After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 608743 - Crash in g_hostname_to_ascii visiting certain website in epiphany
Crash in g_hostname_to_ascii visiting certain website in epiphany
Status: RESOLVED FIXED
Product: glib
Classification: Platform
Component: general
2.23.x
Other Linux
: Normal normal
: ---
Assigned To: gtkdev
gtkdev
: 609938 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2010-02-01 22:30 UTC by Peter Clifton
Modified: 2010-02-14 20:58 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Peter Clifton 2010-02-01 22:30:49 UTC 
Epiphany crashes visiting the following website:

Visiting the following page crashes epiphany

http://www.trusteer.com/list-context/publications/address-bar-spoofing-attacks-against-microsoft-internet-explorer-6

In the backtrace, note that the www.foo�bar.com has a non-printable or broken UTF-8 character. (I'm not quite sure which).

Here is a better backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x019e4801 in IA__g_hostname_to_ascii (hostname=0x85ba9e8 "www.foo�bar.com")
    at /build/buildd/glib2.0-2.23.2/glib/ghostutils.c:402
402	/build/buildd/glib2.0-2.23.2/glib/ghostutils.c: No such file or directory.
 in /build/buildd/glib2.0-2.23.2/glib/ghostutils.c
(gdb) bt

+ Trace 220370

  • #0 IA__g_hostname_to_ascii
    at /build/buildd/glib2.0-2.23.2/glib/ghostutils.c line 402
  • #1 IA__g_resolver_lookup_by_name_async
    at /build/buildd/glib2.0-2.23.2/gio/gresolver.c line 323
  • #2 soup_address_resolve_async
    from /usr/lib/libsoup-2.4.so.1
  • #3 soup_session_prepare_for_uri
    from /usr/lib/libsoup-2.4.so.1
  • #4 WebCore::prefetchDNS
    at ../WebCore/platform/network/soup/DNSSoup.cpp line 40
  • #5 WebCore::HTMLAnchorElement::parseMappedAttribute
    at ../WebCore/html/HTMLAnchorElement.cpp line 282
  • #6 WebCore::StyledElement::attributeChanged
    at ../WebCore/dom/StyledElement.cpp line 190
  • #7 WebCore::Element::setAttributeMap
    at ../WebCore/dom/Element.cpp line 668
  • #8 WebCore::HTMLParser::parseToken
    at ../WebCore/html/HTMLParser.cpp line 280
  • #9 WebCore::HTMLTokenizer::processToken
    at ../WebCore/html/HTMLTokenizer.cpp line 1939
  • #10 WebCore::HTMLTokenizer::parseTag
    at ../WebCore/html/HTMLTokenizer.cpp line 1511
  • #11 WebCore::HTMLTokenizer::write
    at ../WebCore/html/HTMLTokenizer.cpp line 1762
  • #12 WebCore::HTMLTokenizer::executeExternalScriptsIfReady
    at ../WebCore/html/HTMLTokenizer.cpp line 2093
  • #13 WebCore::CachedScript::checkNotify
    at ../WebCore/loader/CachedScript.cpp line 105
  • #14 WebCore::Loader::Host::didFinishLoading
    at ../WebCore/loader/loader.cpp line 391
  • #15 WebCore::SubresourceLoader::didFinishLoading
    at ../WebCore/loader/SubresourceLoader.cpp line 184
  • #16 WebCore::ResourceLoader::didFinishLoading
    at ../WebCore/loader/ResourceLoader.cpp line 403
  • #17 finishedCallback
    at ../WebCore/platform/network/soup/ResourceHandleSoup.cpp line 332
  • #18 ??
    from /usr/lib/libsoup-2.4.so.1
  • #19 IA__g_cclosure_marshal_VOID__VOID
    at /build/buildd/glib2.0-2.23.2/gobject/gmarshal.c line 77
  • #20 IA__g_closure_invoke
    at /build/buildd/glib2.0-2.23.2/gobject/gclosure.c line 767
  • #21 signal_emit_unlocked_R 






Comment 1


Peter Clifton





          2010-02-01 22:31:37 UTC
        



(gdb) print (char[])hostname[0]
$9 = "w"
(gdb) print (char[])hostname[1]
$10 = "w"
(gdb) print (char[])hostname[2]
$11 = "w"
(gdb) print (char[])hostname[3]
$12 = "."
(gdb) print (char[])hostname[4]
$13 = "f"
(gdb) print (char[])hostname[5]
$14 = "o"
(gdb) print (char[])hostname[6]
$15 = "o"
(gdb) print (char[])hostname[7]
$16 = <incomplete sequence \357>
(gdb) print (char[])hostname[8]
$17 = "\277"
(gdb) print (char[])hostname[9]
$18 = "\275"
(gdb) print (char[])hostname[10]
$19 = "b"
(gdb) print (char[])hostname[11]
$20 = "a"
(gdb) print (char[])hostname[12]
$21 = "r"






Comment 2


Dan Winship





          2010-02-01 23:12:56 UTC
        



fixed in git






Comment 3


Peter Clifton





          2010-02-02 01:21:33 UTC
        



Thanks!






Comment 4


Dan Winship





          2010-02-14 20:58:16 UTC
        



*** Bug 609938 has been marked as a duplicate of this bug. ***