[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [BUG] Recursion crash when calling ssh_channel_write()


On 14.02.19 01:22, Alberto Garcia wrote:

> Forgot to add the callstack so you understand the code path the
> execution takes when calling  *ssh_channel_write*() . 
> *my_fd_data_function*  is the callback set with  ssh_event_add_fd()
>         [crash]
>         [.. more...]
>  VS-ssh-direct-tcp.exe!*my_fd_data_function*(unsigned int fd, int
> revents, void * userdata) Line 460C
>  VS-ssh-direct-tcp.exe!ssh_event_fd_wrapper_callback(ssh_poll_handle_struct
> * p, unsigned int fd, int revents, void * userdata) Line 719C
>  VS-ssh-direct-tcp.exe!ssh_poll_ctx_dopoll(ssh_poll_ctx_struct * ctx,
> int timeout) Line 628C
>  VS-ssh-direct-tcp.exe!ssh_handle_packets(ssh_session_struct *
> session, int timeout) Line 630C
>  VS-ssh-direct-tcp.exe!ssh_handle_packets_termination(ssh_session_struct
> * session, int timeout, int(*)(void *) fct, void * user) Line 692C
>  VS-ssh-direct-tcp.exe!ssh_blocking_flush(ssh_session_struct *
> session, int timeout) Line 500C
>  VS-ssh-direct-tcp.exe!ssh_channel_flush(ssh_channel_struct * channel)
> Line 1222C
>  VS-ssh-direct-tcp.exe!channel_write_common(ssh_channel_struct *
> channel, const void * data, unsigned int len, int is_stderr) Line 1354C
>  VS-ssh-direct-tcp.exe!ssh_channel_write(ssh_channel_struct * channel,
> const void * data, unsigned int len) Line 1403C
>  VS-ssh-direct-tcp.exe!*my_fd_data_function*(unsigned int fd, int
> revents, void * userdata) Line 460C
>  VS-ssh-direct-tcp.exe!ssh_event_fd_wrapper_callback(ssh_poll_handle_struct
> * p, unsigned int fd, int revents, void * userdata) Line 719C
>  VS-ssh-direct-tcp.exe!ssh_poll_ctx_dopoll(ssh_poll_ctx_struct * ctx,
> int timeout) Line 628C
>  VS-ssh-direct-tcp.exe!ssh_event_dopoll(ssh_event_struct * event, int
> timeout) Line 888C
>  VS-ssh-direct-tcp.exe!per_conn_thread(void * args) Line 1068C
>
... and this doesn't happen on Linux, so my guess is that it's related
to ssh_poll_emu() i.e. bsd_poll... And then maybe revents are not set
properly.

In my_fd_data_function() we have:

    if (!(revents & POLLIN)) {
        return 0;
    }

This should actually prevent from doing anything if it's called for
something else than reading.

Till


References:
[BUG] Recursion crash when calling ssh_channel_write()Alberto Garcia <agarciaillera@xxxxxxxxx>
Re: [BUG] Recursion crash when calling ssh_channel_write()Alberto Garcia <agarciaillera@xxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org