MantisBT - NetSurf
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0002179NetSurf[All Projects] Generalpublic2014-08-01 21:222015-03-10 23:45
ReporterAnthony J. Bentley 
Assigned ToVincent Sanders 
PrioritynormalSeveritycrashReproducibilityrandom
StatusclosedResolutionfixed 
Platformi386, amd64OSOpenBSDOS Version5.6
Product Version3.1 
Target VersionFixed in Version3.3 
Fixed in CI build #2080
Reported in CI build #
URL of problem pagehttps://tv.eurosport.com/
Summary0002179: Crashes on invalid certificate
DescriptionVisiting https://tv.eurosport.com/ in NetSurf-GTK on OpenBSD either displays garbage in the SSL certificate window (i386) or sporadically crashes (i386 or amd64).
Additional Information(gdb) bt
#0 0x00000c9e92e0f934 in strlen (
    str=0xc9e98285740 "Aug 13 23:59:00 2018 GMT", '�' <repeats 176 times>...)
    at /usr/src/lib/libc/string/strlen.c:39
#1 0x00000c9e92dffcf8 in __vfprintf (fp=0x7f7ffffdb590,
    fmt0=0xc9c8e3ec0e5 "%s", ap=Variable "ap" is not available.
) at /usr/src/lib/libc/stdio/vfprintf.c:880
0000002 0x00000c9e92dfbf34 in snprintf (str=0x7f7ffffdbeb8 "�%\177\234\236\f", n=Var
iable "n" is not available.
)
    at /usr/src/lib/libc/stdio/snprintf.c:64
#3 0x00000c9c8e236d41 in fetch_curl_poll (scheme_ignored=Variable "scheme_ignor
ed" is not available.
)
    at content/fetchers/curl.c:947
#4 0x00000c9c8e234092 in fetch_poll () at content/fetch.c:472
#5 0x00000c9c8e23cc2a in llcache_poll () at content/llcache.c:2336
#6 0x00000c9c8e23b769 in hlcache_poll () at content/hlcache.c:629
#7 0x00000c9c8e25f371 in netsurf_main_loop () at desktop/netsurf.c:238
#8 0x00000c9c8e27cffd in main (argc=2, argv=0x7f7ffffdda88) at gtk/gui.c:479

(gdb) bt full
#0 0x00000c9e92e0f934 in strlen (
    str=0xc9e98285740 "Aug 13 23:59:00 2018 GMT", '�' <repeats 176 times>...)
    at /usr/src/lib/libc/string/strlen.c:39
        s = 0xc9e98286000 <Address 0xc9e98286000 out of bounds>
#1 0x00000c9e92dffcf8 in __vfprintf (fp=0x7f7ffffdb590,
    fmt0=0xc9c8e3ec0e5 "%s", ap=Variable "ap" is not available.
) at /usr/src/lib/libc/stdio/vfprintf.c:880
        mbs = {
  __mbstate8 = "\002", '\0' <repeats 15 times>, "\003\000\000\000\000\000\000\00
0#�\030\236\236\f\000\000H�\177\230\236\f\000\000X\000\000\000\000\000\000\000�\
f)\220\236\f\000\000\000\000\000\000\000\000\000\0005\203�\003\000\000\000\0000\
000\000\000\000\000\000\000\200<\026\236\236\f\000\000\000DV\233\236\f\000\000\2
37A�\220\236\f\000\000��\177\177\000\000@e�\223\236\f\000\000��\177\177\000", __
mbstateL = 2}
        mbseqlen = Variable "mbseqlen" is not available.
TagsNo tags attached.
Relationships
duplicate of 0002168closed Vincent Sanders Certificate validation tree is corrupted when manipulated 
Attached Filespng 2014-08-01-140128_500x598_scrot.png (55,998) 2014-08-01 21:22
https://bugs.netsurf-browser.org/mantis/file_download.php?file_id=181&type=bug
png

Notes
(0000432)
Daniel Silverstone   
2014-08-03 14:11   
Duplicate of 2168, backporting the fix is infeasible, please wait for 3.2 and then upgrade.
(0000466)
Anthony J. Bentley   
2014-09-01 04:14   
Just tested with NetSurf 3.2 / libcss 0.4.0. Still getting occasional crashes on this testcase.

$ gdb netsurf
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd5.6"...
(gdb) run https://tv.eurosport.com/
Starting program: /usr/local/bin/netsurf https://tv.eurosport.com/

Program received signal SIGSEGV, Segmentation fault.
0x00000c3dd0d6c864 in strlen (
    str=0xc3e10b4ff80 "a248.e.akamai.net, Akamai Technologies, Inc., Cambridge, MA, US", '�' <repeats 65 times> <Address 0xc3e10b50000 out of bounds>)
    at /usr/src/lib/libc/string/strlen.c:39
39 for (s = str; *s; ++s)
(gdb) bt
#0 0x00000c3dd0d6c864 in strlen (
    str=0xc3e10b4ff80 "a248.e.akamai.net, Akamai Technologies, Inc., Cambridge, MA, US", '�' <repeats 65 times> <Address 0xc3e10b50000 out of bounds>)
    at /usr/src/lib/libc/string/strlen.c:39
#1 0x00000c3dd0d5cbb8 in __vfprintf (fp=0x7f7ffffcb570,
    fmt0=0xc3bc3d12e45 "%s", ap=Variable "ap" is not available.
) at /usr/src/lib/libc/stdio/vfprintf.c:880
0000002 0x00000c3dd0d58df4 in snprintf (str=0x7f7ffffcb8a8 "wo��=\023", n=Variable "n" is not available.
)
    at /usr/src/lib/libc/stdio/snprintf.c:64
#3 0x00000c3bc3b57460 in fetch_curl_poll (scheme_ignored=Variable "scheme_ignored" is not available.
)
    at content/fetchers/curl.c:969
#4 0x00000c3bc3b54e0f in fetcher_fdset (read_fd_set=0x7f7ffffcf0c0,
    write_fd_set=0x7f7ffffcf040, except_fd_set=0x7f7ffffcefc0,
    maxfd_out=0x7f7ffffcf144) at content/fetch.c:382
#5 0x00000c3bc3b9d995 in nsgtk_poll (active=Variable "active" is not available.
) at gtk/gui.c:500
#6 0x00000c3bc3b81f0f in netsurf_main_loop () at desktop/netsurf.c:260
#7 0x00000c3bc3b9ee76 in gui_init (argc=2, argv=0x7f7ffffcfbb8,
    respath=0xc3ea43e7400) at gtk/gui.c:473
#8 0x00000c3bc3b9f494 in main (argc=2, argv=0x7f7ffffcfbb8) at gtk/gui.c:1324
(0000471)
Vincent Sanders   
2014-09-02 23:55   
latest version in git terminates buffers returned from X509_NAME_print_ex() which seems to not be an issue in Linux but affects bsd
(0000473)
Anthony J. Bentley   
2014-09-04 07:51   
Can no longer reproduce on c695d3d0074687e767b68ca9d1412a5bc5303178. Thanks!
(0000765)
Vincent Sanders   
2015-03-10 23:45   
Confirmed fixed in 3.3 release

Issue History
Date ModifiedUsernameFieldChange
2014-08-01 21:22Anthony J. BentleyNew Issue
2014-08-01 21:22Anthony J. BentleyFile Added: 2014-08-01-140128_500x598_scrot.png
2014-08-03 14:09Daniel SilverstoneRelationship addedduplicate of 0002168
2014-08-03 14:11Daniel SilverstoneNote Added: 0000432
2014-08-03 14:11Daniel SilverstoneStatusnew => resolved
2014-08-03 14:11Daniel SilverstoneFixed in Version => 3.2
2014-08-26 15:16Vincent SandersResolutionopen => fixed
2014-09-01 04:14Anthony J. BentleyNote Added: 0000466
2014-09-01 04:14Anthony J. BentleyStatusresolved => feedback
2014-09-01 04:14Anthony J. BentleyResolutionfixed => reopened
2014-09-02 11:12Vincent SandersAssigned To => Vincent Sanders
2014-09-02 11:12Vincent SandersStatusfeedback => acknowledged
2014-09-02 11:12Vincent SandersFixed in Version3.2 =>
2014-09-02 23:55Vincent SandersFixed in CI build # => 2079
2014-09-02 23:55Vincent SandersNote Added: 0000471
2014-09-04 07:51Anthony J. BentleyNote Added: 0000473
2014-09-04 11:22Vincent SandersFixed in CI build #2079 => 2080
2014-09-04 11:22Vincent SandersStatusacknowledged => resolved
2014-09-04 11:22Vincent SandersResolutionreopened => fixed
2014-09-04 11:22Vincent SandersFixed in Version => 3.3
2015-03-10 23:45Vincent SandersNote Added: 0000765
2015-03-10 23:45Vincent SandersStatusresolved => closed