Mailinglist Archive: opensuse-bugs (4046 mails)

< Previous Next >
[Bug 712189] New: another libproxy segmentation fault?
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Sun, 14 Aug 2011 16:11:03 +0000
  • Message-id: <bug-712189-21960@http.bugzilla.novell.com/>

https://bugzilla.novell.com/show_bug.cgi?id=712189

https://bugzilla.novell.com/show_bug.cgi?id=712189#c0


Summary: another libproxy segmentation fault?
Classification: openSUSE
Product: openSUSE 11.4
Version: Factory
Platform: x86-64
OS/Version: openSUSE 11.4
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Other
AssignedTo: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: jnelson-suse@xxxxxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
Blocker: ---


User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101
Firefox/5.0

Core was generated by `wget --mirror --no-parent
http://192.168.1.2/~jnelson/kernels/linux-2.6'.
Program terminated with signal 11, Segmentation fault.
#0 getproxy (u=0xbb77d20) at retr.c:1154
1154 retr.c: No such file or directory.
in retr.c
(gdb) bt
#0 getproxy (u=0xbb77d20) at retr.c:1154
#1 0x0000000000423f5d in retrieve_url (orig_parsed=0xbb77d20, origurl=0xb9bdf0
"http://192.168.1.2/~jnelson/kernels/linux-2.6/Documentation/pi-futex.txt";,
file=0x7fff807805b8, newloc=
0x7fff807805b0, refurl=0xb9bda0
"http://192.168.1.2/~jnelson/kernels/linux-2.6/Documentation/";,
dt=0x7fff807805c8, recursive=false, iri=0x661980, register_status=true) at
retr.c:659
#2 0x0000000000421c49 in retrieve_tree (start_url_parsed=0x666fa0, pi=<value
optimized out>) at recur.c:285
#3 0x000000000041eb22 in main (argc=0, argv=<value optimized out>) at
main.c:1288
(gdb) print u
$1 = (struct url *) 0xbb77d20
(gdb) print *u
$2 = {url = 0xb9b7a0
"http://192.168.1.2/~jnelson/kernels/linux-2.6/Documentation/pi-futex.txt";,
scheme = SCHEME_HTTP, host = 0x8ad6310 "192.168.1.2", port = 80, path =
0xb9be50 "~jnelson/kernels/linux-2.6/Documentation/pi-futex.txt", params =
0x0, query = 0x0, fragment = 0x0, dir = 0xb9bbd0
"~jnelson/kernels/linux-2.6/Documentation", file =
0xcb0cb70 "pi-futex.txt", user = 0x0, passwd = 0x0}
(gdb)



100% reproduceable.
It always fails on the same file.
If I request the file directly, it doesn't fail.


NOTE: this is with libproxy 0.4.7 (installed due to a previous bug with 0.4.6)

Not sure if crash is in libproxy or wget or what.
The pacrunner is mozjs.


When I use the webkit pacrunner, it fails, but at a different place:

(gdb) bt
#0 0x00007f6adf4a1145 in WTF::OSAllocator::reserveAndCommit (bytes=<value
optimized out>, usage=<value optimized out>, writable=<value optimized out>,
executable=<value optimized out>)
at Source/JavaScriptCore/wtf/OSAllocatorPosix.cpp:85
#1 0x00007f6adf351e1c in reserve (this=<value optimized out>) at
Source/JavaScriptCore/wtf/PageReservation.h:101
#2 RegisterFile (this=<value optimized out>) at
Source/JavaScriptCore/interpreter/RegisterFile.h:166
#3 JSC::Interpreter::Interpreter (this=<value optimized out>) at
Source/JavaScriptCore/interpreter/Interpreter.cpp:424
#4 0x00007f6adf40f174 in JSC::JSGlobalData::JSGlobalData (this=0x7f6a11aa6400,
globalDataType=JSC::JSGlobalData::APIContextGroup,
threadStackType=JSC::ThreadStackTypeSmall)
at Source/JavaScriptCore/runtime/JSGlobalData.cpp:141
#5 0x00007f6adf40f856 in JSC::JSGlobalData::createContextGroup
(type=JSC::ThreadStackTypeSmall) at
Source/JavaScriptCore/runtime/JSGlobalData.cpp:236
#6 0x00007f6adf315f9f in JSGlobalContextCreateInGroup (group=0x0,
globalObjectClass=0x0) at Source/JavaScriptCore/API/JSContextRef.cpp:87
#7 0x00007f6adfb7c25b in ?? ()
#8 0x0000000002202118 in ?? ()
#9 0x00007f6ae29c019d in operator new (sz=140735565361888) at
./../../../libstdc++-v3/libsupc++/new_op.cc:52
#10 0x00007fff8d6172e0 in ?? ()
#11 0x00007fff8d616f00 in ?? ()
#12 0x00007fff8d616fe0 in ?? ()
#13 0x00007f6adfb7c1f0 in ?? ()
#14 0x00007f6ae39e3edd in libproxy::pacrunner_extension::get (this=0x1b6,
pac=..., pacurl=...) at
/usr/src/debug/libproxy-0.4.7/libproxy/extension_pacrunner.cpp:40
#15 0x00007f6ae39e7824 in libproxy::proxy_factory::_get_proxies
(this=0x21e4af0, realurl=0x21e4ef0, response=...) at
/usr/src/debug/libproxy-0.4.7/libproxy/proxy.cpp:374
#16 0x00007f6ae39e8eae in libproxy::proxy_factory::get_proxies (this=0x21e4af0,
url_=...) at /usr/src/debug/libproxy-0.4.7/libproxy/proxy.cpp:195
#17 0x00007f6ae39e904c in px_proxy_factory_get_proxies (self=0x21e4af0,
url=<value optimized out>) at
/usr/src/debug/libproxy-0.4.7/libproxy/proxy.cpp:422
#18 0x000000000042330e in getproxy (u=0x1e73570) at retr.c:1153
#19 0x0000000000423f5d in retrieve_url (orig_parsed=0x1e73570, origurl=0x765060
"http://192.168.1.2/~jnelson/kernels/linux-2.6/Documentation/padata.txt";,
file=0x7fff8d6176f8, newloc=0x7fff8d6176f0,
refurl=0x765010
"http://192.168.1.2/~jnelson/kernels/linux-2.6/Documentation/";,
dt=0x7fff8d617708, recursive=false, iri=0x661980, register_status=true) at
retr.c:659
#20 0x0000000000421c49 in retrieve_tree (start_url_parsed=0x666fa0, pi=<value
optimized out>) at recur.c:285
#21 0x000000000041eb22 in main (argc=0, argv=<value optimized out>) at
main.c:1288




valgrind has some useful info:


==7667== Memcheck, a memory error detector
==7667== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==7667== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==7667== Command: wget --mirror --no-parent
http://192.168.1.2/~jnelson/kernels/linux-2.6
==7667==
asking libproxy about url 'http://192.168.1.2/~jnelson/kernels/linux-2.6'
==7667== Warning: set address range perms: large range [0x39427000, 0xb9427000)
(defined)
libproxy suggest to use 'direct://'
==7667== Mismatched free() / delete / delete []
==7667== at 0x4C2599C: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7667== by 0x4233A4: getproxy (retr.c:1167)
==7667== by 0x423F5C: retrieve_url (retr.c:659)
==7667== by 0x421C48: retrieve_tree (recur.c:285)
==7667== by 0x41EB21: main (main.c:1288)
==7667== Address 0x6bb7840 is 0 bytes inside a block of size 208 alloc'd
==7667== at 0x4C26337: operator new(unsigned long) (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7667== by 0x544D7AE: px_proxy_factory_new (proxy.cpp:413)
==7667== by 0x4232BD: getproxy (retr.c:1143)
==7667== by 0x423F5C: retrieve_url (retr.c:659)
==7667== by 0x421C48: retrieve_tree (recur.c:285)
==7667== by 0x41EB21: main (main.c:1288)
==7667==
--2011-08-14 11:08:54-- http://192.168.1.2/~jnelson/kernels/linux-2.6
Connecting to 192.168.1.2:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://192.168.1.2/~jnelson/kernels/linux-2.6/ [following]
asking libproxy about url 'http://192.168.1.2/~jnelson/kernels/linux-2.6/'
libproxy suggest to use 'direct://'
--2011-08-14 11:08:54-- http://192.168.1.2/~jnelson/kernels/linux-2.6/
Connecting to 192.168.1.2:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
==7667== Conditional jump or move depends on uninitialised value(s)
==7667== at 0x4C28EE9: strchrnul (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7667== by 0x58932CD: _nl_load_locale_from_archive (loadarchive.c:173)
==7667== by 0x58923DE: _nl_find_locale (findlocale.c:107)
==7667== by 0x5891CCC: setlocale (setlocale.c:409)
==7667== by 0x419AC0: http_atotm (http.c:3058)
==7667== by 0x41A37D: http_loop (http.c:2696)
==7667== by 0x423FDF: retrieve_url (retr.c:696)
==7667== by 0x421C48: retrieve_tree (recur.c:285)
==7667== by 0x41EB21: main (main.c:1288)
==7667==







Reproducible: Always

Steps to Reproduce:
1.
2.
3.

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >