[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] wget 1.19.4 - possible double free in url.c
From: |
Volkmar Klatt |
Subject: |
[Bug-wget] wget 1.19.4 - possible double free in url.c |
Date: |
Thu, 1 Mar 2018 14:01:33 +0000 |
Dear wget maintainer,
1) in wget 1.19.4 (and probably earlier)
please check carefully
static char * convert_fname (char *fname)
in
src/url.c
I run a OpenBSD machine, x86, ABI=32
and I guess there's a double free when using iconv,
see patch attached.
With this change, all my non-skipped tests pass,
whereas with original url.c most tests fail with core dump:
wget(24305) in free(): error: bogus pointer (double free?)
0xffffffff
-->
#0 0x1c187cb1 in kill () at <stdin>:2
#1 0x1c1b5ab6 in raise (s=6) at
/usr/src/lib/libc/gen/raise.c:39
#2 0x1c1b5a00 in abort () at
/usr/src/lib/libc/stdlib/abort.c:53
#3 0x1c1967f7 in wrterror (msg=0x3c119b56 "bogus pointer
(double free?)", p=0xffffffff)
at /usr/src/lib/libc/stdlib/malloc.c:281
#4 0x1c197d09 in free (ptr=0xffffffff) at
/usr/src/lib/libc/stdlib/malloc.c:1282
#5 0x1c06d54d in libiconv_close ()
#6 0x1c032334 in url_file_name ()
#7 0x1c01facf in http_loop ()
#8 0x1c02dd7e in retrieve_url ()
#9 0x1c027068 in main ()
2) The documentation might mention that
strict firewall settings may also hinder the tests,
e.g. when traffic from/to 127.0.0.1 is blocked.
Solution: Isolate the machine (no net)
and temporalily disable the firewall, then 'make test'
Thanks,
Volkmar Klatt
patch_src_url_c.txt
Description: Text document
- [Bug-wget] wget 1.19.4 - possible double free in url.c,
Volkmar Klatt <=