www.libssh2.org | Daily snapshots | Mailing list archive | Docs | Examples | github

Archive Index This month's Index

Subject: Debugging php-ssh2 crash

Debugging php-ssh2 crash

From: Brian Morton <rokclimb15_at_gmail.com>
Date: Thu, 16 Feb 2017 22:07:22 -0500

Hi Devs,

I'm working on tracking down a SIGSEGV in libssh2 when invoking an SFTP
dirhandle stream in PHP. I think I know what is wrong, I'm just having some
trouble nailing down *why*. Could anyone offer any ideas? I'll file and fix
once I understand how it happened.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff0509567 in sftp_close_handle (handle=0x7ffff387d000) at
sftp.c:2343
2343 s = handle->close_packet = LIBSSH2_ALLOC(session,
packet_len);
(gdb) bt
#0 0x00007ffff0509567 in sftp_close_handle (handle=0x7ffff387d000) at
sftp.c:2343
#1 0x00007ffff0509920 in libssh2_sftp_close_handle (hnd=0x7ffff387d000) at
sftp.c:2441
#2 0x00007ffff072edf5 in php_ssh2_sftp_dirstream_close
(stream=0x7ffff3873300, close_handle=1) at
/root/php-ssh2-0.12-39-g3dfe336+0.12/php-7.0/ssh2-v0.12-39-g3dfe336/ssh2_sftp.c:305
#3 0x000055555576bb87 in _php_stream_free ()

(gdb) p handle
$8 = (LIBSSH2_SFTP_HANDLE *) 0x7ffff387d000
(gdb) p handle->close_packet
$9 = (unsigned char *) 0x0
(gdb) p s
$10 = (unsigned char *) 0x7ffff387d000 ""
(gdb) p packet_len
$11 = 17

Here is the moment before. Notice that session is null. I'm assuming that
null pointer dereference is the problem. Why would that happen?

(gdb) bt full
#0 sftp_close_handle (handle=0x7ffff387d000) at sftp.c:2343
        sftp = 0x7ffff3899000
        channel = 0x7ffff3899180
        session = 0x0
        data_len = 140737279254528
        packet_len = 17
        s = 0x7ffff387d000 ""
        data = 0x0
        rc = 0
        __PRETTY_FUNCTION__ = "sftp_close_handle"
#1 0x00007ffff0509920 in libssh2_sftp_close_handle (hnd=0x7ffff387d000) at
sftp.c:2441
        entry_time = 1487299481
        rc = 32767
#2 0x00007ffff072edf5 in php_ssh2_sftp_dirstream_close
(stream=0x7ffff3873300, close_handle=1) at
/root/php-ssh2-0.12-39-g3dfe336+0.12/php-7.0/ssh2-v0.12-39-g3dfe336/ssh2_sftp.c:305
        data = 0x7ffff3802060
#3 0x000055555576bb87 in _php_stream_free ()

Thanks,

Brian

_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2017-02-17

the libssh2 team