Bug 1350820

Summary: [abrt] gvfs: atlv_parse_cls_tag(): gvfsd-dav killed by SIGSEGV
Product: [Fedora] Fedora Reporter: rh <r>
Component: gvfsAssignee: Ondrej Holy <oholy>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 24CC: alexl, bnocera, oholy
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/c3f7a08d335723c0ee79366063748f5779999700
Whiteboard: abrt_hash:4f60377d602e9166b1609585c1c13b3f93d63346;VARIANT_ID=workstation;
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-28 14:49:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: mountinfo
none
File: namespaces
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description rh 2016-06-28 13:12:35 UTC 
Version-Release number of selected component:
gvfs-1.28.2-1.fc24

Additional info:
reporter:       libreport-2.7.1
backtrace_rating: 4
cmdline:        /usr/libexec/gvfsd-dav --spawner :1.3 /org/gtk/gvfs/exec_spaw/7
crash_function: atlv_parse_cls_tag
executable:     /usr/libexec/gvfsd-dav
global_pid:     13778
kernel:         4.5.7-300.fc24.x86_64
pkg_fingerprint: 73BD E983 81B4 6521
pkg_vendor:     Fedora Project
reproducible:   Not sure how to reproduce the problem
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 atlv_parse_cls_tag at egg/egg-asn1x.c:718
 #1 atlv_parse_cls_tag_len at egg/egg-asn1x.c:833
 #2 atlv_parse_der at egg/egg-asn1x.c:946
 #3 egg_asn1x_decode_full at egg/egg-asn1x.c:1311
 #4 egg_asn1x_create_and_decode_full at egg/egg-asn1x.c:4492
 #5 egg_asn1x_create_and_decode at egg/egg-asn1x.c:4510
 #6 certificate_info_load at gcr/gcr-certificate.c:164
 #7 gcr_certificate_get_expiry_date at gcr/gcr-certificate.c:805
 #8 certificate_to_string at gvfsdaemonutils.c:291
 #9 gvfs_accept_certificate at gvfsdaemonutils.c:336
Comment 1 rh 2016-06-28 13:12:43 UTC 
Created attachment 1173424 [details]
File: backtrace
Comment 2 rh 2016-06-28 13:12:45 UTC 
Created attachment 1173425 [details]
File: cgroup
Comment 3 rh 2016-06-28 13:12:49 UTC 
Created attachment 1173426 [details]
File: core_backtrace
Comment 4 rh 2016-06-28 13:12:51 UTC 
Created attachment 1173427 [details]
File: dso_list
Comment 5 rh 2016-06-28 13:12:53 UTC 
Created attachment 1173428 [details]
File: environ
Comment 6 rh 2016-06-28 13:12:55 UTC 
Created attachment 1173429 [details]
File: exploitable
Comment 7 rh 2016-06-28 13:12:57 UTC 
Created attachment 1173430 [details]
File: limits
Comment 8 rh 2016-06-28 13:13:01 UTC 
Created attachment 1173431 [details]
File: maps
Comment 9 rh 2016-06-28 13:13:02 UTC 
Created attachment 1173432 [details]
File: mountinfo
Comment 10 rh 2016-06-28 13:13:04 UTC 
Created attachment 1173433 [details]
File: namespaces
Comment 11 rh 2016-06-28 13:13:07 UTC 
Created attachment 1173434 [details]
File: open_fds
Comment 12 rh 2016-06-28 13:13:09 UTC 
Created attachment 1173435 [details]
File: proc_pid_status
Comment 13 rh 2016-06-28 13:13:12 UTC 
Created attachment 1173436 [details]
File: var_log_messages
Comment 14 rh 2016-06-28 13:14:16 UTC 
I believe it happened when I connected with "davs://" to a HTTP (not HTTPS) mount.
Comment 15 Ondrej Holy 2016-06-28 14:49:15 UTC 
Thanks for your report.

You are right, I can reproduce it as per Comment 14. Same error may happen also for "ftps://". I've pushed fix upstream, which will be part of 1.28.3 release:
https://git.gnome.org/browse/gvfs/commit/?id=da6bf28