2019-05-25 00:38 BST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0002565NetSurfCore-specificpublic2018-04-21 09:55
ReporterJ. Scott Heppler 
Assigned To 
SeverityminorReproducibilityhave not tried 
StatusfeedbackResolutionopen 
Platformi386OSOpenBSDOS Version6.2
Product Version3.6 
Target VersionFixed in Version 
Summary0002565: Use after free
DescriptionBoth netsurf-gtk and netsurf-fb segfault with a use after free error. OpenBSD sanatizes 1/2 the ram but I did not have the error in 6.1 on the same platform.
Steps To ReproduceOn a Via C7 notebook w/ 2gm ram start netsurf-gtk or netsurf-fb.
Additional InformationWill also report to openbsd-ports mailing list
TagsNo tags attached.
Fixed in CI build #
Reported in CI build #
URL of problem pagen/a
Attached Files
  • txt file icon netsurfgtk3.6_obsdi386_use_after_free.txt (13,818 bytes) 2017-10-11 15:12 -
    Puffy$ netsurf-gtk -v                     
    (0.000003) utils/log.c:101 nserror nslog_init(nslog_ensure_t *, int *, char **): NetSurf version '3.6 (19th November 2016)'
    (0.011419) utils/log.c:110 nserror nslog_init(nslog_ensure_t *, int *, char **): NetSurf on <OpenBSD>, node <Puffy.home.yak>, release <6.2>, version <GENERIC#163>, machine <i386>
    (0.031586) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/netsurf.gtk2.ui
    (0.047316) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/tabcontents.gtk2.ui
    (0.061710) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/password.gtk2.ui
    (0.077625) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/login.gtk2.ui
    (0.091811) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/ssl.gtk2.ui
    (0.106110) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/toolbar.gtk2.ui
    (0.121828) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/downloads.gtk2.ui
    (0.136616) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/history.gtk2.ui
    (0.151364) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/options.gtk2.ui
    (0.166494) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/hotlist.gtk2.ui
    (0.181145) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/cookies.gtk2.ui
    (0.195257) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/viewdata.gtk2.ui
    (0.210668) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/warning.gtk2.ui
    (0.225030) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/favicon.png
    (0.240022) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/netsurf.xpm
    (0.254914) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/menu_cursor.png
    (0.269293) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/arrow_down_8x32.png
    (0.283427) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/throbber/throbber0.png
    (0.298624) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/throbber/throbber1.png
    (0.304242) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/throbber/throbber2.png
    (0.314025) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/throbber/throbber3.png
    (0.321882) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/throbber/throbber4.png
    (0.329762) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/throbber/throbber5.png
    (0.341674) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/throbber/throbber6.png
    (0.348572) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/throbber/throbber7.png
    (0.357932) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/throbber/throbber8.png
    (0.367084) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/welcome.html
    (0.377202) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/credits.html
    (0.385684) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/licence.html
    (0.395163) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/maps.html
    (0.404016) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/default.css
    (0.413418) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/adblock.css
    (0.421524) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/internal.css
    (0.429289) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/quirks.css
    (0.438404) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/netsurf.png
    (0.447554) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/default.ico
    (0.455493) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/icons/arrow-l.png
    (0.463252) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/icons/content.png
    (0.473896) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/icons/directory2.png
    (0.482496) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/icons/directory.png
    (0.491503) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/icons/hotlist-add.png
    (0.502441) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/icons/hotlist-rmv.png
    (0.503499) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/icons/search.png
    (0.503825) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/languages
    (0.504178) frontends/gtk/resources.c:223 nserror init_resource(char **, struct nsgtk_resource_s *): Found gresource path /org/netsurf/Messages
    (0.504660) utils/nsoption.c:655 nserror nsoption_read(const char *, struct nsoption_s *): Successfully opened '/home/jsh/.config/netsurf/Choices' for Options file
    (0.509354) frontends/gtk/gui.c:946 nserror get_cache_home(char **): "/home/jsh/.cache/netsurf"
    (0.510979) content/handlers/image/image_cache.c:381 nserror image_cache_init(const struct image_cache_parameters *): Image cache initilised with a limit of 3145728 hysteresis of 629145
    (0.511267) render/html_css_fetcher.c:64 _Bool html_css_fetcher_initialise(lwc_string *): html_css_fetcher_initialise called for x-ns-css
    (0.512128) content/fetchers/curl.c:1414 nserror fetch_curl_register(void): curl_version libcurl/7.55.1 LibreSSL/2.6.3 zlib/1.2.3 nghttp2/1.26.0
    (0.529956) utils/useragent.c:68 void user_agent_build_string(void): Built user agent "NetSurf/3.6 (OpenBSD)"
    (0.530163) content/fetchers/curl.c:1488 nserror fetch_curl_register(void): ca_path: '/etc/ssl/certs'
    (0.530295) content/fetchers/curl.c:1500 nserror fetch_curl_register(void): cURL linked against openssl
    (0.530565) content/fetchers/curl.c:136 _Bool fetch_curl_initialise(lwc_string *): Initialise cURL fetcher for http
    (0.530704) content/fetchers/curl.c:136 _Bool fetch_curl_initialise(lwc_string *): Initialise cURL fetcher for https
    (0.530838) content/fetchers/data.c:59 _Bool fetch_data_initialise(lwc_string *): fetch_data_initialise called for data
    (0.530984) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for adblock.css
    (0.531117) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for default.css
    (0.531250) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for internal.css
    (0.531382) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for quirks.css
    (0.532114) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for credits.html
    (0.532262) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for licence.html
    (0.532395) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for welcome.html
    (0.532527) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for maps.html
    (0.532673) content/fetchers/resource.c:285 _Bool fetch_resource_initialise(lwc_string *): redirect url for favicon.ico
    (0.532806) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for default.ico
    (0.532937) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for netsurf.png
    (0.533069) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for icons/arrow-l.png
    (0.533202) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for icons/content.png
    (0.533334) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for icons/directory.png
    (0.533467) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for icons/directory2.png
    (0.533601) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for icons/hotlist-add.png
    (0.533733) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for icons/hotlist-rmv.png
    (0.533866) content/fetchers/resource.c:278 _Bool fetch_resource_initialise(lwc_string *): direct data for icons/search.png
    (0.534049) content/llcache.c:3369 nserror llcache_initialise(const struct llcache_parameters *): llcache initialising with a limit of 9437184 bytes
    (0.534203) content/fs_backing_store.c:1395 nserror read_control(struct store_state *): opening control file "/home/jsh/.cache/netsurf/control"
    (0.534555) content/fs_backing_store.c:1210 nserror read_entries(struct store_state *): Allocating 2621440 bytes for max of 65536 entries of 40 length elements 12 length
    (0.535053) content/fs_backing_store.c:1225 nserror read_entries(struct store_state *): Read 245 entries
    (0.535098) content/fs_backing_store.c:1131 nserror build_entrymap(struct store_state *): Allocating 2097152 bytes for max of 1048576 buckets
    (0.536610) content/fs_backing_store.c:1256 nserror read_blocks(struct store_state *): Initialising block use map from /home/jsh/.cache/netsurf/blocks
    (0.536744) content/fs_backing_store.c:1561 nserror initialise(const struct llcache_store_parameters *): FS backing store init successful
    (0.536775) content/fs_backing_store.c:1568 nserror initialise(const struct llcache_store_parameters *): path:/home/jsh/.cache/netsurf limit:1073741824 hyst:0 addr:20 entries:16
    (0.536813) content/fs_backing_store.c:1569 nserror initialise(const struct llcache_store_parameters *): Using 3695618/1073741824
    (0.915284) frontends/gtk/gui.c:249 nserror nsgtk_init(int, char **, char **): Seting default window icon
    (0.917583) frontends/gtk/gui.c:257 nserror nsgtk_init(int, char **, char **): Using '/usr/local/share/netsurf/SearchEngines' as Search Engines file
    (0.931894) frontends/gtk/throbber.c:62 nserror nsgtk_throbber_init(void): throbber/throbber0.png
    (0.932295) frontends/gtk/throbber.c:62 nserror nsgtk_throbber_init(void): throbber/throbber1.png
    (0.932617) frontends/gtk/throbber.c:62 nserror nsgtk_throbber_init(void): throbber/throbber2.png
    (0.932933) frontends/gtk/throbber.c:62 nserror nsgtk_throbber_init(void): throbber/throbber3.png
    (0.933246) frontends/gtk/throbber.c:62 nserror nsgtk_throbber_init(void): throbber/throbber4.png
    (0.933558) frontends/gtk/throbber.c:62 nserror nsgtk_throbber_init(void): throbber/throbber5.png
    (0.933872) frontends/gtk/throbber.c:62 nserror nsgtk_throbber_init(void): throbber/throbber6.png
    (0.934196) frontends/gtk/throbber.c:62 nserror nsgtk_throbber_init(void): throbber/throbber7.png
    (0.934510) frontends/gtk/throbber.c:62 nserror nsgtk_throbber_init(void): throbber/throbber8.png
    (0.936731) frontends/gtk/fetch.c:93 void gtk_fetch_filetype_init(const char *): Unable to open a mime.types file, so using a minimal one for you.
    (0.937445) content/urldb.c:2531 nserror urldb_load(const char *): Loading URL file /home/jsh/.config/netsurf/URLs
    (0.938401) content/urldb.c:2706 nserror urldb_load(const char *): Successfully loaded URL file
    (0.940437) frontends/gtk/gui.c:299 nserror nsgtk_init(int, char **, char **): Set CSS DPI to 96
    (0.963957) content/handlers/javascript/duktape/dukky.c:565 nserror js_newcontext(int, jscallback *, void *, jscontext **): Creating new duktape javascript context
    netsurf-gtk(19048) in free(): use after free 0x807ac2c0
    Abort trap (core dumped) 
    
    txt file icon netsurfgtk3.6_obsdi386_use_after_free.txt (13,818 bytes) 2017-10-11 15:12 +

-Relationships
+Relationships

-Notes
Daniel Silverstone

~0001756

Daniel Silverstone (administrator)

Hi,

Since none of us use OpenBSD, it would be super-helpful if you could run the failing binary under valgrind, lldb, or somesuch, and get us an indication of where the use-after-free occurs, and if at all possible where the relevant block of memory was freed (I believe valgrind can do that).

Thanks,

Daniel.
+Notes

-Issue History
Date Modified Username Field Change
2017-10-11 15:12 J. Scott Heppler New Issue
2017-10-11 15:12 J. Scott Heppler File Added: netsurfgtk3.6_obsdi386_use_after_free.txt
2018-04-21 09:55 Daniel Silverstone Status new => feedback
2018-04-21 09:55 Daniel Silverstone Note Added: 0001756
+Issue History