Bug 785042 – Invalid read in soup_uri_new when URI ends in /..

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 785042 - Invalid read in soup_uri_new when URI ends in /..


Summary:	Invalid read in soup_uri_new when URI ends in /..


Status:	RESOLVED FIXED

Product:	libsoup
Classification:	Core
Component:	Misc
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	libsoup-maint@gnome.bugs
QA Contact:	libsoup-maint@gnome.bugs

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2017-07-17 22:13 UTC by Dave Michmerhuizen
Modified:	2017-08-07 14:00 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Dave Michmerhuizen 2017-07-17 22:13:23 UTC

Specifically, if a URI is simplifed within soup such that the path is /.., soup appears to walk backwards beyond the start of a buffer.  We can see this happen under valgrind by trying to normalize http://www.google.com/..    

7 ==11802== Invalid read of size 1
  8 ==11802==    at 0x300A282C2B: soup_uri_new_with_base (in /usr/lib64/libsoup-2.4.so.1.8.0)
  9 ==11802==    by 0x300A2829EA: soup_uri_new_with_base (in /usr/lib64/libsoup-2.4.so.1.8.0)
 10 ==11802==    by 0x300A283331: soup_uri_new (in /usr/lib64/libsoup-2.4.so.1.8.0)

Comment 1 Dan Winship 2017-08-07 14:00:59 UTC

fixed in git. Thanks for the bug report.