[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] [bug #46620] NULL Point Dereference casing SegFault in hsts_h

From: Claudio Guarnieri
Subject: [Bug-wget] [bug #46620] NULL Point Dereference casing SegFault in hsts_hash_func in 1.17
Date: Sun, 06 Dec 2015 22:54:21 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36


                 Summary: NULL Point Dereference casing SegFault in
hsts_hash_func in 1.17
                 Project: GNU Wget
            Submitted by: nex
            Submitted on: Sun 06 Dec 2015 10:54:20 PM GMT
                Category: Crash/Freeze/Infloop
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 1.17
        Operating System: GNU/Linux
         Reproducibility: Every Time
           Fixed Release: None
         Planned Release: None
              Regression: None
           Work Required: None
          Patch Included: No



While making some requests to a site with SSL/TLS transport enabled, I'm
experiencing repeated segmentation faults with version 1.17, both compiled
manually as well as packaged in Debian testing.

I am able to reproduce it at every execution, and others experienced the same
issue with compiled 1.17 on Ubuntu.

[code]#0  0x0000000000418541 in hsts_hash_func (key=0xb989b0) at hsts.c:95
#1  0x000000000041695c in find_cell (ht=0x69f470, key=0xb989b0) at hash.c:321
#2  0x0000000000416d4e in hash_table_remove (ht=0x69f470, key=0xb989b0) at
#3  0x00000000004189dc in hsts_remove_entry (store=0x682970, kh=0xb989b0) at
#4  0x0000000000418f6a in hsts_store_entry (store=0x682970,
    host=0x682e50 "[REDACTED]", port=0, max_age=0, include_subdomains=true) at
#5  0x00000000004223aa in gethttp (u=0x69f370, hs=0x7fffffffde50,
dt=0x7fffffffe1a4, proxy=0x0,
    iri=0x680a40 <dummy_iri>, count=1) at http.c:3405
#6  0x0000000000423a59 in http_loop (u=0x69f370, original_url=0x69f370,
    local_file=0x7fffffffdfd8, referer=0x0, dt=0x7fffffffe1a4, proxy=0x0,
iri=0x680a40 <dummy_iri>) at http.c:3979
#7  0x0000000000432b7d in retrieve_url (orig_parsed=0x69f370,
    origurl=0x69f3e0 "https://[REDACTED]";, file=0x7fffffffe1b0,
newloc=0x7fffffffe1a8, refurl=0x0, dt=0x7fffffffe1a4,
    recursive=false, iri=0x680a40 <dummy_iri>, register_status=true) at
#8  0x000000000042bc5b in main (argc=2, argv=0x7fffffffe388) at


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]