Opened 14 years ago

Closed 14 years ago

Last modified 14 years ago

#811 closed Bug (fixed)

[PATCH] segfault on 64bit since r5329

Reported by: rvv Owned by: charles
Priority: Normal Milestone: 1.20
Component: libtransmission Version:
Severity: Major Keywords:
Cc:

Description

r5329 changed many int's to tr_file_index_t, in libtransmission/torrent.c in the function setFileDND() the for-loop counter i is changed to tr_file_index_t because of how it's used in the 2nd for-loop, but in the 1st it is decremented which results in illegal memory access when it wraps (since tr_file_index_t is unsigned).

I'm attaching valgrind backtrace and patch to change tr_file_index_t to int32_t, alternative, and possibly better, solution is to rewrite the for-loops.

Attachments (3)

tr_file_index_t-type.patch (404 bytes) - added by rvv 14 years ago.
valgrind.txt (1.4 KB) - added by rvv 14 years ago.
transmission-setFileDND-64bit.patch (865 bytes) - added by rvv 14 years ago.

Download all attachments as: .zip

Change History (7)

Changed 14 years ago by rvv

Changed 14 years ago by rvv

comment:1 Changed 14 years ago by charles

  • Status changed from new to assigned

comment:2 Changed 14 years ago by rvv

I have a simpler patch that only changes setFileDND(). Tested OS X 10.5 (i386) and 64bit linux.

Changed 14 years ago by rvv

comment:3 Changed 14 years ago by charles

  • Milestone changed from None Set to 1.20
  • Resolution set to fixed
  • Status changed from assigned to closed
  • Version 1.06 deleted

Thanks very much for reporting this.

I've tried to make a patch for this that does the job without casting away the tr_file_index_t type, and r5357 seems to do the job.

comment:4 Changed 14 years ago by charles

  • Severity changed from Normal to Major
Note: See TracTickets for help on using tickets.