-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VPN-6268 - Fix ping Event Ready #9312
Conversation
@@ -493,7 +493,7 @@ QString WindowsSplitTunnel::convertPath(const QString& path) { | |||
// device should contain : for e.g C: | |||
return ""; | |||
} | |||
QByteArray buffer(2048, 0xFF); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given we now compile with warnings as errors, my MSVC compiler complained about the static type casting.
emit recvPing(sequence); | ||
// We only allocated for one reply, so more should be impossible. | ||
if (replyCount != 1){ | ||
logger.error() << "Invalid amount of responses recieved"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
logger.error() << "Invalid amount of responses recieved"; | |
logger.error() << "Invalid amount of responses received"; |
|
||
#pragma pack(push, 1) | ||
struct ICMP_ECHO_REPLY_BUFFER { | ||
ICMP_ECHO_REPLY reply; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I filed a comment about it in the JIRA issue, but I think we should also switch out the ICMP_ECHO_REPLY
struct with an ICMP_ECHO_REPLY32
as per the IcmpParseReplies documentation. It seems there is some 32/64-bit backwards compatibility issue around the Data
pointer.
My guess as to the cause of the crash is that for whatever reason the Windows kernel is writing a 32-bit pointer into memory, but because we interpret the struct as a ICMP_ECHO_REPLY
the client interprets the pointer as being 64-bits, and it just so happens to work fine when the top bits are zero, but crashes otherwise.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or better yet, check if the compiler macros are targeting a 64-bit system and make this an ICMP_ECHO_REPLY
or ICMP_ECHO_REPLY32
as appropriate.
00755d8
to
f2e3dd3
Compare
Co-authored-by: Beatriz Rizental <[email protected]>
Ugh this is an ugly one?
So the crash is happening in
With a
EXE_BAD_ACCESS
, soreplies[i].Data
is pointing to something wierd. Given that i cannot reproduce this, i'm trying to fix things that could theoretically have this point to a bad thing.ICMP_ECHO_REPLY
, however that is not really the shape of the thing in memory.I was wondering wherereplies[0 ... replyCount].Data
points and who owns the memory. We'll it is in our buffer! That's why the docs specifically asks us to allocate at leastsizeof(ICMP_ECHO_REPLY) +WindowsPingPayloadSize + ICMP_ERR_SIZE + sizeof(IO_STATUS_BLOCK);
bytes.-> With only 1 Possible Ping in the Struct, we know the position of the sequence in the buffer, so we can clearly just assert that the icmp ping points to that and use the data, no memcpy needed. Worst case here, it's 0 given we cleared it before causing a ping timeout but not a crash :)