search

anacrolix / torrent

Full-featured BitTorrent client package and utilities
Mozilla Public License 2.0
5.41k stars 617 forks source link

panic: runtime error: index out of range #791

Closed JaskaranSM closed 1 year ago

JaskaranSM commented 1 year ago 
panic: runtime error: index out of range [3581935998] with length 713

goroutine 8279048 [running]:
github.com/anacrolix/torrent.(*Torrent).haveChunk(0x4004c1d500, {0x15cb1ee?, {0x0?, 0xa?}})
    /root/go/pkg/mod/github.com/anacrolix/torrent@v1.47.0/torrent.go:1059 +0xb0
github.com/anacrolix/torrent.(*Peer).receiveChunk(0x4003eb7600, 0x4005c46380)
    /root/go/pkg/mod/github.com/anacrolix/torrent@v1.47.0/peerconn.go:1475 +0x360
github.com/anacrolix/torrent.(*PeerConn).mainReadLoop(0x4003eb7600)
    /root/go/pkg/mod/github.com/anacrolix/torrent@v1.47.0/peerconn.go:1255 +0x7d4
github.com/anacrolix/torrent.(*Client).runHandshookConn(0x4000434900, 0x4003eb7600, 0x4004c1d500)
    /root/go/pkg/mod/github.com/anacrolix/torrent@v1.47.0/client.go:994 +0x3d4
github.com/anacrolix/torrent.(*Torrent).logRunHandshookConn(0x4004c1d500, 0x4004c1d500?, 0x0, {0x10?})
    /root/go/pkg/mod/github.com/anacrolix/torrent@v1.47.0/torrent.go:1615 +0x40
github.com/anacrolix/torrent.(*Torrent).runHandshookConnLoggingErr(...)
    /root/go/pkg/mod/github.com/anacrolix/torrent@v1.47.0/torrent.go:1622
github.com/anacrolix/torrent.(*Client).outgoingConnection(0x4000434900, 0x7ae08?, {0x1992a60?, 0x40012298e0}, {0x19818e8, 0x1}, 0x0)
    /root/go/pkg/mod/github.com/anacrolix/torrent@v1.47.0/client.go:797 +0x2f4
created by github.com/anacrolix/torrent.(*Torrent).initiateConn
    /root/go/pkg/mod/github.com/anacrolix/torrent@v1.47.0/torrent.go:2269 +0x21c

Download Progress:

redacted - Downloading
[████████████▍] 99.86% , 5.6 GB of 5.6 GB at 4.0 MB/s, ETA: 1s | P: 32 | S: 30
GID: tNvxaWunEvdmvfyZ

Magnet:

magnet:?xt=urn:btih:84a20aee547571c244384d864979d65729ae740f&dn=The.Peripheral.S01E07.2160p.AMZN.WEB-DL.x265.8bit.SDR.DDP5.1-NTb%5Brartv%5D&tr=http%3A%2F%2Ftracker.trackerfix.com%3A80%2Fannounce&tr=udp%3A%2F%2F9.rarbg.me%3A2840&tr=udp%3A%2F%2F9.rarbg.to%3A2760&tr=udp%3A%2F%2Ftracker.thinelephant.org%3A12710&tr=udp%3A%2F%2Ftracker.slowcheetah.org%3A14740

I was checking the progress for this one it was going to 100% and 98.86% back and forth, In client.WriteStatus, I saw it had one piece missing and maybe it is getting it from the peers but the verification was failing thats why it was retrying. Just a wild guess. After some time I saw this panic. Interesting thing here is that panic happened on length 713 which also the total piece count for this torrent.

redacted
99.956708% of 5979625072 bytes (6.0 GB)
Infohash: 84a20aee547571c244384d864979d65729ae740f
Metadata length: 14526
Piece length: 8388608 (512 chunks)
Num Pieces: 713 (712 completed)
Piece States: 382C 1.P 330C
Piece availability frequency: 34: 713
anacrolix commented 1 year ago

Thanks! Looks like an unsanitized input from a peer.

anacrolix commented 1 year ago

This looks related to https://github.com/anacrolix/torrent/issues/788.

The other issue didn't provide any actual values, but this one does. I suspect that overflow could be occuring during conversion between request struct and request indexes that is able to slip through the existing validity checks. I've added extra checks before that conversion occurs that should handle overflow. See f75989863cfc4abfc14c1b4ab9a634437569ef27.

JaskaranSM commented 1 year ago

Thanks, looks like fixed now :)