https://bugzilla.novell.com/show_bug.cgi?id=712189 https://bugzilla.novell.com/show_bug.cgi?id=712189#c0 Summary: another libproxy segmentation fault? Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: x86-64 OS/Version: openSUSE 11.4 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: jnelson-suse@jamponi.net QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0 Core was generated by `wget --mirror --no-parent http://192.168.1.2/~jnelson/kernels/linux-2.6'. Program terminated with signal 11, Segmentation fault. #0 getproxy (u=0xbb77d20) at retr.c:1154 1154 retr.c: No such file or directory. in retr.c (gdb) bt #0 getproxy (u=0xbb77d20) at retr.c:1154 #1 0x0000000000423f5d in retrieve_url (orig_parsed=0xbb77d20, origurl=0xb9bdf0 "http://192.168.1.2/~jnelson/kernels/linux-2.6/Documentation/pi-futex.txt", file=0x7fff807805b8, newloc= 0x7fff807805b0, refurl=0xb9bda0 "http://192.168.1.2/~jnelson/kernels/linux-2.6/Documentation/", dt=0x7fff807805c8, recursive=false, iri=0x661980, register_status=true) at retr.c:659 #2 0x0000000000421c49 in retrieve_tree (start_url_parsed=0x666fa0, pi=<value optimized out>) at recur.c:285 #3 0x000000000041eb22 in main (argc=0, argv=<value optimized out>) at main.c:1288 (gdb) print u $1 = (struct url *) 0xbb77d20 (gdb) print *u $2 = {url = 0xb9b7a0 "http://192.168.1.2/~jnelson/kernels/linux-2.6/Documentation/pi-futex.txt", scheme = SCHEME_HTTP, host = 0x8ad6310 "192.168.1.2", port = 80, path = 0xb9be50 "~jnelson/kernels/linux-2.6/Documentation/pi-futex.txt", params = 0x0, query = 0x0, fragment = 0x0, dir = 0xb9bbd0 "~jnelson/kernels/linux-2.6/Documentation", file = 0xcb0cb70 "pi-futex.txt", user = 0x0, passwd = 0x0} (gdb) 100% reproduceable. It always fails on the same file. If I request the file directly, it doesn't fail. NOTE: this is with libproxy 0.4.7 (installed due to a previous bug with 0.4.6) Not sure if crash is in libproxy or wget or what. The pacrunner is mozjs. When I use the webkit pacrunner, it fails, but at a different place: (gdb) bt #0 0x00007f6adf4a1145 in WTF::OSAllocator::reserveAndCommit (bytes=<value optimized out>, usage=<value optimized out>, writable=<value optimized out>, executable=<value optimized out>) at Source/JavaScriptCore/wtf/OSAllocatorPosix.cpp:85 #1 0x00007f6adf351e1c in reserve (this=<value optimized out>) at Source/JavaScriptCore/wtf/PageReservation.h:101 #2 RegisterFile (this=<value optimized out>) at Source/JavaScriptCore/interpreter/RegisterFile.h:166 #3 JSC::Interpreter::Interpreter (this=<value optimized out>) at Source/JavaScriptCore/interpreter/Interpreter.cpp:424 #4 0x00007f6adf40f174 in JSC::JSGlobalData::JSGlobalData (this=0x7f6a11aa6400, globalDataType=JSC::JSGlobalData::APIContextGroup, threadStackType=JSC::ThreadStackTypeSmall) at Source/JavaScriptCore/runtime/JSGlobalData.cpp:141 #5 0x00007f6adf40f856 in JSC::JSGlobalData::createContextGroup (type=JSC::ThreadStackTypeSmall) at Source/JavaScriptCore/runtime/JSGlobalData.cpp:236 #6 0x00007f6adf315f9f in JSGlobalContextCreateInGroup (group=0x0, globalObjectClass=0x0) at Source/JavaScriptCore/API/JSContextRef.cpp:87 #7 0x00007f6adfb7c25b in ?? () #8 0x0000000002202118 in ?? () #9 0x00007f6ae29c019d in operator new (sz=140735565361888) at ./../../../libstdc++-v3/libsupc++/new_op.cc:52 #10 0x00007fff8d6172e0 in ?? () #11 0x00007fff8d616f00 in ?? () #12 0x00007fff8d616fe0 in ?? () #13 0x00007f6adfb7c1f0 in ?? () #14 0x00007f6ae39e3edd in libproxy::pacrunner_extension::get (this=0x1b6, pac=..., pacurl=...) at /usr/src/debug/libproxy-0.4.7/libproxy/extension_pacrunner.cpp:40 #15 0x00007f6ae39e7824 in libproxy::proxy_factory::_get_proxies (this=0x21e4af0, realurl=0x21e4ef0, response=...) at /usr/src/debug/libproxy-0.4.7/libproxy/proxy.cpp:374 #16 0x00007f6ae39e8eae in libproxy::proxy_factory::get_proxies (this=0x21e4af0, url_=...) at /usr/src/debug/libproxy-0.4.7/libproxy/proxy.cpp:195 #17 0x00007f6ae39e904c in px_proxy_factory_get_proxies (self=0x21e4af0, url=<value optimized out>) at /usr/src/debug/libproxy-0.4.7/libproxy/proxy.cpp:422 #18 0x000000000042330e in getproxy (u=0x1e73570) at retr.c:1153 #19 0x0000000000423f5d in retrieve_url (orig_parsed=0x1e73570, origurl=0x765060 "http://192.168.1.2/~jnelson/kernels/linux-2.6/Documentation/padata.txt", file=0x7fff8d6176f8, newloc=0x7fff8d6176f0, refurl=0x765010 "http://192.168.1.2/~jnelson/kernels/linux-2.6/Documentation/", dt=0x7fff8d617708, recursive=false, iri=0x661980, register_status=true) at retr.c:659 #20 0x0000000000421c49 in retrieve_tree (start_url_parsed=0x666fa0, pi=<value optimized out>) at recur.c:285 #21 0x000000000041eb22 in main (argc=0, argv=<value optimized out>) at main.c:1288 valgrind has some useful info: ==7667== Memcheck, a memory error detector ==7667== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==7667== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info ==7667== Command: wget --mirror --no-parent http://192.168.1.2/~jnelson/kernels/linux-2.6 ==7667== asking libproxy about url 'http://192.168.1.2/~jnelson/kernels/linux-2.6' ==7667== Warning: set address range perms: large range [0x39427000, 0xb9427000) (defined) libproxy suggest to use 'direct://' ==7667== Mismatched free() / delete / delete [] ==7667== at 0x4C2599C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==7667== by 0x4233A4: getproxy (retr.c:1167) ==7667== by 0x423F5C: retrieve_url (retr.c:659) ==7667== by 0x421C48: retrieve_tree (recur.c:285) ==7667== by 0x41EB21: main (main.c:1288) ==7667== Address 0x6bb7840 is 0 bytes inside a block of size 208 alloc'd ==7667== at 0x4C26337: operator new(unsigned long) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==7667== by 0x544D7AE: px_proxy_factory_new (proxy.cpp:413) ==7667== by 0x4232BD: getproxy (retr.c:1143) ==7667== by 0x423F5C: retrieve_url (retr.c:659) ==7667== by 0x421C48: retrieve_tree (recur.c:285) ==7667== by 0x41EB21: main (main.c:1288) ==7667== --2011-08-14 11:08:54-- http://192.168.1.2/~jnelson/kernels/linux-2.6 Connecting to 192.168.1.2:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: http://192.168.1.2/~jnelson/kernels/linux-2.6/ [following] asking libproxy about url 'http://192.168.1.2/~jnelson/kernels/linux-2.6/' libproxy suggest to use 'direct://' --2011-08-14 11:08:54-- http://192.168.1.2/~jnelson/kernels/linux-2.6/ Connecting to 192.168.1.2:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] ==7667== Conditional jump or move depends on uninitialised value(s) ==7667== at 0x4C28EE9: strchrnul (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==7667== by 0x58932CD: _nl_load_locale_from_archive (loadarchive.c:173) ==7667== by 0x58923DE: _nl_find_locale (findlocale.c:107) ==7667== by 0x5891CCC: setlocale (setlocale.c:409) ==7667== by 0x419AC0: http_atotm (http.c:3058) ==7667== by 0x41A37D: http_loop (http.c:2696) ==7667== by 0x423FDF: retrieve_url (retr.c:696) ==7667== by 0x421C48: retrieve_tree (recur.c:285) ==7667== by 0x41EB21: main (main.c:1288) ==7667== Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.