| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
|---|---|---|---|---|---|---|---|---|---|
| 0002179 | NetSurf | [All Projects] General | public | 2014-08-01 20:22 | 2015-03-10 23:45 | ||||
| Reporter | Anthony J. Bentley | ||||||||
| Assigned To | Vincent Sanders | ||||||||
| Severity | crash | Reproducibility | random | ||||||
| Status | closed | Resolution | fixed | ||||||
| Platform | i386, amd64 | OS | OpenBSD | OS Version | 5.6 | ||||
| Product Version | 3.1 | ||||||||
| Target Version | Fixed in Version | 3.3 | |||||||
| Summary | 0002179: Crashes on invalid certificate | ||||||||
| Description | Visiting https://tv.eurosport.com/ in NetSurf-GTK on OpenBSD either displays garbage in the SSL certificate window (i386) or sporadically crashes (i386 or amd64). | ||||||||
| Additional Information | (gdb) bt #0 0x00000c9e92e0f934 in strlen ( str=0xc9e98285740 "Aug 13 23:59:00 2018 GMT", '�' <repeats 176 times>...) at /usr/src/lib/libc/string/strlen.c:39 #1 0x00000c9e92dffcf8 in __vfprintf (fp=0x7f7ffffdb590, fmt0=0xc9c8e3ec0e5 "%s", ap=Variable "ap" is not available. ) at /usr/src/lib/libc/stdio/vfprintf.c:880 0000002 0x00000c9e92dfbf34 in snprintf (str=0x7f7ffffdbeb8 "�%\177\234\236\f", n=Var iable "n" is not available. ) at /usr/src/lib/libc/stdio/snprintf.c:64 #3 0x00000c9c8e236d41 in fetch_curl_poll (scheme_ignored=Variable "scheme_ignor ed" is not available. ) at content/fetchers/curl.c:947 #4 0x00000c9c8e234092 in fetch_poll () at content/fetch.c:472 #5 0x00000c9c8e23cc2a in llcache_poll () at content/llcache.c:2336 #6 0x00000c9c8e23b769 in hlcache_poll () at content/hlcache.c:629 #7 0x00000c9c8e25f371 in netsurf_main_loop () at desktop/netsurf.c:238 #8 0x00000c9c8e27cffd in main (argc=2, argv=0x7f7ffffdda88) at gtk/gui.c:479 (gdb) bt full #0 0x00000c9e92e0f934 in strlen ( str=0xc9e98285740 "Aug 13 23:59:00 2018 GMT", '�' <repeats 176 times>...) at /usr/src/lib/libc/string/strlen.c:39 s = 0xc9e98286000 <Address 0xc9e98286000 out of bounds> #1 0x00000c9e92dffcf8 in __vfprintf (fp=0x7f7ffffdb590, fmt0=0xc9c8e3ec0e5 "%s", ap=Variable "ap" is not available. ) at /usr/src/lib/libc/stdio/vfprintf.c:880 mbs = { __mbstate8 = "\002", '\0' <repeats 15 times>, "\003\000\000\000\000\000\000\00 0#�\030\236\236\f\000\000H�\177\230\236\f\000\000X\000\000\000\000\000\000\000�\ f)\220\236\f\000\000\000\000\000\000\000\000\000\0005\203�\003\000\000\000\0000\ 000\000\000\000\000\000\000\200<\026\236\236\f\000\000\000DV\233\236\f\000\000\2 37A�\220\236\f\000\000��\177\177\000\000@e�\223\236\f\000\000��\177\177\000", __ mbstateL = 2} mbseqlen = Variable "mbseqlen" is not available. | ||||||||
| Tags | No tags attached. | ||||||||
| Fixed in CI build # | 2080 | ||||||||
| Reported in CI build # | |||||||||
| URL of problem page | https://tv.eurosport.com/ | ||||||||
| Attached Files |
| ||||||||
 Relationships |
||||||
|
||||||
 Relationships |
| Notes |
|
kinnison (administrator) 2014-08-03 13:11 |
Duplicate of 2168, backporting the fix is infeasible, please wait for 3.2 and then upgrade. |
Anthony J. Bentley (reporter) 2014-09-01 03:14 |
Just tested with NetSurf 3.2 / libcss 0.4.0. Still getting occasional crashes on this testcase. $ gdb netsurf GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-unknown-openbsd5.6"... (gdb) run https://tv.eurosport.com/ Starting program: /usr/local/bin/netsurf https://tv.eurosport.com/ Program received signal SIGSEGV, Segmentation fault. 0x00000c3dd0d6c864 in strlen ( str=0xc3e10b4ff80 "a248.e.akamai.net, Akamai Technologies, Inc., Cambridge, MA, US", '�' <repeats 65 times> <Address 0xc3e10b50000 out of bounds>) at /usr/src/lib/libc/string/strlen.c:39 39 for (s = str; *s; ++s) (gdb) bt #0 0x00000c3dd0d6c864 in strlen ( str=0xc3e10b4ff80 "a248.e.akamai.net, Akamai Technologies, Inc., Cambridge, MA, US", '�' <repeats 65 times> <Address 0xc3e10b50000 out of bounds>) at /usr/src/lib/libc/string/strlen.c:39 #1 0x00000c3dd0d5cbb8 in __vfprintf (fp=0x7f7ffffcb570, fmt0=0xc3bc3d12e45 "%s", ap=Variable "ap" is not available. ) at /usr/src/lib/libc/stdio/vfprintf.c:880 0000002 0x00000c3dd0d58df4 in snprintf (str=0x7f7ffffcb8a8 "wo��=\023", n=Variable "n" is not available. ) at /usr/src/lib/libc/stdio/snprintf.c:64 #3 0x00000c3bc3b57460 in fetch_curl_poll (scheme_ignored=Variable "scheme_ignored" is not available. ) at content/fetchers/curl.c:969 #4 0x00000c3bc3b54e0f in fetcher_fdset (read_fd_set=0x7f7ffffcf0c0, write_fd_set=0x7f7ffffcf040, except_fd_set=0x7f7ffffcefc0, maxfd_out=0x7f7ffffcf144) at content/fetch.c:382 #5 0x00000c3bc3b9d995 in nsgtk_poll (active=Variable "active" is not available. ) at gtk/gui.c:500 #6 0x00000c3bc3b81f0f in netsurf_main_loop () at desktop/netsurf.c:260 #7 0x00000c3bc3b9ee76 in gui_init (argc=2, argv=0x7f7ffffcfbb8, respath=0xc3ea43e7400) at gtk/gui.c:473 #8 0x00000c3bc3b9f494 in main (argc=2, argv=0x7f7ffffcfbb8) at gtk/gui.c:1324 |
Vincent Sanders (administrator) 2014-09-02 22:55 |
latest version in git terminates buffers returned from X509_NAME_print_ex() which seems to not be an issue in Linux but affects bsd |
|
Anthony J. Bentley (reporter) 2014-09-04 06:51 |
Can no longer reproduce on c695d3d0074687e767b68ca9d1412a5bc5303178. Thanks! |
|
Vincent Sanders (administrator) 2015-03-10 23:45 |
Confirmed fixed in 3.3 release |
| Notes |
| Issue History |
|||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-08-01 20:22 | Anthony J. Bentley | New Issue | |
| 2014-08-01 20:22 | Anthony J. Bentley | File Added: 2014-08-01-140128_500x598_scrot.png | |
| 2014-08-03 13:09 | kinnison | Relationship added | duplicate of 0002168 |
| 2014-08-03 13:11 | kinnison | Note Added: 0000432 | |
| 2014-08-03 13:11 | kinnison | Status | new => resolved |
| 2014-08-03 13:11 | kinnison | Fixed in Version | => 3.2 |
| 2014-08-26 14:16 | Vincent Sanders | Resolution | open => fixed |
| 2014-09-01 03:14 | Anthony J. Bentley | Note Added: 0000466 | |
| 2014-09-01 03:14 | Anthony J. Bentley | Status | resolved => feedback |
| 2014-09-01 03:14 | Anthony J. Bentley | Resolution | fixed => reopened |
| 2014-09-02 10:12 | Vincent Sanders | Assigned To | => Vincent Sanders |
| 2014-09-02 10:12 | Vincent Sanders | Status | feedback => acknowledged |
| 2014-09-02 10:12 | Vincent Sanders | Fixed in Version | 3.2 => |
| 2014-09-02 22:55 | Vincent Sanders | Fixed in CI build # | => 2079 |
| 2014-09-02 22:55 | Vincent Sanders | Note Added: 0000471 | |
| 2014-09-04 06:51 | Anthony J. Bentley | Note Added: 0000473 | |
| 2014-09-04 10:22 | Vincent Sanders | Fixed in CI build # | 2079 => 2080 |
| 2014-09-04 10:22 | Vincent Sanders | Status | acknowledged => resolved |
| 2014-09-04 10:22 | Vincent Sanders | Resolution | reopened => fixed |
| 2014-09-04 10:22 | Vincent Sanders | Fixed in Version | => 3.3 |
| 2015-03-10 23:45 | Vincent Sanders | Note Added: 0000765 | |
| 2015-03-10 23:45 | Vincent Sanders | Status | resolved => closed |
| Issue History |