2019-03-26 21:15 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0002179NetSurf[All Projects] Generalpublic2015-03-10 23:45
ReporterAnthony J. Bentley 
Assigned ToVincent Sanders 
SeveritycrashReproducibilityrandom 
StatusclosedResolutionfixed 
Platformi386, amd64OSOpenBSDOS Version5.6
Product Version3.1 
Target VersionFixed in Version3.3 
Summary0002179: Crashes on invalid certificate
DescriptionVisiting https://tv.eurosport.com/ in NetSurf-GTK on OpenBSD either displays garbage in the SSL certificate window (i386) or sporadically crashes (i386 or amd64).
Additional Information(gdb) bt
#0 0x00000c9e92e0f934 in strlen (
    str=0xc9e98285740 "Aug 13 23:59:00 2018 GMT", '�' <repeats 176 times>...)
    at /usr/src/lib/libc/string/strlen.c:39
#1 0x00000c9e92dffcf8 in __vfprintf (fp=0x7f7ffffdb590,
    fmt0=0xc9c8e3ec0e5 "%s", ap=Variable "ap" is not available.
) at /usr/src/lib/libc/stdio/vfprintf.c:880
0000002 0x00000c9e92dfbf34 in snprintf (str=0x7f7ffffdbeb8 "�%\177\234\236\f", n=Var
iable "n" is not available.
)
    at /usr/src/lib/libc/stdio/snprintf.c:64
#3 0x00000c9c8e236d41 in fetch_curl_poll (scheme_ignored=Variable "scheme_ignor
ed" is not available.
)
    at content/fetchers/curl.c:947
#4 0x00000c9c8e234092 in fetch_poll () at content/fetch.c:472
#5 0x00000c9c8e23cc2a in llcache_poll () at content/llcache.c:2336
#6 0x00000c9c8e23b769 in hlcache_poll () at content/hlcache.c:629
#7 0x00000c9c8e25f371 in netsurf_main_loop () at desktop/netsurf.c:238
#8 0x00000c9c8e27cffd in main (argc=2, argv=0x7f7ffffdda88) at gtk/gui.c:479

(gdb) bt full
#0 0x00000c9e92e0f934 in strlen (
    str=0xc9e98285740 "Aug 13 23:59:00 2018 GMT", '�' <repeats 176 times>...)
    at /usr/src/lib/libc/string/strlen.c:39
        s = 0xc9e98286000 <Address 0xc9e98286000 out of bounds>
#1 0x00000c9e92dffcf8 in __vfprintf (fp=0x7f7ffffdb590,
    fmt0=0xc9c8e3ec0e5 "%s", ap=Variable "ap" is not available.
) at /usr/src/lib/libc/stdio/vfprintf.c:880
        mbs = {
  __mbstate8 = "\002", '\0' <repeats 15 times>, "\003\000\000\000\000\000\000\00
0#�\030\236\236\f\000\000H�\177\230\236\f\000\000X\000\000\000\000\000\000\000�\
f)\220\236\f\000\000\000\000\000\000\000\000\000\0005\203�\003\000\000\000\0000\
000\000\000\000\000\000\000\200<\026\236\236\f\000\000\000DV\233\236\f\000\000\2
37A�\220\236\f\000\000��\177\177\000\000@e�\223\236\f\000\000��\177\177\000", __
mbstateL = 2}
        mbseqlen = Variable "mbseqlen" is not available.
TagsNo tags attached.
Fixed in CI build #2080
Reported in CI build #
URL of problem pagehttps://tv.eurosport.com/
Attached Files

-Relationships
duplicate of 0002168closedVincent Sanders Certificate validation tree is corrupted when manipulated 
+Relationships

-Notes
Daniel Silverstone

~0000432

Daniel Silverstone (administrator)

Duplicate of 2168, backporting the fix is infeasible, please wait for 3.2 and then upgrade.
Anthony J. Bentley

~0000466

Anthony J. Bentley (reporter)

Just tested with NetSurf 3.2 / libcss 0.4.0. Still getting occasional crashes on this testcase.

$ gdb netsurf
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd5.6"...
(gdb) run https://tv.eurosport.com/
Starting program: /usr/local/bin/netsurf https://tv.eurosport.com/

Program received signal SIGSEGV, Segmentation fault.
0x00000c3dd0d6c864 in strlen (
    str=0xc3e10b4ff80 "a248.e.akamai.net, Akamai Technologies, Inc., Cambridge, MA, US", '�' <repeats 65 times> <Address 0xc3e10b50000 out of bounds>)
    at /usr/src/lib/libc/string/strlen.c:39
39 for (s = str; *s; ++s)
(gdb) bt
#0 0x00000c3dd0d6c864 in strlen (
    str=0xc3e10b4ff80 "a248.e.akamai.net, Akamai Technologies, Inc., Cambridge, MA, US", '�' <repeats 65 times> <Address 0xc3e10b50000 out of bounds>)
    at /usr/src/lib/libc/string/strlen.c:39
#1 0x00000c3dd0d5cbb8 in __vfprintf (fp=0x7f7ffffcb570,
    fmt0=0xc3bc3d12e45 "%s", ap=Variable "ap" is not available.
) at /usr/src/lib/libc/stdio/vfprintf.c:880
0000002 0x00000c3dd0d58df4 in snprintf (str=0x7f7ffffcb8a8 "wo��=\023", n=Variable "n" is not available.
)
    at /usr/src/lib/libc/stdio/snprintf.c:64
#3 0x00000c3bc3b57460 in fetch_curl_poll (scheme_ignored=Variable "scheme_ignored" is not available.
)
    at content/fetchers/curl.c:969
#4 0x00000c3bc3b54e0f in fetcher_fdset (read_fd_set=0x7f7ffffcf0c0,
    write_fd_set=0x7f7ffffcf040, except_fd_set=0x7f7ffffcefc0,
    maxfd_out=0x7f7ffffcf144) at content/fetch.c:382
#5 0x00000c3bc3b9d995 in nsgtk_poll (active=Variable "active" is not available.
) at gtk/gui.c:500
#6 0x00000c3bc3b81f0f in netsurf_main_loop () at desktop/netsurf.c:260
#7 0x00000c3bc3b9ee76 in gui_init (argc=2, argv=0x7f7ffffcfbb8,
    respath=0xc3ea43e7400) at gtk/gui.c:473
#8 0x00000c3bc3b9f494 in main (argc=2, argv=0x7f7ffffcfbb8) at gtk/gui.c:1324
Vincent Sanders

~0000471

Vincent Sanders (administrator)

latest version in git terminates buffers returned from X509_NAME_print_ex() which seems to not be an issue in Linux but affects bsd
Anthony J. Bentley

~0000473

Anthony J. Bentley (reporter)

Can no longer reproduce on c695d3d0074687e767b68ca9d1412a5bc5303178. Thanks!
Vincent Sanders

~0000765

Vincent Sanders (administrator)

Confirmed fixed in 3.3 release
+Notes

-Issue History
Date Modified Username Field Change
2014-08-01 20:22 Anthony J. Bentley New Issue
2014-08-01 20:22 Anthony J. Bentley File Added: 2014-08-01-140128_500x598_scrot.png
2014-08-03 13:09 Daniel Silverstone Relationship added duplicate of 0002168
2014-08-03 13:11 Daniel Silverstone Note Added: 0000432
2014-08-03 13:11 Daniel Silverstone Status new => resolved
2014-08-03 13:11 Daniel Silverstone Fixed in Version => 3.2
2014-08-26 14:16 Vincent Sanders Resolution open => fixed
2014-09-01 03:14 Anthony J. Bentley Note Added: 0000466
2014-09-01 03:14 Anthony J. Bentley Status resolved => feedback
2014-09-01 03:14 Anthony J. Bentley Resolution fixed => reopened
2014-09-02 10:12 Vincent Sanders Assigned To => Vincent Sanders
2014-09-02 10:12 Vincent Sanders Status feedback => acknowledged
2014-09-02 10:12 Vincent Sanders Fixed in Version 3.2 =>
2014-09-02 22:55 Vincent Sanders Fixed in CI build # => 2079
2014-09-02 22:55 Vincent Sanders Note Added: 0000471
2014-09-04 06:51 Anthony J. Bentley Note Added: 0000473
2014-09-04 10:22 Vincent Sanders Fixed in CI build # 2079 => 2080
2014-09-04 10:22 Vincent Sanders Status acknowledged => resolved
2014-09-04 10:22 Vincent Sanders Resolution reopened => fixed
2014-09-04 10:22 Vincent Sanders Fixed in Version => 3.3
2015-03-10 23:45 Vincent Sanders Note Added: 0000765
2015-03-10 23:45 Vincent Sanders Status resolved => closed
+Issue History