Opened 12 years ago

Closed 12 years ago

#2653 closed Bug (fixed)

transmission-remote-dotnet makes transmission-daemon segfault

Reported by: egolost Owned by: charles
Priority: Normal Milestone:
Component: libtransmission Version: 1.76+
Severity: Normal Keywords:
Cc:

Description

If I add a magnet link with the console client transmission-remote and then connect with the gui client transmission-remote-dotnet the daemon segfaults. Maybe the daemon should kick the client of instead of segfault?

Change History (3)

comment:1 Changed 12 years ago by Elbandi

(gdb) where
#0  0xb7c64283 in strlen () from /lib/tls/i686/cmov/libc.so.6
#1  0x08069871 in tr_base64_encode (input=0x0, length=0, setme_len=0x0) at utils.c:1049
#2  0x0809a91d in addField (tor=0x813d388, d=0x817ee90, key=0x81f5744 "pieces") at rpcimpl.c:546
#3  0x0809b3c4 in addInfo (tor=0x813d388, d=0x817ee90, fields=0x80c4b60) at rpcimpl.c:637
#4  0x0809b5c6 in torrentGet (session=0x80be1b8, args_in=0x813d310, args_out=0x80c5138, idle_data=0x0) at rpcimpl.c:673
#5  0x0809dde6 in request_exec (session=0x80be1b8, request=0xb796013c, callback=0x808fdf8 <rpc_response_func>, callback_user_data=0x8109968) at rpcimpl.c:1493
#6  0x0809e051 in tr_rpc_request_exec_json (session=0x80be1b8, request_json=0x81d3df8, request_len=740, callback=0x808fdf8 <rpc_response_func>, callback_user_data=0x8109968)
    at rpcimpl.c:1536
#7  0x0808ff58 in handle_rpc (req=0x8111b90, server=0x80cc3e0) at rpc-server.c:531
#8  0x0809040d in handle_request (req=0x8111b90, arg=0x80cc3e0) at rpc-server.c:650
#9  0xb7ef2d04 in ?? () from /usr/lib/libevent-1.4.so.2
...

at #1 base64_encode called with a null argument. but i dunno why. yet.

comment:2 Changed 12 years ago by charles

  • Component changed from Daemon to libtransmission
  • Milestone None Set deleted
  • Owner set to charles
  • Status changed from new to assigned

Looks like it's being called on a magnet link before the magnet's got its piece bitfield yet. We should return an empty set for this request, since we'll also be returning 0 for the pieceCount argument.

Regardless, tr_base64_encode() shouldn't die when NULL gets passed in.

comment:3 Changed 12 years ago by charles

  • Resolution set to fixed
  • Status changed from assigned to closed

Fixed in trunk for 1.80 by r9696. Thanks for reporting the crash and for hunting down how it was happening!

Note: See TracTickets for help on using tickets.