Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#2745 closed Bug (fixed)

Crash with tr_sessionSetPortForwardingEnabled()

Reported by: bbolli Owned by: charles
Priority: Normal Milestone: 1.90
Component: libtransmission Version: 1.76
Severity: Normal Keywords: backport-1.8x
Cc:

Description

Steps to reproduce:

  • open preferences
  • select "Network"
  • check "Automatically map port" and wait until the indicator stops spinning
  • uncheck "Automatically map port" and wait until the indicator stops spinning
  • select any other preference pane

See the attachment for the crash dump.

Attachments (3)

bt-crash-2745.txt (29.0 KB) - added by bbolli 12 years ago.
Crash dump & hardware info
bt-crash-2745-nightly.txt (30.8 KB) - added by bbolli 12 years ago.
Crash dump of -r9910 after second tab change
crash.txt (36.4 KB) - added by livings124 12 years ago.

Download all attachments as: .zip

Change History (16)

Changed 12 years ago by bbolli

Crash dump & hardware info

comment:1 Changed 12 years ago by livings124

I can't replicate this.

comment:2 Changed 12 years ago by bbolli

What other info do you need?

comment:3 follow-up: Changed 12 years ago by livings124

Is it repeatable? Does it happen in the released 1.76? Does it happen in the latest nightly? Are you sure it's triggered by changing tabs?

comment:4 Changed 12 years ago by bbolli

Is it repeatable?

Yes, I tried it at least three times before filing the ticket.

Are you sure it's triggered by changing tabs?

That's just one way to cause the crash, I've just found out. The other is to do steps 1-4, then close the prefs window, and try to reopen it.

Does it happen in the released 1.76? Does it happen in the latest nightly?

Didn't check those yet.

comment:5 in reply to: ↑ 3 Changed 12 years ago by bbolli

Replying to livings124:

Does it happen in the released 1.76?

No.

There's a different effect in this version: it takes a lot longer from clicking "Automatically map port" to the spinner starting to spin. FWIW, I have Little Snitch installed.

Does it happen in the latest nightly?

Yes, but only after the second tab change. See the new crash dump.

Changed 12 years ago by bbolli

Crash dump of -r9910 after second tab change

comment:6 Changed 12 years ago by livings124

  • Priority changed from Normal to Low
  • Severity changed from Major to Minor
  • Version changed from Other to 1.76

comment:7 Changed 12 years ago by livings124

  • Component changed from Mac Client to libtransmission
  • Owner changed from livings124 to charles

I have pinpointed this down to simply quickly toggling "Automatically map ports", which calls tr_sessionSetPortForwardingEnabled().

Changed 12 years ago by livings124

comment:8 Changed 12 years ago by livings124

  • Summary changed from Crash in preferences to Crash with tr_sessionSetPortForwardingEnabled()

comment:9 Changed 12 years ago by charles

  • Status changed from new to assigned

livings124: thanks for tracking this down a little further and for the crash report...

comment:10 Changed 12 years ago by charles

valgrind is keen:

==14598== Thread 2:
==14598== Invalid write of size 1
==14598==    at 0x80D30B3: miniwget_getaddr (miniwget.c:290)
==14598==    by 0x80D2786: UPNP_GetValidIGD (miniupnpc.c:754)
==14598==    by 0x80CA2D1: tr_upnpPulse (upnp.c:100)
==14598==    by 0x80C5BD3: natPulse (port-forwarding.c:81)
==14598==    by 0x80C5D56: onTimer (port-forwarding.c:129)
==14598==    by 0xA502BF: event_base_loop (event.c:392)
==14598==    by 0xA50429: event_loop (event.c:468)
==14598==    by 0xA5045E: event_dispatch (event.c:406)
==14598==    by 0x80A3FB2: libeventThreadFunc (trevent.c:230)
==14598==    by 0x808C772: ThreadFunc (platform.c:109)
==14598==    by 0x4C3AB4: start_thread (pthread_create.c:297)
==14598==    by 0x41AEDCD: clone (clone.S:130)
==14598==  Address 0x4469eb0 is 1,816 bytes inside a block of size 1,840 free'd
==14598==    at 0x40057F6: free (vg_replace_malloc.c:325)
==14598==    by 0x80CA0E2: tr_free (utils.h:315)
==14598==    by 0x80CA1D3: tr_upnpClose (upnp.c:73)
==14598==    by 0x80C5E6E: stop_forwarding (port-forwarding.c:180)
==14598==    by 0x80C5F55: tr_sharedTraversalEnable (port-forwarding.c:210)
==14598==    by 0x8097A83: tr_sessionSetPortForwardingEnabled (session.c:1737)
==14598==    by 0x806D0B2: prefschanged (main.c:1188)
==14598==    by 0x61B9D7: g_cclosure_marshal_VOID__STRING (gmarshal.c:496)
==14598==    by 0x60E5B2: g_closure_invoke (gclosure.c:767)
==14598==    by 0x624117: signal_emit_unlocked_R (gsignal.c:3247)
==14598==    by 0x62547C: g_signal_emit_valist (gsignal.c:2980)
==14598==    by 0x625906: g_signal_emit (gsignal.c:3037)
==14598==    by 0x8078C92: commitPrefsChange (tr-core.c:1446)
==14598==    by 0x8078D37: tr_core_set_pref_bool (tr-core.c:1474)
==14598==    by 0x8079725: toggled_cb (tr-prefs.c:60)
==14598==    by 0x61C2D3: g_cclosure_marshal_VOID__VOID (gmarshal.c:77)
==14598==    by 0x60E5B2: g_closure_invoke (gclosure.c:767)
==14598==    by 0x624117: signal_emit_unlocked_R (gsignal.c:3247)

comment:11 Changed 12 years ago by charles

  • Keywords backport-1.8x added; 1.80b4 removed
  • Resolution set to fixed
  • Status changed from assigned to closed

fixed in trunk for 1.90 by r10124.

tagged with backport-1.8x for inclusion if/when we do another 1.8x release.

comment:12 Changed 12 years ago by charles

  • Priority changed from Low to Normal
  • Severity changed from Minor to Normal

comment:13 Changed 12 years ago by charles

  • Milestone changed from None Set to 1.90
Note: See TracTickets for help on using tickets.