPtrVoid> = {m_nSize = 1, m_nCount = 1, m_pItems = 0x8c85230}, <No data fields>}
count = 1
eventType = 10096
eTTnode = (wxEventHashTable::EventTypeTable * const) 0x8c85190
#21 0x2891c1a1 in wxEvtHandler::ProcessEvent (this=0x8601e00,
event=@0xbfbfe7f0) at ./src/common/event.cpp:1266
No locals.
#22 0x286c14cc in wxTimerBase::Notify (this=0x8601f58)
at ./src/common/timercmn.cpp:57
event = {<wxEvent> = {<wxObject> = {_vptr$wxObject = 0x8364330,
static ms_classInfo = {m_className = 0x28943204, m_objectSize = 8,
m_objectConstructor = 0, m_baseInfo1 = 0x0, m_baseInfo2 = 0x0,
static sm_first = 0x0, m_next = 0x28985524,
static sm_classTable = 0x855f000}, m_refData = 0x0},
m_eventObject = 0x8601f58, m_eventType = 10096, m_timeStamp = 0,
m_id = 271283, m_callbackUserData = 0x0, m_propagationLevel = 0,
m_skipped = false, m_isCommandEvent = false, static ms_classInfo = {
m_className = 0x28948c80, m_objectSize = 36, m_objectConstructor = 0,
m_baseInfo1 = 0x289854b4, m_baseInfo2 = 0x0, static sm_first = 0x0,
m_next = 0x2898593c, static sm_classTable = 0x855f000}},
m_interval = 120, static ms_classInfo = {m_className = 0x28740ae0,
m_objectSize = 40,
m_objectConstructor = 0x286c1300 <wxTimerEvent::wxCreateObject()>,
m_baseInfo1 = 0x28985954, m_baseInfo2 = 0x0, static sm_first = 0x0,
m_next = 0x287caba8, static sm_classTable = 0x855f000}}
#23 0x2859d600 in timeout_callback (data=0x8601f58) at ./src/gtk/timer.cpp:43
timer = (wxTimer *) 0x8601f58
#24 0x28e4a6b6 in g_main_context_is_owner ()
from /usr/local/lib/libglib-2.0.so.0
No symbol table info available.
#25 0x28e47c23 in g_main_context_dispatch ()
from /usr/local/lib/libglib-2.0.so.0
No symbol table info available.
#26 0x28e49597 in g_main_context_acquire ()
from /usr/local/lib/libglib-2.0.so.0
No symbol table info available.
#27 0x28e498ca in g_main_loop_run () from /usr/local/lib/libglib-2.0.so.0
No symbol table info available.
#28 0x2912b3e3 in IA__gtk_main () at gtkmain.c:1154
tmp_list = (GList *) 0x0
functions = (GList *) 0x0
init = (GtkInitFunction *) 0x8bcf140
functions = (GList *) 0x0
init = (GtkInitFunction *) 0x8bcf140
---Type <return> to continue, or q <return> to quit---
loop = (GMainLoop *) 0x8bcf160
#29 0x28592fe8 in wxEventLoop::Run (this=0x8bcf140) at ./src/gtk/evtloop.cpp:76
activate = {m_evtLoopOld = 0x0}
exitcode = 677594676
#30 0x28633bc2 in wxAppBase::MainLoop (this=0x855c800)
at ./src/common/appcmn.cpp:308
mainLoop = {<wxEventLoopPtr> = {m_ptr = 0x8bcf140}, m_pp = 0x855c840,
m_pOld = 0x0}
#31 0x28633d3e in wxAppBase::OnRun (this=0x855c800)
at ./src/common/appcmn.cpp:363
No locals.
#32 0x288aceef in wxEntry (argc=@0x28984330, argv=0x856bcd0)
at ./src/common/init.cpp:449
callOnExit = {<No data fields>}
cleanupOnExit = {<No data fields>}
#33 0x288ad01e in wxEntry (argc=@0xbfbfeac0, argv=0xbfbfeae8)
at ./src/common/init.cpp:461
No locals.
#34 0x0812098e in main (argc=1, argv=0x17e) at amule-gui.cpp:143
>How-To-Repeat:
Try setting http://www.srv1000.com/azz/server.met (for me it's slower than the default) as the URL in the Networks panel to update the servers list.
If for example you are using most of the download bandwidth, or your DNS is slow and the download of the list is not terminated before the rabbit is doing the u-turn to go from left to right, amule crashes.
For me, a way to reproduce the crash, is trying to download the list 3 or 4 time repeatedly from that server.
>Fix:
I have created a patch for src/MuleGifCtrl.cpp creating a file in the "files" directory named patch-MuleGifControl.cpp
Note that the part of the code that I've touched is in the patch that is in $DISTDIR/aMule-wx.patch\?rev\=1.2
Patch attached with submission follows:
--- src/MuleGifCtrl.cpp.orig 2007-08-26 02:02:37.000000000 +0200
+++ src/MuleGifCtrl.cpp 2007-08-26 02:08:22.000000000 +0200
@@ -52,8 +52,8 @@
}
void GoFirstFrame() { m_nframe = 0; }
- void GoNextFrame(bool dummy) { m_nframe < GetFrameCount() ? m_nframe++ : m_nframe = 0; }
- void GoLastFrame() { m_nframe = GetFrameCount(); }
+ void GoNextFrame(bool dummy) { m_nframe < GetFrameCount() - 1 ? m_nframe++ : m_nframe = 0; }
+ void GoLastFrame() { m_nframe = GetFrameCount() - 1; }
void ConvertToImage(wxImage* image) { wxGIFDecoder::ConvertToImage(m_nframe, image); }
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708261850.l7QIoFTM044294>