Hi Devs,
I'm working on tracking down a SIGSEGV in libssh2 when invoking an SFTP
dirhandle stream in PHP. I think I know what is wrong, I'm just having some
trouble nailing down *why*. Could anyone offer any ideas? I'll file and fix
once I understand how it happened.
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff0509567 in sftp_close_handle (handle=0x7ffff387d000) at
sftp.c:2343
2343 s = handle->close_packet = LIBSSH2_ALLOC(session,
packet_len);
(gdb) bt
#0 0x00007ffff0509567 in sftp_close_handle (handle=0x7ffff387d000) at
sftp.c:2343
#1 0x00007ffff0509920 in libssh2_sftp_close_handle (hnd=0x7ffff387d000) at
sftp.c:2441
#2 0x00007ffff072edf5 in php_ssh2_sftp_dirstream_close
(stream=0x7ffff3873300, close_handle=1) at
/root/php-ssh2-0.12-39-g3dfe336+0.12/php-7.0/ssh2-v0.12-39-g3dfe336/ssh2_sftp.c:305
#3 0x000055555576bb87 in _php_stream_free ()
(gdb) p handle
$8 = (LIBSSH2_SFTP_HANDLE *) 0x7ffff387d000
(gdb) p handle->close_packet
$9 = (unsigned char *) 0x0
(gdb) p s
$10 = (unsigned char *) 0x7ffff387d000 ""
(gdb) p packet_len
$11 = 17
Here is the moment before. Notice that session is null. I'm assuming that
null pointer dereference is the problem. Why would that happen?
(gdb) bt full
#0 sftp_close_handle (handle=0x7ffff387d000) at sftp.c:2343
sftp = 0x7ffff3899000
channel = 0x7ffff3899180
session = 0x0
data_len = 140737279254528
packet_len = 17
s = 0x7ffff387d000 ""
data = 0x0
rc = 0
__PRETTY_FUNCTION__ = "sftp_close_handle"
#1 0x00007ffff0509920 in libssh2_sftp_close_handle (hnd=0x7ffff387d000) at
sftp.c:2441
entry_time = 1487299481
rc = 32767
#2 0x00007ffff072edf5 in php_ssh2_sftp_dirstream_close
(stream=0x7ffff3873300, close_handle=1) at
/root/php-ssh2-0.12-39-g3dfe336+0.12/php-7.0/ssh2-v0.12-39-g3dfe336/ssh2_sftp.c:305
data = 0x7ffff3802060
#3 0x000055555576bb87 in _php_stream_free ()
Thanks,
Brian
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2017-02-17