Package: gftp Version: 2.0.18-10 Severity: grave Justification: renders package unusable
Hi, Making segfault is similar to (closed) bug #325587, just connect to an FTP site and try to download one file (click with left arrow button). I recompiled with debug "gftp-2.0.18" (apt-get source) =========================================== Program received signal SIGSEGV, Segmentation fault. 0x08077c9c in rfc959_ipv4_data_connection_new (request=0x822fa30) at rfc959.c:706 706 memcpy (&data_addr.sin_addr, (gdb) bt #0 0x08077c9c in rfc959_ipv4_data_connection_new (request=0x822fa30) at rfc959.c:706 #1 0x080787db in rfc959_data_connection_new (request=0x822fa30) at rfc959.c:969 #2 0x08078c60 in rfc959_get_file (request=0x822fa30, filename=0x822f918 "/rep/fichier", fd=-1, startsize=0) at rfc959.c:1107 It is here (rfc959.c, line 1936) ============================================= if (ignore_pasv_address) { #if defined (HAVE_GETADDRINFO) memcpy (&data_addr.sin_addr, &((struct sockaddr_in *) request->current_hostp->ai_addr)->sin_addr, sizeof (data_addr.sin_addr)); #else memcpy (&data_addr.sin_addr, request->hostp->h_addr_list[request->curhost], request->hostp->h_length); #endif pos = (char *) &data_addr.sin_addr; request->logging_function (gftp_logging_error, request, _("Ignoring IP address in PASV response, connecting to %d.%d.%d.%d:%d\n"), pos[0] & 0xff, pos[1] & 0xff, pos[2] & 0xff, pos[3] & 0xff, ntohs (data_addr.sin_port)); } else memcpy (&data_addr.sin_addr, &ad[0], 4); ============================================= As you can see, it only happens, when the general option "Ignore PASV address" is ticked. (and with configure HAVE_GETADDRINFO) I saw that the request->current_hostp (and request->hostp) was NULL. The structure "fromreq" is created for the first time here: transfer_window_files (src/gtk/transfer.c): transfer->fromreq = gftp_copy_request (fromwdata->request); transfer->toreq = gftp_copy_request (towdata->request); transfer->fromwdata = fromwdata; Inside "fromwdate->request", hostp and current_hostp are not NULL, but after the call transfer->fromreq will have hostp=NULL. The problem is in "lib/misc", gftp_copy_request When you want to transfer files : current_hostp is not NULL and hostp is NULL. That's the problem. When browsing the ftp, the fonction is called with host filled (not NULL), so it's ok ! [ Loading directory listing / from server ([EMAIL PROTECTED]) PASV 227 Entering Passive Mode (11,22,33,44,195,105) Ignoring IP address in PASV response, connecting to 11.22.33.44:50025 ] (misc.c, around line 1335) ============================================= #if defined (HAVE_GETADDRINFO) && defined (HAVE_GAI_STRERROR) struct addrinfo *hostp = req->hostp; struct addrinfo *newhostp = newreq->hostp; /* <=== bug */ while (hostp != NULL) { newhostp = g_malloc (sizeof(struct addrinfo)); memcpy(newhostp, hostp, sizeof(struct addrinfo)); newhostp->ai_addr = g_malloc (sizeof(struct sockaddr)); memcpy(newhostp->ai_addr, hostp->ai_addr, sizeof(struct sockaddr)); if (hostp->ai_canonname) newhostp->ai_canonname = strdup(hostp->ai_canonname); if (req->current_hostp == hostp) newreq->current_hostp = newhostp; hostp = hostp->ai_next; newhostp = newhostp->ai_next; } #else newreq->hostp = g_malloc (sizeof(struct hostent)); memcpy(newreq->hostp, req->hostp, sizeof(struct hostent)); newreq->host = req->host; newreq->curhost = req->curhost; #endif ============================================= The first element is never set to newreq->hostp, because malloc is done after. I also think that listed list is not correct (only if req->hostp->ai_next != NULL, which is not very common). That's all ! Matthieu Crapet -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-matt Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages gftp depends on: ii gftp-gtk 2.0.18-10 X/GTK+ FTP client ii gftp-text 2.0.18-10 colored FTP client using GLib gftp recommends no packages. -- no debconf information
misc.c-patch.gz
Description: Binary data