Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SIGSEGV in bdecode_node if the pointer is null #244

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix SIGSEGV in bdecode_node if the pointer is null #244

wants to merge 1 commit into from

Conversation

proninyaroslav
Copy link
Contributor

When I try to call a method like bdecode_node::dict_find_list_ex and if the node is not found, then the method returns a bdecode_node object with a null pointer inside. So, if I call any method that works with a pointer (e.g. bdecode_node::list_size) then it throws SIGSEGV:

Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 5356 (Thread-25), pid 4773 (retorrent.debug)
Cmdline: org.proninyaroslav.libretorrent.debug
pid: 4773, tid: 5356, name: Thread-25  >>> org.proninyaroslav.libretorrent.debug <<<
      #00 pc 00000000004e01fb  /data/app/~~EkxMRlct1QKfCfnHyTjFRg==/org.proninyaroslav.libretorrent.debug-FMioUk8YZURWH9vwH05GZA==/base.apk!libtorrent4j.so (BuildId: d53f27ff86ba13ddd65ced77599f29d7f089ba06)
      #01 pc 000000000046352f  /data/app/~~EkxMRlct1QKfCfnHyTjFRg==/org.proninyaroslav.libretorrent.debug-FMioUk8YZURWH9vwH05GZA==/base.apk!libtorrent4j.so (Java_org_libtorrent4j_swig_libtorrent_1jni_bdecode_1node_1list_1size+15) (BuildId: d53f27ff86ba13ddd65ced77599f29d7f089ba06)
      #04 pc 000000000003006c  [anon:dalvik-classes19.dex extracted in memory from /data/app/~~EkxMRlct1QKfCfnHyTjFRg==/org.proninyaroslav.libretorrent.debug-FMioUk8YZURWH9vwH05GZA==/base.apk!classes19.dex] (org.libtorrent4j.swig.bdecode_node.list_size+12)
      #06 pc 000000000001456e  /data/data/org.proninyaroslav.libretorrent.debug/code_cache/.overlay/base.apk/classes12.dex (org.proninyaroslav.libretorrent.core.model.session.TorrentSessionImpl.extractTrackers+62)
      #08 pc 0000000000017732  /data/data/org.proninyaroslav.libretorrent.debug/code_cache/.overlay/base.apk/classes12.dex (org.proninyaroslav.libretorrent.core.model.session.TorrentSessionImpl.mergeTorrent+266)
      #10 pc 0000000000015692  /data/data/org.proninyaroslav.libretorrent.debug/code_cache/.overlay/base.apk/classes12.dex (org.proninyaroslav.libretorrent.core.model.session.TorrentSessionImpl.addTorrent+882)
      #12 pc 000000000000b87a  [anon:dalvik-classes6.dex extracted in memory from /data/app/~~EkxMRlct1QKfCfnHyTjFRg==/org.proninyaroslav.libretorrent.debug-FMioUk8YZURWH9vwH05GZA==/base.apk!classes6.dex] (org.proninyaroslav.libretorrent.core.model.TorrentEngine.addTorrentSync+42)
      #14 pc 000000000001714c  [anon:dalvik-classes5.dex extracted in memory from /data/app/~~EkxMRlct1QKfCfnHyTjFRg==/org.proninyaroslav.libretorrent.debug-FMioUk8YZURWH9vwH05GZA==/base.apk!classes5.dex] (org.proninyaroslav.libretorrent.ui.addtorrent.AddTorrentViewModel.lambda$addTorrent$5$org-proninyaroslav-libretorrent-ui-addtorrent-AddTorrentViewModel+20)
      #16 pc 000000000001539c  [anon:dalvik-classes5.dex extracted in memory from /data/app/~~EkxMRlct1QKfCfnHyTjFRg==/org.proninyaroslav.libretorrent.debug-FMioUk8YZURWH9vwH05GZA==/base.apk!classes5.dex] (org.proninyaroslav.libretorrent.ui.addtorrent.AddTorrentViewModel$$ExternalSyntheticLambda5.run+12)

The solution is to check the pointer and return null bdecode_node if the pointer is null, for methods dict_find_*_ex, list_at, dict_at_node.

@aldenml
Copy link
Owner

aldenml commented Apr 2, 2023

I will look into this problem, but this file is auto-generated, so we need to find another solution.

@proninyaroslav
Copy link
Contributor Author

I forgot that SWIG is used in the project, probably it's possible to describe the interface for code generation?

@proninyaroslav
Copy link
Contributor Author

@aldenml
👋 Is there any good news about solving this problem?

@aldenml
Copy link
Owner

aldenml commented May 20, 2023

Hi @proninyaroslav still nothing, but I will look at it.

@MuhammadBayiz
Copy link

Any updates? I've been stuck on this for so long waiting for a fix

@proninyaroslav
Copy link
Contributor Author

@aldenml
Hi! Any news?

@aldenml
Copy link
Owner

aldenml commented Oct 8, 2023

Hi @proninyaroslav , hi :)

I looked a it and got close, but concluded it could take me a non-trivial amount of time to wrap up. Still no ETA.

@proninyaroslav
Copy link
Contributor Author

@aldenml
Thank you for still not giving up on this problem.

@proninyaroslav
Copy link
Contributor Author

proninyaroslav commented Jan 13, 2024
edited

@aldenml
Initially, I thought that SIGSEGV when calling dict_find_list_ex only if the dictonary key is not in bdecode (for example announce-list). But it turns out that SIGSEGV is raised even if dict_find_list_ex returns the correct bdecode object. For example, calling bdecode_node::list_size on this object will also rais SIGSEGV. It's very strange.

Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 7860 (Thread-13), pid 7751 (retorrent.debug)
Cmdline: org.proninyaroslav.libretorrent.debug
pid: 7751, tid: 7860, name: Thread-13  >>> org.proninyaroslav.libretorrent.debug <<<
      #00 pc 00000000004e258b  /data/app/~~NdgzqlpvdA_zPFCehZ-u9g==/org.proninyaroslav.libretorrent.debug-HZGrGgexkXsntScbKeq63Q==/base.apk!libtorrent4j.so (offset 0x479000) (BuildId: e8a7f9bbcc438c53202e53588fca979891cf4897)
      #01 pc 00000000004657ff  /data/app/~~NdgzqlpvdA_zPFCehZ-u9g==/org.proninyaroslav.libretorrent.debug-HZGrGgexkXsntScbKeq63Q==/base.apk!libtorrent4j.so (offset 0x479000) (Java_org_libtorrent4j_swig_libtorrent_1jni_bdecode_1node_1list_1size+15) (BuildId: e8a7f9bbcc438c53202e53588fca979891cf4897)
      #14 pc 0000000000014968  /data/data/org.proninyaroslav.libretorrent.debug/code_cache/.overlay/base.apk/classes12.dex (org.proninyaroslav.libretorrent.core.model.session.TorrentSessionImpl.extractTrackers+0)
      #20 pc 0000000000017af0  /data/data/org.proninyaroslav.libretorrent.debug/code_cache/.overlay/base.apk/classes12.dex (org.proninyaroslav.libretorrent.core.model.session.TorrentSessionImpl.mergeTorrent+0)
      #26 pc 0000000000015758  /data/data/org.proninyaroslav.libretorrent.debug/code_cache/.overlay/base.apk/classes12.dex (org.proninyaroslav.libretorrent.core.model.session.TorrentSessionImpl.addTorrent+0)
      #32 pc 000000000000bd48  <anonymous:7f28de7d4000> (org.proninyaroslav.libretorrent.core.model.TorrentEngine.addTorrentSync+0)
      #38 pc 00000000000175e4  <anonymous:7f28de70f000> (org.proninyaroslav.libretorrent.ui.addtorrent.AddTorrentViewModel.lambda$addTorrent$5+0)
      #44 pc 0000000000017170  <anonymous:7f28de70f000> (org.proninyaroslav.libretorrent.ui.addtorrent.AddTorrentViewModel.$r8$lambda$Ac_VEfLFHW8ule9GokjvWKj6DVg+0)
      #50 pc 0000000000015770  <anonymous:7f28de70f000> (org.proninyaroslav.libretorrent.ui.addtorrent.AddTorrentViewModel$$ExternalSyntheticLambda5.run+0)

var announceNode = node.dict_find_list_ex("announce-list");
if (announceNode == null) {
    return new ArrayList<>();
}
// SIGSEGV
var urls = new ArrayList<AnnounceEntry>(announceNode.list_size());
...

@aldenml
Copy link
Owner

aldenml commented Jan 15, 2024

Hi @proninyaroslav, I'm sorry I have unable to find some time to dedicate to this issue. I deduced a time ago that this is not a trivial issue, and I think it's related to a flaw on how SWIG generate the code for this particular structure. This is still on my TODO list.

@proninyaroslav
Copy link
Contributor Author

@aldenml
Is there a workaround? Early I used trackers() method, but it was removed from libtorren.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@proninyaroslav @aldenml @MuhammadBayiz