Package: transmission-daemon
Version: 2.84-0.2
Severity: normal
Tags: patch upstream fixed-upstream
Dear Maintainer,
transmission-daemon died on SIGSEGV (probably triggered by starting
torrent with webseed), backtrace seems same as in upstream ticket
https://trac.transmissionbt.com/ticket/5735
and it was fixed in upstream/trunk:
https://trac.transmissionbt.com/changeset/14319
I guess, it will be included in yet-to-be-released 2.90, upstream patch
attached.
Ticket suggests this bug affects other variants of transmission as well
(gtk and qt).
I don't see serious security implications (DoS at worst); but crashes
are annoying and fix is trivial, so maybe it worth fixing for next
jessie point release.
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages transmission-daemon depends on:
ii adduser 3.113+nmu3
ii init-system-helpers 1.22
ii libc6 2.19-18
ii libcurl3-gnutls 7.38.0-4+deb8u2
ii libevent-2.0-5 2.0.21-stable-2
ii libminiupnpc10 1.9.20140610-2
ii libnatpmp1 20110808-3
ii libssl1.0.0 1.0.1k-3+deb8u1
ii libsystemd0 215-17+deb8u1
ii lsb-base 4.1+Debian13+nmu1
ii transmission-common 2.84-0.2
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages transmission-daemon recommends:
ii transmission-cli 2.84-0.2
transmission-daemon suggests no packages.
-- Configuration Files:
/etc/transmission-daemon/settings.json [Errno 13] Permission denied:
u'/etc/transmission-daemon/settings.json'
-- no debconf information
(gdb) bt
#0 node_alloc () at list.c:43
#1 0xf7788d5d in tr_list_append (list=0xf77ea7a4 <paused_easy_handles>,
data=0xf3894a18) at list.c:99
#2 0xf777b337 in writeFunc (ptr=0xf38f9208, size=1, nmemb=16384,
vtask=0xf6359e00)
at web.c:127
#3 0xf763a943 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#4 0xf764fc01 in curl_easy_pause () from
/usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#5 0xf777b80b in tr_webThreadFunc (vsession=0xf8f8ae80) at web.c:448
#6 0xf775fac9 in ThreadFunc (_t=0xf6316218) at platform.c:105
#7 0xf73ffefb in start_thread (arg=0xf62ffb40) at pthread_create.c:309
#8 0xf733862e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:129
(gdb) p ret
$1 = (tr_list *) 0x0
(gdb) p recycled_nodes
$2 = (tr_list *) 0x0
--- a/libtransmission/list.c (revision 14318)
+++ b/libtransmission/list.c (revision 14319)
@@ -30,20 +30,24 @@
static tr_list*
node_alloc (void)
{
- tr_list * ret;
+ tr_list * ret = NULL;
+ tr_lock * lock = getRecycledNodesLock ();
- if (recycled_nodes == NULL)
+ tr_lockLock (lock);
+
+ if (recycled_nodes != NULL)
{
- ret = tr_new (tr_list, 1);
- }
- else
- {
- tr_lockLock (getRecycledNodesLock ());
ret = recycled_nodes;
recycled_nodes = recycled_nodes->next;
- tr_lockUnlock (getRecycledNodesLock ());
}
+ tr_lockUnlock (lock);
+
+ if (ret == NULL)
+ {
+ ret = tr_new (tr_list, 1);
+ }
+
*ret = TR_LIST_CLEAR;
return ret;
}
@@ -51,13 +55,15 @@
static void
node_free (tr_list* node)
{
+ tr_lock * lock = getRecycledNodesLock ();
+
if (node != NULL)
{
*node = TR_LIST_CLEAR;
- tr_lockLock (getRecycledNodesLock ());
+ tr_lockLock (lock);
node->next = recycled_nodes;
recycled_nodes = node;
- tr_lockUnlock (getRecycledNodesLock ());
+ tr_lockUnlock (lock);
}
}
