#212: Win32 access violation reading beyond module's executable address space
----------------------------------------------------------------+-----------
Reporter: me.yahoo.com/a/zb4rfgwuv_ft.mggqltssk.ndw--#37f15 | Owner:
Type: defect | Status: new
Priority: normal | Milestone: 1.2.8
Component: SFTP | Version: 1.2.7
Keywords: | Blocks:
Blocked By: |
----------------------------------------------------------------+-----------
I first discovered this problem last night against 1.2.8-20101213, today's
snapshot still reports the following error:
First-chance exception at 0x100400ec (libssh2.dll) in JobController.exe:
0xC0000005: Access violation reading location 0x100dd000.
Module libssh2.dll occupies address space 10000000-100DD000.
Stack trace at point of exception shows:
libssh2.dll!_SHA1_Init() + 0x26c bytes
libssh2.dll!_SHA1_Update() + 0xc8 bytes
libssh2.dll!_HMAC_CTX_set_flags() + 0x67 bytes
libssh2.dll!_EVP_DigestUpdate() + 0x14 bytes
libssh2.dll!_RAND_SSLeay() + 0x5a6 bytes
libssh2.dll!_RAND_bytes() + 0x52 bytes
libssh2.dll!_libssh2_channel_write() Line 2066 + 0x2a bytes
libssh2.dll!sftp_write() Line 1619 + 0x20 bytes
libssh2.dll!libssh2_sftp_write() Line 1721 + 0x11 bytes
Line 2066 for _libssh2_channel_write reads:
if (channel->write_state == libssh2_NB_state_created) {
rc = _libssh2_transport_send(session, channel->write_packet,
channel->write_packet_len,
buf, channel->write_bufwrite);
if (rc == LIBSSH2_ERROR_EAGAIN) {
return _libssh2_error(session, rc,
"Unable to send channel data");
}
The program is a multi-threaded 32bit .NET application using a
classlibrary to wrap libssh2 in a managed layer. Until now this has worked
perfectly every time for me. No customisations have been made to the
library. It performs several SFTP fetches to retrieve zipped data,
processes them and stores the results locally. It then transmits those
results back using SFTP to multiple locations.
The error appears on both w2k8 64bit and xp/sp3 32bit. Recompiled zlib to
1.2.5 and openssl to 0.9.8r just in case, no effect. Tested against 3
different servers - CompleteFTP and freesshd local to the machine and
linux openssh on a virtual machine; all 3 exhibit the same problem at
approximately the same point. None of the servers report anything out of
the ordinary in their logs.
The exact same code works correctly if I limit the threading to only one
transfer at once, even though though each transfer occurs in it's own
thread with the session created and accessed from only that one thread.
I hope to recreate this using a much-simplified multi-threaded C program
and attach the program to this ticket, but if there's anything I can
provide before then, please let me know.
-- Ticket URL: <http://trac.libssh2.org/ticket/212> libssh2 <http://trac.libssh2.org/> C library for writing portable SSH2 clients _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-develReceived on 2011-02-15