2019-09-21 10:39 BST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0002672NetSurfDevelopmentpublic2019-07-19 09:26
ReporterVincent Sanders 
Assigned To 
SeverityminorReproducibilityalways 
StatusclosedResolutionfixed 
Product Version3.9 
Target Version3.9Fixed in Version3.9 
Summary0002672: popular sites test causes some valgrind errors
Descriptionpopular sites test under valgrind throws some errors

somewhere in the list *after* https://interia.pl/ i think

==7270== HEAP SUMMARY:
==7270== in use at exit: 990,957 bytes in 8,434 blocks
==7270== total heap usage: 62,684,708 allocs, 62,676,274 frees, 23,372,703,503 bytes allocated
==7270==
==7270== Searching for pointers to 8,434 not-freed blocks
==7270== Checked 883,920 bytes
==7270==
==7270== LEAK SUMMARY:
==7270== definitely lost: 367,608 bytes in 2,485 blocks
==7270== indirectly lost: 587,354 bytes in 5,890 blocks
==7270== possibly lost: 928 bytes in 9 blocks
==7270== still reachable: 35,067 bytes in 50 blocks
==7270== suppressed: 0 bytes in 0 blocks
==7270== Rerun with --leak-check=full to see details of leaked memory
==7270==
==7270== ERROR SUMMARY: 8 errors from 2 contexts (suppressed: 8 from 4)
==7270==
==7270== 2 errors in context 1 of 2:
==7270== Conditional jump or move depends on uninitialised value(s)
==7270== at 0x276C0A: idna__is_valid (idna.c:440)
==7270== by 0x276C0A: idna_encode (idna.c:640)
==7270== by 0x27C655: nsurl__create_from_section (parse.c:923)
==7270== by 0x27D852: nsurl_join (parse.c:1449)
==7270== by 0x1D820D: box_extract_link (box_construct.c:3136)
==7270== by 0x1DA17C: box_a (box_construct.c:1494)
==7270== by 0x1D7A2D: box_construct_element (box_construct.c:877)
==7270== by 0x1D7A2D: convert_xml_to_box (box_construct.c:383)
==7270== by 0x26A214: monkey_schedule_run (schedule.c:165)
==7270== by 0x1383A3: monkey_run (main.c:277)
==7270== by 0x1383A3: main (main.c:408)
==7270== Uninitialised value was created by a heap allocation
==7270== at 0x483577F: malloc (vg_replace_malloc.c:299)
==7270== by 0x276BBC: idna__utf8_to_ucs4 (idna.c:245)
==7270== by 0x276BBC: idna_encode (idna.c:634)
==7270== by 0x27C655: nsurl__create_from_section (parse.c:923)
==7270== by 0x27D852: nsurl_join (parse.c:1449)
==7270== by 0x1D820D: box_extract_link (box_construct.c:3136)
==7270== by 0x1DA17C: box_a (box_construct.c:1494)
==7270== by 0x1D7A2D: box_construct_element (box_construct.c:877)
==7270== by 0x1D7A2D: convert_xml_to_box (box_construct.c:383)
==7270== by 0x26A214: monkey_schedule_run (schedule.c:165)
==7270== by 0x1383A3: monkey_run (main.c:277)
==7270== by 0x1383A3: main (main.c:408)
==7270==
==7270==
==7270== 6 errors in context 2 of 2:
==7270== Conditional jump or move depends on uninitialised value(s)
==7270== at 0x276C0A: idna__is_valid (idna.c:440)
==7270== by 0x276C0A: idna_encode (idna.c:640)
==7270== by 0x27C655: nsurl__create_from_section (parse.c:923)
==7270== by 0x27D852: nsurl_join (parse.c:1449)
==7270== by 0x1D1C72: node_is_visited (select.c:1634)
==7270== by 0x2B4555: css_select_style (in /home/vince/dev-netsurf/workspace/netsurf/nsmonkey)
==7270== by 0x1D2A64: nscss_get_style (select.c:266)
==7270== by 0x1D745B: box_get_style (box_construct.c:1376)
==7270== by 0x1D745B: box_construct_element (box_construct.c:763)
==7270== by 0x1D745B: convert_xml_to_box (box_construct.c:383)
==7270== by 0x26A214: monkey_schedule_run (schedule.c:165)
==7270== by 0x1383A3: monkey_run (main.c:277)
==7270== by 0x1383A3: main (main.c:408)
==7270== Uninitialised value was created by a heap allocation
==7270== at 0x483577F: malloc (vg_replace_malloc.c:299)
==7270== by 0x276BBC: idna__utf8_to_ucs4 (idna.c:245)
==7270== by 0x276BBC: idna_encode (idna.c:634)
==7270== by 0x27C655: nsurl__create_from_section (parse.c:923)
==7270== by 0x27D852: nsurl_join (parse.c:1449)
==7270== by 0x1D1C72: node_is_visited (select.c:1634)
==7270== by 0x2B4555: css_select_style (in /home/vince/dev-netsurf/workspace/netsurf/nsmonkey)
==7270== by 0x1D2A64: nscss_get_style (select.c:266)
==7270== by 0x1D745B: box_get_style (box_construct.c:1376)
==7270== by 0x1D745B: box_construct_element (box_construct.c:763)
==7270== by 0x1D745B: convert_xml_to_box (box_construct.c:383)
==7270== by 0x26A214: monkey_schedule_run (schedule.c:165)
==7270== by 0x1383A3: monkey_run (main.c:277)
==7270== by 0x1383A3: main (main.c:408)
==7270==
--7270--
--7270-- used_suppression: 8 dl-hack4-64bit-addr-1 /usr/lib/x86_64-linux-gnu/valgrind/default.supp:1277
==7270==
==7270== ERROR SUMMARY: 8 errors from 2 contexts (suppressed: 8 from 4)
TagsNo tags attached.
Fixed in CI build #4678
Reported in CI build #
URL of problem pagehttps://ria.ru/
Attached Files

-Relationships
+Relationships

-Notes
Vincent Sanders

~0001966

Vincent Sanders (administrator)

this was caused by idna__is_valid() causing out of bounds memory access when the host label it was checking was less than four characters long

https://ria.ru/ was causing nsurl_join() between
http://%D1%80%D0%BE%D1%81%D1%81%D0%B8%D1%8F%D1%81%D0%B5%D0%B3%D0%BE%D0%B4%D0%BD%D1%8F.%D1%80%D1%84/online/
and
россиясегодня.рф

the two character unicode domain was less than four characters and the check in idna__is_valid() for -- was overrunning the source buffer
Vincent Sanders

~0001998

Vincent Sanders (administrator)

we believe this issue has been resolved in NetSurf 3.9
+Notes

-Issue History
Date Modified Username Field Change
2019-06-12 18:10 Vincent Sanders New Issue
2019-06-13 10:26 Vincent Sanders Status new => confirmed
2019-06-13 17:22 Vincent Sanders Status confirmed => resolved
2019-06-13 17:22 Vincent Sanders Resolution open => fixed
2019-06-13 17:22 Vincent Sanders Fixed in Version => 3.9
2019-06-13 17:22 Vincent Sanders Fixed in CI build # => 4678
2019-06-13 17:22 Vincent Sanders URL of problem page => https://ria.ru/
2019-06-13 17:22 Vincent Sanders Note Added: 0001966
2019-07-19 09:26 Vincent Sanders Status resolved => closed
2019-07-19 09:26 Vincent Sanders Note Added: 0001998
+Issue History