Bug 658771 – SIGSEGV in gtlsconnection-gnutls

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 658771 - SIGSEGV in gtlsconnection-gnutls


Summary:	SIGSEGV in gtlsconnection-gnutls


Status:	RESOLVED FIXED

Product:	glib
Classification:	Platform
Component:	network
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtkdev
QA Contact:	gtkdev

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2011-09-11 23:42 UTC by Xan Lopez
Modified:	2012-01-26 14:39 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
gnutls: fix an async handshake crash (1.33 KB, patch) 2012-01-26 13:04 UTC, Dan Winship	committed	Details \| Review

Description Xan Lopez 2011-09-11 23:42:03 UTC

Program received signal SIGSEGV, Segmentation fault.
0x00007fffec47c709 in handshake_internal (gnutls=0x0, blocking=0, cancellable=0x0, error=0x7fffffffd610) at gtlsconnection-gnutls.c:857
857	  if (!gnutls->priv->handshaking)
(gdb) bt

+ Trace 228416

#0 handshake_internal
at gtlsconnection-gnutls.c line 857
#1 g_tls_connection_gnutls_handshake_ready
at gtlsconnection-gnutls.c line 971
#2 gnutls_source_dispatch
at gtlsconnection-gnutls.c line 670
#3 g_main_dispatch
at gmain.c line 2372
#4 g_main_context_dispatch
at gmain.c line 2910
#5 g_main_context_iterate
at gmain.c line 2984
#6 g_main_loop_run
at gmain.c line 3181
#7 gtk_main
at gtkmain.c line 1362
#8 gtk_application_run_mainloop
at gtkapplication.c line 112
#9 g_application_run
at gapplication.c line 1323
#10 main
at ../../src/ephy-main.c line 475

Comment 1 Xan Lopez 2011-09-11 23:42:53 UTC

A few critical warnings happen before that:


GLib-GObject-WARNING **: invalid uninstantiatable type `<invalid>' in cast to `GAsyncResult'

Program received signal SIGTRAP, Trace/breakpoint trap.
0x00007ffff5b20751 in g_logv (log_domain=0x7ffff5c58fb0 "GLib-GObject", log_level=G_LOG_LEVEL_WARNING, 
    format=0x7ffff5c5a708 "invalid uninstantiatable type `%s' in cast to `%s'", args1=0x7fffffffd4d8) at gmessages.c:570
570			G_BREAKPOINT ();
(gdb) bt

+ Trace 228417

#0 g_logv
at gmessages.c line 570
#1 g_log
at gmessages.c line 591
#2 g_type_check_instance_cast
at gtype.c line 3997
#3 g_tls_connection_gnutls_handshake_ready
at gtlsconnection-gnutls.c line 968
#4 gnutls_source_dispatch
at gtlsconnection-gnutls.c line 670
#5 g_main_dispatch
at gmain.c line 2372
#6 g_main_context_dispatch
at gmain.c line 2910
#7 g_main_context_iterate
at gmain.c line 2984
#8 g_main_loop_run
at gmain.c line 3181
#9 gtk_main
at gtkmain.c line 1362
#10 gtk_application_run_mainloop
at gtkapplication.c line 112
#11 g_application_run
at gapplication.c line 1323
#12 main
at ../../src/ephy-main.c line 475
#0 g_logv
at gmessages.c line 570
#1 g_log
at gmessages.c line 591
#2 g_return_if_fail_warning
#3 g_async_result_get_source_object
at gasyncresult.c line 155
#4 g_tls_connection_gnutls_handshake_ready
at gtlsconnection-gnutls.c line 968
#5 gnutls_source_dispatch
at gtlsconnection-gnutls.c line 670
#6 g_main_dispatch
at gmain.c line 2372
#7 g_main_context_dispatch
at gmain.c line 2910
#8 g_main_context_iterate
at gmain.c line 2984
#9 g_main_loop_run
at gmain.c line 3181
#10 gtk_main
at gtkmain.c line 1362
#11 gtk_application_run_mainloop
at gtkapplication.c line 112
#12 g_application_run
at gapplication.c line 1323
#13 main
at ../../src/ephy-main.c line 475

Comment 2 Dan Winship 2011-09-12 00:46:11 UTC

is there some site that triggers this reliably?

Comment 3 Xan Lopez 2011-09-12 10:37:23 UTC

(In reply to comment #2)
> is there some site that triggers this reliably?

Not that I can find, no. This is the first (and only so far) time I get this crash, but it was also the first time in a while that I was running ephy under gdb with --g-fatal-warnings.

Comment 4 Dan Winship 2011-11-18 00:15:32 UTC

I'm going to close this since no one has seen it since... maybe memory corruption somewhere else that's since been fixed?

Comment 5 Xan Lopez 2011-12-23 20:03:08 UTC

Hrm, I'm seeing this again in ephy master a lot since the recent changes in libsoup about GSocket. Besides the original trace I also get:


Program received signal SIGSEGV, Segmentation fault.
0x00007ffff431a001 in check_socket (socket=0x0, error=0x0) at gsocket.c:274
274	  if (!socket->priv->inited)
(gdb) bt

+ Trace 229334

#0 check_socket
at gsocket.c line 274
#1 g_socket_condition_check
at gsocket.c line 2695
#2 soup_connection_get_state
at soup-connection.c line 889
#3 soup_session_cleanup_connections
at soup-session.c line 1742
#4 run_queue
at soup-session-async.c line 453
#5 idle_run_queue
at soup-session-async.c line 487
#6 g_idle_dispatch
at gmain.c line 4632
#7 g_main_dispatch
at gmain.c line 2513
#8 g_main_context_dispatch
at gmain.c line 3050
#9 g_main_context_iterate
at gmain.c line 3121
#10 g_main_context_iteration
at gmain.c line 3182
#11 g_application_run
at gapplication.c line 1599
#12 main
at ../../src/ephy-main.c line 472

Comment 6 Dan Winship 2012-01-04 16:04:20 UTC

(In reply to comment #5)
> Hrm, I'm seeing this again in ephy master a lot since the recent changes in
> libsoup about GSocket. Besides the original trace I also get:

The check_socket() crash is bug 667245. You're still getting the g_tls_connection_gnutls_handshake_ready() crash too?

Comment 7 Frederic Peters 2012-01-08 12:04:23 UTC

I just experienced it (submitting a form on a non-public website, I think it's using "pound" as a webserver).

+ Trace 229405

#0 handshake_internal
at gtlsconnection-gnutls.c line 820
#0 handshake_internal
at gtlsconnection-gnutls.c line 820
#1 g_tls_connection_gnutls_handshake_ready
at gtlsconnection-gnutls.c line 931
#2 gnutls_source_dispatch
at gtlsconnection-gnutls.c line 631
#3 g_main_dispatch
at gmain.c line 2513
#4 g_main_context_dispatch
at gmain.c line 3050
#5 g_main_context_iterate
at gmain.c line 3121
#6 g_main_context_iteration
at gmain.c line 3182
#7 g_application_run
at gapplication.c line 1599
#8 main
at ephy-main.c line 472

Comment 8 Priit Laes (IRC: plaes) 2012-01-18 13:11:38 UTC

(In reply to comment #6)
> (In reply to comment #5)
> > Hrm, I'm seeing this again in ephy master a lot since the recent changes in
> > libsoup about GSocket. Besides the original trace I also get:
> 
> The check_socket() crash is bug 667245. You're still getting the
> g_tls_connection_gnutls_handshake_ready() crash too?

Confirming: Gentoo ~x86, dev-libs/glib-2.31.10 and net-libs/gnutls-2.10.5)

Comment 9 Priit Laes (IRC: plaes) 2012-01-20 10:34:39 UTC

I can reproduce this issue quite easily on github.com by using the search functionality.

1. go to github.com
2. Log in
3. Make sure you are on your "Dashboard page"
4. Use search functionality
5. inspect the core dump :)

Comment 10 Dan Winship 2012-01-20 12:20:08 UTC

doesn't crash for me :-}

i'll whip up some debugging patches for people to try...

Comment 11 Xan Lopez 2012-01-25 23:39:11 UTC

(In reply to comment #10)
> doesn't crash for me :-}
> 
> i'll whip up some debugging patches for people to try...

Ping on those debug patches, or anything else we can do to help to track this down. It crashes so much it makes it a bit hard to actually hack on epiphany.

Comment 12 Dan Winship 2012-01-26 13:04:42 UTC

Created attachment 206182 [details] [review]
gnutls: fix an async handshake crash

g_tls_connection_gnutls_handshake_async() would cause a crash if the
handshake either succeeded or failed immediately (rather than getting
an EAGAIN after making partial progress).

====

OK, found a bug in the code. I still can't reproduce the bug, but
hopefully this will fix it?

Comment 13 Xan Lopez 2012-01-26 13:20:39 UTC

Excellent, running with it now, I'll tell you if I crash again.

Comment 14 Dan Winship 2012-01-26 14:39:38 UTC

Xan says this seems to be fixing the crash for him. Yay.

Attachment 206182 [details] pushed as 51938b5 - gnutls: fix an async handshake crash