GNOME Bugzilla – Bug 629449
soup_message_new segfault
Last modified: 2010-12-20 14:03:33 UTC
A segfault a user reported in Liferea boils down to a segfault of the following libsoup call (tested with 2.31.6): soup_message_new (SOUP_METHOD_GET, "\366i http://"); Backtrace: Program received signal SIGSEGV, Segmentation fault. __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:131 131 ../sysdeps/x86_64/multiarch/strchr.S: No such file or directory. in ../sysdeps/x86_64/multiarch/strchr.S (gdb) bt
+ Trace 223671
worksforme. (Well, I get "Could not parse '�i http://' as a URL", but it doesn't crash. Or even make valgrind complain.) What distro are you on, what gcc version and compiler flags were used to build libsoup, and what glibc version do you have?
Debian unstable, I also have the same issue with the 2.30.2-1 package gcc 4.4 eglibc 2.11.2 Valgrind says (with 2.30.2): ==24776== Invalid read of size 1 ==24776== at 0x4C25361: __GI_strchr (mc_replace_strmem.c:144) ==24776== by 0x71A56AB: uri_normalized_copy (soup-uri.c:690) ==24776== by 0x71A66B9: soup_uri_new_with_base (soup-uri.c:269) ==24776== by 0x71A6F31: soup_uri_new (soup-uri.c:401) ==24776== by 0x7193F7A: soup_message_new (soup-message.c:700) ... ==24776== Address 0x0 is not stack'd, malloc'd or (recently) free'd
Dan, are you using a non-UTF-8 locale? Then http://library.gnome.org/devel/glib/unstable/glib-String-Utility-Functions.html#string-precision might explain it. while ((sp = strchr (normalized, ' '))) { tmp = g_strdup_printf ("%.*s%%20%s", (int)(sp - normalized), normalized, sp + 1); g_free (normalized); normalized = tmp; }; I checked what exactly happenens here, and tmp is NULL after the first call to g_strdup_printf(), and the next strchr() call is the failing one.
no, i'm using en_US.UTF-8... but... wow. That "feature" of glibc is pretty moronic.
Created attachment 170158 [details] [review] Fix a crash when resolving URIs with both spaces and non-UTF8 chars I still can't reproduce it. Does this fix it for you? The glibc maintainers say C99 requires this behavior (http://sources.redhat.com/bugzilla/show_bug.cgi?id=649#c1) but I don't see how. The description of "%s" does mix "byte" and "character" confusingly, but it also says in a footnote that "no special provisions are made for multibyte characters".
(In reply to comment #5) > Created an attachment (id=170158) [details] [review] > Fix a crash when resolving URIs with both spaces and non-UTF8 chars > > I still can't reproduce it. Does this fix it for you? Thanks, that fixes it for me.
Attachment 170158 [details] pushed as 318dae5 - Fix a crash when resolving URIs with both spaces and non-UTF8 chars
*** Bug 629286 has been marked as a duplicate of this bug. ***
*** Bug 600238 has been marked as a duplicate of this bug. ***