[Bug-wget] [bug #46620] NULL Point Dereference casing SegFault in hsts_hash_func in 1.17

Sun, 06 Dec 2015 14:54:40 -0800 

URL:
  <http://savannah.gnu.org/bugs/?46620>

                 Summary: NULL Point Dereference casing SegFault in
hsts_hash_func in 1.17
                 Project: GNU Wget
            Submitted by: nex
            Submitted on: Sun 06 Dec 2015 10:54:20 PM GMT
                Category: Crash/Freeze/Infloop
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 1.17
        Operating System: GNU/Linux
         Reproducibility: Every Time
           Fixed Release: None
         Planned Release: None
              Regression: None
           Work Required: None
          Patch Included: No

    _______________________________________________________

Details:

While making some requests to a site with SSL/TLS transport enabled, I'm
experiencing repeated segmentation faults with version 1.17, both compiled
manually as well as packaged in Debian testing.

I am able to reproduce it at every execution, and others experienced the same
issue with compiled 1.17 on Ubuntu.

[code]#0  0x0000000000418541 in hsts_hash_func (key=0xb989b0) at hsts.c:95
#1  0x000000000041695c in find_cell (ht=0x69f470, key=0xb989b0) at hash.c:321
#2  0x0000000000416d4e in hash_table_remove (ht=0x69f470, key=0xb989b0) at
hash.c:454
#3  0x00000000004189dc in hsts_remove_entry (store=0x682970, kh=0xb989b0) at
hsts.c:239
#4  0x0000000000418f6a in hsts_store_entry (store=0x682970,
scheme=SCHEME_HTTPS,
    host=0x682e50 "[REDACTED]", port=0, max_age=0, include_subdomains=true) at
hsts.c:425
#5  0x00000000004223aa in gethttp (u=0x69f370, hs=0x7fffffffde50,
dt=0x7fffffffe1a4, proxy=0x0,
    iri=0x680a40 <dummy_iri>, count=1) at http.c:3405
#6  0x0000000000423a59 in http_loop (u=0x69f370, original_url=0x69f370,
newloc=0x7fffffffdfe8,
    local_file=0x7fffffffdfd8, referer=0x0, dt=0x7fffffffe1a4, proxy=0x0,
iri=0x680a40 <dummy_iri>) at http.c:3979
#7  0x0000000000432b7d in retrieve_url (orig_parsed=0x69f370,
    origurl=0x69f3e0 "https://[REDACTED]";, file=0x7fffffffe1b0,
newloc=0x7fffffffe1a8, refurl=0x0, dt=0x7fffffffe1a4,
    recursive=false, iri=0x680a40 <dummy_iri>, register_status=true) at
retr.c:817
#8  0x000000000042bc5b in main (argc=2, argv=0x7fffffffe388) at
main.c:1860[/code]




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?46620>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

Reply via email to