Fix SIGSEGV in bdecode_node if the pointer is null

proninyaroslav commented 1 year ago

When I try to call a method like bdecode_node::dict_find_list_ex and if the node is not found, then the method returns a bdecode_node object with a null pointer inside. So, if I call any method that works with a pointer (e.g. bdecode_node::list_size) then it throws SIGSEGV:

Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 5356 (Thread-25), pid 4773 (retorrent.debug)
Cmdline: org.proninyaroslav.libretorrent.debug
pid: 4773, tid: 5356, name: Thread-25  >>> org.proninyaroslav.libretorrent.debug <<<
      #00 pc 00000000004e01fb  /data/app/~~EkxMRlct1QKfCfnHyTjFRg==/org.proninyaroslav.libretorrent.debug-FMioUk8YZURWH9vwH05GZA==/base.apk!libtorrent4j.so (BuildId: d53f27ff86ba13ddd65ced77599f29d7f089ba06)
      #01 pc 000000000046352f  /data/app/~~EkxMRlct1QKfCfnHyTjFRg==/org.proninyaroslav.libretorrent.debug-FMioUk8YZURWH9vwH05GZA==/base.apk!libtorrent4j.so (Java_org_libtorrent4j_swig_libtorrent_1jni_bdecode_1node_1list_1size+15) (BuildId: d53f27ff86ba13ddd65ced77599f29d7f089ba06)
      #04 pc 000000000003006c  [anon:dalvik-classes19.dex extracted in memory from /data/app/~~EkxMRlct1QKfCfnHyTjFRg==/org.proninyaroslav.libretorrent.debug-FMioUk8YZURWH9vwH05GZA==/base.apk!classes19.dex] (org.libtorrent4j.swig.bdecode_node.list_size+12)
      #06 pc 000000000001456e  /data/data/org.proninyaroslav.libretorrent.debug/code_cache/.overlay/base.apk/classes12.dex (org.proninyaroslav.libretorrent.core.model.session.TorrentSessionImpl.extractTrackers+62)
      #08 pc 0000000000017732  /data/data/org.proninyaroslav.libretorrent.debug/code_cache/.overlay/base.apk/classes12.dex (org.proninyaroslav.libretorrent.core.model.session.TorrentSessionImpl.mergeTorrent+266)
      #10 pc 0000000000015692  /data/data/org.proninyaroslav.libretorrent.debug/code_cache/.overlay/base.apk/classes12.dex (org.proninyaroslav.libretorrent.core.model.session.TorrentSessionImpl.addTorrent+882)
      #12 pc 000000000000b87a  [anon:dalvik-classes6.dex extracted in memory from /data/app/~~EkxMRlct1QKfCfnHyTjFRg==/org.proninyaroslav.libretorrent.debug-FMioUk8YZURWH9vwH05GZA==/base.apk!classes6.dex] (org.proninyaroslav.libretorrent.core.model.TorrentEngine.addTorrentSync+42)
      #14 pc 000000000001714c  [anon:dalvik-classes5.dex extracted in memory from /data/app/~~EkxMRlct1QKfCfnHyTjFRg==/org.proninyaroslav.libretorrent.debug-FMioUk8YZURWH9vwH05GZA==/base.apk!classes5.dex] (org.proninyaroslav.libretorrent.ui.addtorrent.AddTorrentViewModel.lambda$addTorrent$5$org-proninyaroslav-libretorrent-ui-addtorrent-AddTorrentViewModel+20)
      #16 pc 000000000001539c  [anon:dalvik-classes5.dex extracted in memory from /data/app/~~EkxMRlct1QKfCfnHyTjFRg==/org.proninyaroslav.libretorrent.debug-FMioUk8YZURWH9vwH05GZA==/base.apk!classes5.dex] (org.proninyaroslav.libretorrent.ui.addtorrent.AddTorrentViewModel$$ExternalSyntheticLambda5.run+12)

The solution is to check the pointer and return null bdecode_node if the pointer is null, for methods dict_find_*_ex, list_at, dict_at_node.

aldenml commented 1 year ago

I will look into this problem, but this file is auto-generated, so we need to find another solution.

proninyaroslav commented 1 year ago

I forgot that SWIG is used in the project, probably it's possible to describe the interface for code generation?

proninyaroslav commented 1 year ago

@aldenml 👋 Is there any good news about solving this problem?

aldenml commented 1 year ago

Hi @proninyaroslav still nothing, but I will look at it.

MuhammadBayiz commented 1 year ago

Any updates? I've been stuck on this for so long waiting for a fix

proninyaroslav commented 9 months ago

@aldenml Hi! Any news?

aldenml commented 9 months ago

Hi @proninyaroslav , hi :)

I looked a it and got close, but concluded it could take me a non-trivial amount of time to wrap up. Still no ETA.

proninyaroslav commented 9 months ago

@aldenml Thank you for still not giving up on this problem.

proninyaroslav commented 5 months ago

@aldenml Initially, I thought that SIGSEGV when calling dict_find_list_ex only if the dictonary key is not in bdecode (for example announce-list). But it turns out that SIGSEGV is raised even if dict_find_list_ex returns the correct bdecode object. For example, calling bdecode_node::list_size on this object will also rais SIGSEGV. It's very strange.

Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 7860 (Thread-13), pid 7751 (retorrent.debug)
Cmdline: org.proninyaroslav.libretorrent.debug
pid: 7751, tid: 7860, name: Thread-13  >>> org.proninyaroslav.libretorrent.debug <<<
      #00 pc 00000000004e258b  /data/app/~~NdgzqlpvdA_zPFCehZ-u9g==/org.proninyaroslav.libretorrent.debug-HZGrGgexkXsntScbKeq63Q==/base.apk!libtorrent4j.so (offset 0x479000) (BuildId: e8a7f9bbcc438c53202e53588fca979891cf4897)
      #01 pc 00000000004657ff  /data/app/~~NdgzqlpvdA_zPFCehZ-u9g==/org.proninyaroslav.libretorrent.debug-HZGrGgexkXsntScbKeq63Q==/base.apk!libtorrent4j.so (offset 0x479000) (Java_org_libtorrent4j_swig_libtorrent_1jni_bdecode_1node_1list_1size+15) (BuildId: e8a7f9bbcc438c53202e53588fca979891cf4897)
      #14 pc 0000000000014968  /data/data/org.proninyaroslav.libretorrent.debug/code_cache/.overlay/base.apk/classes12.dex (org.proninyaroslav.libretorrent.core.model.session.TorrentSessionImpl.extractTrackers+0)
      #20 pc 0000000000017af0  /data/data/org.proninyaroslav.libretorrent.debug/code_cache/.overlay/base.apk/classes12.dex (org.proninyaroslav.libretorrent.core.model.session.TorrentSessionImpl.mergeTorrent+0)
      #26 pc 0000000000015758  /data/data/org.proninyaroslav.libretorrent.debug/code_cache/.overlay/base.apk/classes12.dex (org.proninyaroslav.libretorrent.core.model.session.TorrentSessionImpl.addTorrent+0)
      #32 pc 000000000000bd48  <anonymous:7f28de7d4000> (org.proninyaroslav.libretorrent.core.model.TorrentEngine.addTorrentSync+0)
      #38 pc 00000000000175e4  <anonymous:7f28de70f000> (org.proninyaroslav.libretorrent.ui.addtorrent.AddTorrentViewModel.lambda$addTorrent$5+0)
      #44 pc 0000000000017170  <anonymous:7f28de70f000> (org.proninyaroslav.libretorrent.ui.addtorrent.AddTorrentViewModel.$r8$lambda$Ac_VEfLFHW8ule9GokjvWKj6DVg+0)
      #50 pc 0000000000015770  <anonymous:7f28de70f000> (org.proninyaroslav.libretorrent.ui.addtorrent.AddTorrentViewModel$$ExternalSyntheticLambda5.run+0)

var announceNode = node.dict_find_list_ex("announce-list");
if (announceNode == null) {
    return new ArrayList<>();
}
// SIGSEGV
var urls = new ArrayList<AnnounceEntry>(announceNode.list_size());
...

aldenml commented 5 months ago

Hi @proninyaroslav, I'm sorry I have unable to find some time to dedicate to this issue. I deduced a time ago that this is not a trivial issue, and I think it's related to a flaw on how SWIG generate the code for this particular structure. This is still on my TODO list.

proninyaroslav commented 5 months ago

@aldenml Is there a workaround? Early I used trackers() method, but it was removed from libtorren.

aldenml / libtorrent4j

Fix SIGSEGV in bdecode_node if the pointer is null #244