On Tue, 15 Jun 2016, Daniel Stenberg via curl-library wrote:

> Ah right. But isn't the root of this problem that sftp_libssh2_realpath() on
> ssh.c:1145 returns a zero? Then libcurl doesn't clone the homedir and it
> remains a NULL pointre that then subsequently is dereferenced.

> What about this fix to avoid that:

> }
> - else if(rc > 0) {
> + else if(rc >= 0) {

I am very sorry that I had incorrect observation of the rc value.
It's timeout but error code is not set.
So this fix won't work.

The root cause is indeed in libssh2.
I will report this to libssh2 development team.

And it would be more robust if crash can be avoided.

1169 state(conn, SSH_STOP);
(gdb) bt
#0 ssh_statemach_act (conn=0x7f1244013208, block=0x7f12d9ffa663) at ssh.c:1169
#1 0x00007f136d004377 in ssh_multi_statemach (conn=0x7f1244013208, done=0x7f12d9ffa6f4) at ssh.c:2810
#2 0x00007f136cfd6dc8 in Curl_protocol_connecting (conn=0x7f1244013208, done=0x7f12d9ffa6f4) at url.c:3659

(gdb) p rc
$7 = -9 //#define LIBSSH2_ERROR_TIMEOUT -9 in libssh2.h
(gdb) p err
$8 = 0
(gdb) p result
$9 = CURLE_OK
(gdb)

Huo Jiachuan

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-06-16