FileZilla crashes while processing a queue

[Jason Mount]

FileZilla Client 3.1.5.1
Windows XP MCE 2002 + SP3

The client crashes reproducably while processing a large queue. Every time I start running my queue when I come back to the system, it has crashed.

I couldn't locate any symbols for FileZilla.

I have attached a minidump, and I have a full process dump I extracted it from if you need it.

================== !analyze -v ====================
FAULTING_IP:
filezilla+528329
00928329 8b02 mov eax,dword ptr [edx]

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00928329 (filezilla+0x00528329)

ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2

Parameter[0]: 00000000
Parameter[1]: 00000004

Attempt to read from address 00000004

DEFAULT_BUCKET_ID: INVALID_POINTER_READ

PROCESS_NAME: filezilla.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS: 00000004

FAULTING_THREAD: 00001158

PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ

BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ

LAST_CONTROL_TRANSFER: from 005540e7 to 00928329

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
0022f4f0 005540e7 0022f57c 00000004 0022f530 filezilla+0x528329
0022f510 0055dcd4 0022f57c 00000000 0022f83c filezilla+0x1540e7
0022f5d0 0055e3e6 01573b90 0022f83c 0055e1d6 filezilla+0x15dcd4
0022f770 00546b4d 01573b90 0022f83c 00000001 filezilla+0x15e3e6
0022f7a0 004c30c0 01573b90 0022f83c 00000000 filezilla+0x146b4d
0022f950 004c3dfe 0157be18 013effa0 00000001 filezilla+0xc30c0
0022f9d0 004c423f 0157be18 013effa0 040f6360 filezilla+0xc3dfe
0022fa00 004c436f 0157be18 013effa0 040f6360 filezilla+0xc423f
0022fa20 0081c0ef 0157be18 015a1230 004c4300 filezilla+0xc436f
0022fa50 0081c900 00aad320 0157be18 015a1230 filezilla+0x41c0ef
0022fa80 0081cc3b 00aad2ec 015a1230 0157be18 filezilla+0x41c900
0022faa0 0081ceff 0157be18 015a1230 015a1230 filezilla+0x41cc3b
0022fb10 00857305 0157be18 0404d498 01383420 filezilla+0x41ceff
0022fb30 00911960 013831c8 00911949 0003016f filezilla+0x457305
0022fb50 7e42b372 00000000 00000001 0022fbec filezilla+0x511960
0022fb6c 7e42b317 00030000 00000001 0022fbec user32!DispatchHookW+0x31
0022fba8 7e4278d0 0022fbdc 0022fbec 0022fc08 user32!CallHookWithSEH+0x21
0022fbcc 7c90e453 0022fbdc 00000030 00030000 user32__fnHkINLPMSG+0x25
0022fc08 7e4191be 7e4191f1 0022fc90 00000000 ntdllKiUserCallbackDispatcher+0x13
0022fc28 007cceb8 0022fc90 00000000 00000000 user32NtUserGetMessage+0xc
0022fcb8 007d1724 01592760 00400000 0022fd28 filezilla+0x3cceb8
0022fd28 00773c8a 01592760 00320035 0022fda8 filezilla+0x3d1724
0022fda8 008933b7 013831c8 003f6ad8 00aaa010 filezilla+0x373c8a
0022fe08 00771e89 0022fea8 003f6ad8 00000001 filezilla+0x4933b7
0022feb8 0042c1ab 00400000 00000000 00252356 filezilla+0x371e89
0022fed8 008e4719 00400000 00000000 00252356 filezilla+0x2c1ab
0022ff58 004010a7 004012f0 009b3b94 0022ff78 filezilla+0x4e4719
0022ffa0 00401123 00000002 aefa2d08 7c90dc9c filezilla+0x10a7
0022ffc0 7c817067 00320035 00360034 7ffd9000 filezilla+0x1123
0022fff0 00000000 00401110 00000000 00000000 kernel32BaseProcessStart+0x23

STACK_COMMAND: ~0s; .ecxr ; kb

FOLLOWUP_IP:
filezilla+528329
00928329 8b02 mov eax,dword ptr [edx]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: filezilla+528329

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: filezilla

IMAGE_NAME: filezilla.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 491ef087

FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_filezilla.exe!Unknown

BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_READ_filezilla+528329

Followup: MachineOwner

[Jason Mount]

Minidump of the crash

[Jason Mount]

2nd Minidump of an identical crash

[Tim Kosse]

Unfortunately there are no debugging symbols, the binaries do get created using MinGW.

Can you reproduce the crash with older versions?

Can you reproduce the crash on a fresh Windows installation without any other third party programs installed? (Especially not firewalls)

[Jason Mount]

I would really consider generating symbols.

Yes I was able to reproduce it with 3.1.1.1; it had the exact same behavior. I have been using filezilla for some time and haven't seen this problem, but I haven't had a queue this large before.

My Queue now has about 1200 4MB files, it started out as round 7,000 files. I have exported the queue and when it crashes, I restart and import again. It has processed anywhere from tens of files to several hundres of files before crashing.

I'm not running any third party firewalls. I have VMWare, I'll try to get a VM set up to test on a clean XP install.

Here is the crash analysis for 3.1.1.1:

FAULTING_IP:
filezilla+510379
00910379 8b02 mov eax,dword ptr [edx]

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00910379 (filezilla+0x00510379)

ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2

Parameter[0]: 00000000
Parameter[1]: 00000004

Attempt to read from address 00000004

DEFAULT_BUCKET_ID: INVALID_POINTER_READ

PROCESS_NAME: filezilla.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS: 00000004

NTGLOBALFLAG: 0

APPLICATION_VERIFIER_FLAGS: 0

FAULTING_THREAD: 000039e8

PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ

BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ

LAST_CONTROL_TRANSFER: from 005480c7 to 00910379

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
0022f4f0 005480c7 0022f57c 00000004 0022f530 filezilla+0x510379
0022f510 00554cf4 0022f57c 00000000 00000001 filezilla+0x1480c7
0022f5d0 00555246 01545a80 0022f834 00555036 filezilla+0x154cf4
0022f770 0053b98d 01545a80 0022f834 00000001 filezilla+0x155246
0022f7a0 004b5782 01545a80 0022f834 00000000 filezilla+0x13b98d
0022f950 004bb44e 01558a58 02243348 0139c9c8 filezilla+0xb5782
0022f9d0 004bb88f 01558a58 02243348 0153b820 filezilla+0xbb44e
0022fa00 004bb9bf 01558a58 02243348 0153b820 filezilla+0xbb88f
0022fa20 008047bf 01558a58 016ae548 004bb950 filezilla+0xbb9bf
0022fa50 00804fd0 00a94ef0 01558a58 016ae548 filezilla+0x4047bf
0022fa80 0080530b 00a94ebc 016ae548 01558a58 filezilla+0x404fd0
0022faa0 008055cf 01558a58 016ae548 016ae548 filezilla+0x40530b
0022fb10 0083f9d5 01558a58 015de528 013730d8 filezilla+0x4055cf
0022fb30 008f9b00 01372e80 006ebe90 0154f0b8 filezilla+0x43f9d5
0022fb50 7e42b372 00000000 00000001 0022fbec filezilla+0x4f9b00
0022fb6c 7e42b317 00030000 00000001 0022fbec user32!DispatchHookW+0x31
0022fba8 7e4278d0 0022fbdc 0022fbec 0022fc08 user32!CallHookWithSEH+0x21
0022fbcc 7c90e453 0022fbdc 00000030 00030000 user32__fnHkINLPMSG+0x25
0022fc08 7e4191be 7e4191f1 0022fc90 00000000 ntdllKiUserCallbackDispatcher+0x13
0022fc28 007b5828 0022fc90 00000000 00000000 user32NtUserGetMessage+0xc
0022fcb8 007ba094 01543ed8 00400000 0022fd28 filezilla+0x3b5828
0022fd28 0075c6ba 01543ed8 80000001 0022fda8 filezilla+0x3ba094
0022fda8 0087ba87 01372e80 003f6b10 00a92010 filezilla+0x35c6ba
0022fe08 0075a8b9 0022fea8 003f6b10 00000001 filezilla+0x47ba87
0022feb8 00429a6b 00400000 00000000 0025235e filezilla+0x35a8b9
0022fed8 008ccde9 00400000 00000000 0025235e filezilla+0x29a6b
0022ff58 004010a7 004012f0 0099c2d4 0022ff78 filezilla+0x4ccde9
0022ffa0 00401123 00000002 8058b9b5 7c90dc9c filezilla+0x10a7
0022ffc0 7c817067 80000001 00fada84 7ffdf000 filezilla+0x1123
0022fff0 00000000 00401110 00000000 78746341 kernel32BaseProcessStart+0x23

STACK_COMMAND: ~0s; .ecxr ; kb

FOLLOWUP_IP:
filezilla+510379
00910379 8b02 mov eax,dword ptr [edx]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: filezilla+510379

FOLLOWUP_NAME: MachineOwner

[Tim Kosse]

I've created some test binaries with debugging symbols: ​http://filezilla-project.org/nightlies2/2008-11-15/i586-mingw32msvc/FileZilla_3_setup.exe
Since the executable is 88 MiB large, I hope you can understand why I usually do not include the debugging symbols, they are huge.

Note that the symbols are in a non-proprietary format Windows does not understand.

You need to run FileZilla using GDB: ​http://downloads.sourceforge.net/mingw/gdb-6.8-mingw-3.tar.bz2?modtime=1208982015&big_mirror=1
Extract the executable into the FileZilla directory and start it. Type the following:
file filezilla.exe
run

When it crashes, enter this:
bt

[Jason Mount]

The executable was normal sized, I assume the correct URL is:
​http://filezilla-project.org/nightlies2/2008-11-23/i586-mingw32msvc/FileZilla_3_setup.exe

I'm running it now.

[Tim Kosse]

Ah sorry, you are right, the 2008-11-23 is the correct one.

[Jason Mount]

This is the output of GDB:

Program received signal SIGSEGV, Segmentation fault.
0x00927bc9 in CServer (this=0x22f57c) at /home/nightlybuild/buildroot/packages/FileZilla3/src/interface/../include/server.h:57
57      /home/nightlybuild/buildroot/packages/FileZilla3/src/interface/../include/server.h: No such file or directory.
        in /home/nightlybuild/buildroot/packages/FileZilla3/src/interface/../include/server.h
Current language:  auto; currently c++
(gdb) bt
#0  0x00927bc9 in CServer (this=0x22f57c) at /home/nightlybuild/buildroot/packages/FileZilla3/src/interface/../include/server.h:57
#1  0x00927bc9 in CServer (this=0x22f57c) at /home/nightlybuild/buildroot/packages/FileZilla3/src/interface/../include/server.h:57
Backtrace stopped: frame did not save the PC
(gdb)

I still have the gdb session open, so let me know what other commands to try. Sorry I'm not very proficient with GDB.

[Jason Mount]

I managed to use a crash dump from Windows to get the stack and gdb to examine the symbols to get a picture of the crash. If you need more you can use gdb to explore the symbols your self.

Hopefully this will help.

FAULTING_IP: 
filezilla+527bc9
00927bc9 8b02            mov     eax,dword ptr [edx]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00927bc9 (filezilla+0x00527bc9)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000004
Attempt to read from address 00000004

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ

PROCESS_NAME:  filezilla.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS:  00000004 

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

FAULTING_THREAD:  00000948

PRIMARY_PROBLEM_CLASS:  INVALID_POINTER_READ

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_READ

LAST_CONTROL_TRANSFER:  from 00555477 to 00927bc9

STACK_TEXT:  
ChildEBP RetAddr  Args to Child
0022f4f0 00555477 0022f57c 00000004 0022f530 filezilla+0x527bc9
0022f510 0055fc74 0022f57c 00000000 00000001 filezilla+0x155477
0022f5d0 00560386 06341d18 0022f83c 00560176 filezilla+0x15fc74
0022f770 00547edd 06341d18 0022f83c 00000001 filezilla+0x160386
0022f7a0 004c3460 06341d18 0022f83c 00000000 filezilla+0x147edd
0022f950 004c419e 06147598 06341cb0 063d8258 filezilla+0xc3460
0022f9d0 004c45df 06147598 06341cb0 07ed3df8 filezilla+0xc419e
0022fa00 004c470f 06147598 06341cb0 07ed3df8 filezilla+0xc45df
0022fa20 0081ba0f 06147598 0647ba98 004c46a0 filezilla+0xc470f
0022fa50 0081c220 00aac320 06147598 0647ba98 filezilla+0x41ba0f
0022fa80 0081c55b 00aac2ec 0647ba98 06147598 filezilla+0x41c220
0022faa0 0081c81f 06147598 0647ba98 0647ba98 filezilla+0x41c55b
0022fb10 00856c25 06147598 063f9fe8 06143530 filezilla+0x41c81f
0022fb30 00911210 061432d8 00702c70 06337618 filezilla+0x456c25
0022fb50 7e42b372 00000000 00000001 0022fbec filezilla+0x511210
0022fb6c 7e42b317 00030000 00000001 0022fbec user32!DispatchHookW+0x31
0022fba8 7e4278d0 0022fbdc 0022fbec 0022fc08 user32!CallHookWithSEH+0x21
0022fbcc 7c90e453 0022fbdc 00000030 00030000 user32!__fnHkINLPMSG+0x25
0022fc08 7e4191be 7e4191f1 0022fc90 00000000 ntdll!KiUserCallbackDispatcher+0x13
0022fc28 007cc798 0022fc90 00000000 00000000 user32!NtUserGetMessage+0xc
0022fcb8 007d1004 0632c840 00400000 0022fd28 filezilla+0x3cc798
0022fd28 0077356a 0632c840 80000001 0022fda8 filezilla+0x3d1004
0022fda8 00892cd7 061432d8 003ffff8 00aa9010 filezilla+0x37356a
0022fe08 00771769 0022fea8 003ffff8 00000001 filezilla+0x492cd7
0022feb8 0042c53b 00400000 00000000 0025234a filezilla+0x371769
0022fed8 008e4039 00400000 00000000 0025234a filezilla+0x2c53b
0022ff58 004010a7 004012f0 009b2ad4 0022ff78 filezilla+0x4e4039
0022ffa0 00401123 00000002 adf8ed08 7c90dc9c filezilla+0x10a7
0022ffc0 7c817067 80000001 01eeda84 7ffd7000 filezilla+0x1123
0022fff0 00000000 00401110 00000000 78746341 kernel32!BaseProcessStart+0x23

0:000> u filezilla+0x527bc9
filezilla+0x527bc9:
00927bc9 8b02            mov     eax,dword ptr [edx]
00927bcb 83c410          add     esp,10h
00927bce 8901            mov     dword ptr [ecx],eax
00927bd0 8b4204          mov     eax,dword ptr [edx+4]
00927bd3 8b5208          mov     edx,dword ptr [edx+8]
00927bd6 894104          mov     dword ptr [ecx+4],eax
00927bd9 8b42f8          mov     eax,dword ptr [edx-8]
00927bdc 85c0            test    eax,eax

(gdb) info symbol 0x927bc9
CServer::CServer(CServer const&) + 57 in section .text
(gdb) disas 0x927bc9
Dump of assembler code for function CServer:
0x00927b90 <CServer+0>: push   %ebp
0x00927b91 <CServer+1>: mov    %esp,%ebp
0x00927b93 <CServer+3>: push   %edi
0x00927b94 <CServer+4>: push   %esi
0x00927b95 <CServer+5>: push   %ebx
0x00927b96 <CServer+6>: sub    $0x5c,%esp
0x00927b99 <CServer+9>: lea    -0xc(%ebp),%eax
0x00927b9c <CServer+12>:        mov    %esp,-0x18(%ebp)
0x00927b9f <CServer+15>:        sub    $0xc,%esp
0x00927ba2 <CServer+18>:        mov    %eax,-0x20(%ebp)
0x00927ba5 <CServer+21>:        lea    -0x40(%ebp),%eax
0x00927ba8 <CServer+24>:        push   %eax
0x00927ba9 <CServer+25>:        movl   $0x9b25b0,-0x28(%ebp)
0x00927bb0 <CServer+32>:        movl   $0x9b346a,-0x24(%ebp)
0x00927bb7 <CServer+39>:        movl   $0x927e29,-0x1c(%ebp)
0x00927bbe <CServer+46>:        call   0x8e4560 <_Unwind_SjLj_Register>
0x00927bc3 <CServer+51>:        mov    0xc(%ebp),%edx
0x00927bc6 <CServer+54>:        mov    0x8(%ebp),%ecx
0x00927bc9 <CServer+57>:        mov    (%edx),%eax
0x00927bcb <CServer+59>:        add    $0x10,%esp
0x00927bce <CServer+62>:        mov    %eax,(%ecx)
0x00927bd0 <CServer+64>:        mov    0x4(%edx),%eax
0x00927bd3 <CServer+67>:        mov    0x8(%edx),%edx
0x00927bd6 <CServer+70>:        mov    %eax,0x4(%ecx)
0x00927bd9 <CServer+73>:        mov    -0x8(%edx),%eax
0x00927bdc <CServer+76>:        test   %eax,%eax


0:000> u filezilla+0x155477
filezilla+0x155477:
00555477 89d8            mov     eax,ebx
00555479 8b5dfc          mov     ebx,dword ptr [ebp-4]
0055547c c9              leave
0055547d c20400          ret     4
00555480 55              push    ebp
00555481 89e5            mov     ebp,esp
00555483 57              push    edi
00555484 56              push    esi

(gdb) info symbol 0x555477
CConnectCommand::GetServer() const + 23 in section .text
(gdb) disas 0x555477
Dump of assembler code for function _ZNK15CConnectCommand9GetServerEv:
0x00555460 <_ZNK15CConnectCommand9GetServerEv+0>:       push   %ebp
0x00555461 <_ZNK15CConnectCommand9GetServerEv+1>:       mov    %esp,%ebp
0x00555463 <_ZNK15CConnectCommand9GetServerEv+3>:       push   %ebx
0x00555464 <_ZNK15CConnectCommand9GetServerEv+4>:       sub    $0xc,%esp
0x00555467 <_ZNK15CConnectCommand9GetServerEv+7>:       mov    0xc(%ebp),%eax
0x0055546a <_ZNK15CConnectCommand9GetServerEv+10>:      mov    0x8(%ebp),%ebx
0x0055546d <_ZNK15CConnectCommand9GetServerEv+13>:      add    $0x4,%eax
0x00555470 <_ZNK15CConnectCommand9GetServerEv+16>:      push   %eax
0x00555471 <_ZNK15CConnectCommand9GetServerEv+17>:      push   %ebx
0x00555472 <_ZNK15CConnectCommand9GetServerEv+18>:      call   0x927b90 <CServer>
0x00555477 <_ZNK15CConnectCommand9GetServerEv+23>:      mov    %ebx,%eax
0x00555479 <_ZNK15CConnectCommand9GetServerEv+25>:      mov    -0x4(%ebp),%ebx
0x0055547c <_ZNK15CConnectCommand9GetServerEv+28>:      leave
0x0055547d <_ZNK15CConnectCommand9GetServerEv+29>:      ret    $0x4
End of assembler dump.


0:000> u filezilla+0x15fc74
filezilla+0x15fc74:
0055fc74 8d45ac          lea     eax,[ebp-54h]
0055fc77 c78574ffffff04000000 mov dword ptr [ebp-8Ch],4
0055fc81 890424          mov     dword ptr [esp],eax
0055fc84 8b4508          mov     eax,dword ptr [ebp+8]
0055fc87 50              push    eax
0055fc88 e8d3dfffff      call    filezilla+0x15dc60 (0055dc60)
0055fc8d 83c410          add     esp,10h
0055fc90 898568ffffff    mov     dword ptr [ebp-98h],eax

(gdb) info symbol 0x55fc74
CFileZillaEnginePrivate::ContinueConnect() + 132 in section .text
(gdb) disas 0x55fc74
Dump of assembler code for function _ZN23CFileZillaEnginePrivate15ContinueConnectEv:
<snip>
0x0055fc74 <_ZN23CFileZillaEnginePrivate15ContinueConnectEv+132>:       lea    -0x54(%ebp),%eax
0x0055fc77 <_ZN23CFileZillaEnginePrivate15ContinueConnectEv+135>:       movl   $0x4,-0x8c(%ebp)
0x0055fc81 <_ZN23CFileZillaEnginePrivate15ContinueConnectEv+145>:       mov    %eax,(%esp)
0x0055fc84 <_ZN23CFileZillaEnginePrivate15ContinueConnectEv+148>:       mov    0x8(%ebp),%eax
0x0055fc87 <_ZN23CFileZillaEnginePrivate15ContinueConnectEv+151>:       push   %eax
0x0055fc88 <_ZN23CFileZillaEnginePrivate15ContinueConnectEv+152>:       call   0x55dc60 <_ZN23CFileZillaEnginePrivate26GetRemainingReconnectDelayERK7CServer>
0x0055fc8d <_ZN23CFileZillaEnginePrivate15ContinueConnectEv+157>:       add    $0x10,%esp
0x0055fc90 <_ZN23CFileZillaEnginePrivate15ContinueConnectEv+160>:       mov    %eax,-0x98(%ebp)

0:000> u filezilla+0x160386
filezilla+0x160386:
00560386 83c410          add     esp,10h
00560389 898588feffff    mov     dword ptr [ebp-178h],eax
0056038f e9f1fdffff      jmp     filezilla+0x160185 (00560185)
00560394 83c50c          add     ebp,0Ch
00560397 8b85a4feffff    mov     eax,dword ptr [ebp-15Ch]
0056039d 8b95a8feffff    mov     edx,dword ptr [ebp-158h]
005603a3 899584feffff    mov     dword ptr [ebp-17Ch],edx
005603a9 83f801          cmp     eax,1

(gdb) info symbol 0x560386
CFileZillaEnginePrivate::Connect(CConnectCommand const&) + 646 in section .text
(gdb) disas 0x560386
Dump of assembler code for function _ZN23CFileZillaEnginePrivate7ConnectERK15CConnectCommand:
<snip>
0x00560386 <_ZN23CFileZillaEnginePrivate7ConnectERK15CConnectCommand+646>:      add    $0x10,%esp
0x00560389 <_ZN23CFileZillaEnginePrivate7ConnectERK15CConnectCommand+649>:      mov    %eax,-0x178(%ebp)
0x0056038f <_ZN23CFileZillaEnginePrivate7ConnectERK15CConnectCommand+655>:      jmp    0x560185 <_ZN23CFileZillaEnginePrivate7ConnectERK15CConnectCommand+133>
0x00560394 <_ZN23CFileZillaEnginePrivate7ConnectERK15CConnectCommand+660>:      add    $0xc,%ebp
0x00560397 <_ZN23CFileZillaEnginePrivate7ConnectERK15CConnectCommand+663>:      mov    -0x15c(%ebp),%eax
0x0056039d <_ZN23CFileZillaEnginePrivate7ConnectERK15CConnectCommand+669>:      mov    -0x158(%ebp),%edx
0x005603a3 <_ZN23CFileZillaEnginePrivate7ConnectERK15CConnectCommand+675>:      mov    %edx,-0x17c(%ebp)
0x005603a9 <_ZN23CFileZillaEnginePrivate7ConnectERK15CConnectCommand+681>:      cmp    $0x1,%eax


0:000> u filezilla+0x147edd
filezilla+0x147edd:
00547edd 83c410          add     esp,10h
00547ee0 89c3            mov     ebx,eax
00547ee2 e90effffff      jmp     filezilla+0x147df5 (00547df5)
00547ee7 f6c340          test    bl,40h
00547eea 0f94c0          sete    al
00547eed 25ff000000      and     eax,0FFh
00547ef2 f7d8            neg     eax
00547ef4 21c3            and     ebx,eax

(gdb) info symbol 0x547edd
CFileZillaEngine::Command(CCommand const&) + 349 in section .text
(gdb) disas 0x547edd
Dump of assembler code for function _ZN16CFileZillaEngine7CommandERK8CCommand:
<snip>
0x00547ed8 <_ZN16CFileZillaEngine7CommandERK8CCommand+344>:     call   0x560100 <_ZN23CFileZillaEnginePrivate7ConnectERK15CConnectCommand>
0x00547edd <_ZN16CFileZillaEngine7CommandERK8CCommand+349>:     add    $0x10,%esp
0x00547ee0 <_ZN16CFileZillaEngine7CommandERK8CCommand+352>:     mov    %eax,%ebx
0x00547ee2 <_ZN16CFileZillaEngine7CommandERK8CCommand+354>:     jmp    0x547df5 <_ZN16CFileZillaEngine7CommandERK8CCommand+117>
0x00547ee7 <_ZN16CFileZillaEngine7CommandERK8CCommand+359>:     test   $0x40,%bl
0x00547eea <_ZN16CFileZillaEngine7CommandERK8CCommand+362>:     sete   %al
0x00547eed <_ZN16CFileZillaEngine7CommandERK8CCommand+365>:     and    $0xff,%eax
0x00547ef2 <_ZN16CFileZillaEngine7CommandERK8CCommand+370>:     neg    %eax
0x00547ef4 <_ZN16CFileZillaEngine7CommandERK8CCommand+372>:     and    %eax,%ebx
0x00547ef6 <_ZN16CFileZillaEngine7CommandERK8CCommand+374>:     jmp    0x547e24 <_ZN16CFileZillaEngine7CommandERK8CCommand+164>
End of assembler dump.



0:000> u filezilla+0xc3460
filezilla+0xc3460:
004c3460 89857cfeffff    mov     dword ptr [ebp-184h],eax
004c3466 8d85f0feffff    lea     eax,[ebp-110h]
004c346c 890424          mov     dword ptr [esp],eax
004c346f c785ecfeffffa801a900 mov dword ptr [ebp-114h],offset filezilla+0x6901a8 (00a901a8)
004c3479 e8c24a4600      call    filezilla+0x527f40 (00927f40)
004c347e 83c410          add     esp,10h
004c3481 c785ecfeffffd849aa00 mov dword ptr [ebp-114h],offset filezilla+0x6a49d8 (00aa49d8)
004c348b 83bd7cfeffff01  cmp     dword ptr [ebp-184h],1


0:000> u filezilla+0xc419e
filezilla+0xc419e:
004c419e 83c410          add     esp,10h
004c41a1 e99dfbffff      jmp     filezilla+0xc3d43 (004c3d43)
004c41a6 50              push    eax
004c41a7 6a01            push    1
004c41a9 e9a2fcffff      jmp     filezilla+0xc3e50 (004c3e50)
004c41ae 50              push    eax
004c41af 50              push    eax
004c41b0 8d4210          lea     eax,[edx+10h]


0:000> u filezilla+0xc45df
filezilla+0xc45df:
004c45df 83c410          add     esp,10h
004c45e2 e959ffffff      jmp     filezilla+0xc4540 (004c4540)
004c45e7 83ec0c          sub     esp,0Ch
004c45ea 8b8764020000    mov     eax,dword ptr [edi+264h]
004c45f0 50              push    eax
004c45f1 e86ae9faff      call    filezilla+0x72f60 (00472f60)
004c45f6 83c410          add     esp,10h
004c45f9 e942ffffff      jmp     filezilla+0xc4540 (004c4540)


0:000> u filezilla+0xc470f
filezilla+0xc470f:
004c470f 8b8600020000    mov     eax,dword ptr [esi+200h]
004c4715 83c410          add     esp,10h
004c4718 3b86fc010000    cmp     eax,dword ptr [esi+1FCh]
004c471e 75d0            jne     filezilla+0xc46f0 (004c46f0)
004c4720 8d65f8          lea     esp,[ebp-8]
004c4723 5b              pop     ebx
004c4724 5e              pop     esi
004c4725 5d              pop     ebp


0:000> u filezilla+0x41ba0f
filezilla+0x41ba0f:
0081ba0f 83c420          add     esp,20h
0081ba12 807e2000        cmp     byte ptr [esi+20h],0
0081ba16 0f94c0          sete    al
0081ba19 25ff000000      and     eax,0FFh
0081ba1e 8d65f8          lea     esp,[ebp-8]
0081ba21 5b              pop     ebx
0081ba22 5e              pop     esi
0081ba23 5d              pop     ebp


0:000> u filezilla+0x41ba0f
filezilla+0x41ba0f:
0081ba0f 83c420          add     esp,20h
0081ba12 807e2000        cmp     byte ptr [esi+20h],0
0081ba16 0f94c0          sete    al
0081ba19 25ff000000      and     eax,0FFh
0081ba1e 8d65f8          lea     esp,[ebp-8]
0081ba21 5b              pop     ebx
0081ba22 5e              pop     esi
0081ba23 5d              pop     ebp


0:000> u filezilla+0x41c220
filezilla+0x41c220:
0081c220 83c410          add     esp,10h
0081c223 84c0            test    al,al
0081c225 74df            je      filezilla+0x41c206 (0081c206)
0081c227 8d65f4          lea     esp,[ebp-0Ch]
0081c22a b801000000      mov     eax,1
0081c22f 5b              pop     ebx
0081c230 5e              pop     esi
0081c231 5f              pop     edi


0:000> u filezilla+0x41c55b
filezilla+0x41c55b:
0081c55b 83c410          add     esp,10h
0081c55e 84c0            test    al,al
0081c560 748b            je      filezilla+0x41c4ed (0081c4ed)
0081c562 8d65f8          lea     esp,[ebp-8]
0081c565 b801000000      mov     eax,1
0081c56a 5b              pop     ebx
0081c56b 5e              pop     esi
0081c56c 5d              pop     ebp


0:000> u filezilla+0x41c81f
filezilla+0x41c81f:
0081c81f 8b4508          mov     eax,dword ptr [ebp+8]
0081c822 5f              pop     edi
0081c823 8b7018          mov     esi,dword ptr [eax+18h]
0081c826 56              push    esi
0081c827 e854190000      call    filezilla+0x41e180 (0081e180)
0081c82c 83c410          add     esp,10h
0081c82f ff4dac          dec     dword ptr [ebp-54h]
0081c832 758e            jne     filezilla+0x41c7c2 (0081c7c2)


0:000> u filezilla+0x456c25
filezilla+0x456c25:
00856c25 58              pop     eax
00856c26 a1945ead00      mov     eax,dword ptr [filezilla+0x6d5e94 (00ad5e94)]
00856c2b 50              push    eax
00856c2c e84f75fcff      call    filezilla+0x41e180 (0081e180)
00856c31 a1905ead00      mov     eax,dword ptr [filezilla+0x6d5e90 (00ad5e90)]
00856c36 83c410          add     esp,10h
00856c39 8b4010          mov     eax,dword ptr [eax+10h]
00856c3c 85c0            test    eax,eax


0:000> u filezilla+0x511210
filezilla+0x511210:
00911210 83c410          add     esp,10h
00911213 ebd2            jmp     filezilla+0x5111e7 (009111e7)
00911215 90              nop
00911216 90              nop
00911217 90              nop
00911218 90              nop
00911219 90              nop
0091121a 90              nop

[Tim Kosse]

How are you connecting to that server? Do you use the quickconnect bar or the site manager? In the latter case, have you set any non-default options for that site?

[Jason Mount]

I originally used site manager, but I have been using the imported queue. Here is what I have, some fields are replaced with '*':

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<FileZilla3>
    <Queue>
        <Server>
            <Host>*****</Host>
            <Port>21</Port>
            <Protocol>0</Protocol>
            <Type>0</Type>
            <User>*****</User>
            <Pass>*****</Pass>
            <Logontype>1</Logontype>
            <TimezoneOffset>0</TimezoneOffset>
            <PasvMode>MODE_DEFAULT</PasvMode>
            <MaximumMultipleConnections>0</MaximumMultipleConnections>
            <EncodingType>Auto</EncodingType>
            <BypassProxy>0</BypassProxy>
            <Name>*****</Name>
        </Server>
        <File>
			<LocalFile>*****</LocalFile>
			<RemoteFile>*****</RemoteFile>
			<RemotePath>1 0 9 ***** 3 *** 6 *** 14 *** 4 *** 10 *** 8 ***</RemotePath>
			<Download>0</Download>
			<Size>3043408</Size>
			<Priority>1</Priority>
			<TransferMode>1</TransferMode>
        </File>
    </Queue>
</FileZilla3>  

[Tim Kosse]

Nothing unusual in it.

Please try this build: ​http://filezilla-project.org/nightlies2/2008-11-24/i586-mingw32msvc/FileZilla_3_setup.exe

It contains even more debugging information.

Ridiculous large executable already at 190MiB. And yet I could still add more...

[Jason Mount]

The same thing happened, no back trace:

Program received signal SIGSEGV, Segmentation fault.
0x0091455c in CServer (this=0x22f34c) at /home/nightlybuild/buildroot/packages/FileZilla3/src/interface/../include/server.h:57
57      /home/nightlybuild/buildroot/packages/FileZilla3/src/interface/../include/server.h: No such file or directory.
        in /home/nightlybuild/buildroot/packages/FileZilla3/src/interface/../include/server.h
Current language:  auto; currently c++
(gdb) bt
#0  0x0091455c in CServer (this=0x22f34c) at /home/nightlybuild/buildroot/packages/FileZilla3/src/interface/../include/server.h:57
#1  0x0091455c in CServer (this=0x22f34c) at /home/nightlybuild/buildroot/packages/FileZilla3/src/interface/../include/server.h:57
Backtrace stopped: frame did not save the PC

Is this relevant?
​http://lists-archives.org/mingw-users/11483-using-gdb-under-mingw-backtrace-stopped-framedidnot-save-the-pc-compilation-flags-and-compiler-version.html

It suggests that -gstabs be used when compiling.

[Tim Kosse]

Please try this version: ​http://filezilla-project.org/nightlies2/2008-12-01/i586-mingw32msvc/FileZilla_3_setup.exe

[Jason Mount]

Sorry, I got busy and didn't have time to test this. Is this still the version you want me to test?

[Tim Kosse]

Yes.

[Jason Mount]

I haven't been able to reproduce the problem yet, but even when I click "Crash" from the "Debug" menu, gdb still says "Backtrace stopped: frame did not save the PC", so I doubt reproducing the crash will yeild any useful information.

Is this a valid assumption?

Program received signal SIGSEGV, Segmentation fault.
0x00468751 in CMainFrame::OnMenuHandler (this=0xc38aa98, event=@0x22f908) at /home/nightlybuild/buildroot/packages/FileZilla3/src/interface/Mainfrm.cpp:697
697     /home/nightlybuild/buildroot/packages/FileZilla3/src/interface/Mainfrm.cpp: No such file or directory.
        in /home/nightlybuild/buildroot/packages/FileZilla3/src/interface/Mainfrm.cpp
Current language:  auto; currently c++
(gdb) bt
#0  0x00468751 in CMainFrame::OnMenuHandler (this=0xc38aa98, event=@0x22f908) at /home/nightlybuild/buildroot/packages/FileZilla3/src/interface/Mainfrm.cpp:697
#1  0x00468751 in CMainFrame::OnMenuHandler (this=0xc127d88, event=@0xc38aa98) at /home/nightlybuild/buildroot/packages/FileZilla3/src/interface/Mainfrm.cpp:697
Backtrace stopped: frame did not save the PC

[Tim Kosse]

Does this problem still happen with the most recent version of FileZilla?

[Jason Mount]

No. I haven't seen this problem for several builds now.

[Christopher]

This is occuring as of version 3.5.2 on my system. Large queues (>100k items, >100GB total) seem to crash the client after 20-30 minutes of processing.

System info:

FileZilla Client

---

Version: 3.5.2

Build information:

Compiled for: i386-redhat-linux-gnu
Compiled on: i386-redhat-linux-gnu
Build date: 2011-11-27
Compiled with: gcc (GCC) 4.6.2 20111027 (Red Hat 4.6.2-1)
Compiler flags: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables -Wall -g -fexceptions -std=gnu++0x

Linked against:

wxWidgets: 2.8.12
GnuTLS: 2.12.7

Operating system:

Name: Linux 3.1.6-1.fc16.i686.PAE i686
Version: 3.1